Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Habe auch den BKA Trojaner (https://www.trojaner-board.de/101789-habe-bka-trojaner.html)

Antoniaa 28.07.2011 09:40
Habe auch den BKA Trojaner
 
Hallo liebes Forum,
folgendes Problem, ich habe mir von einem Bekannten einen gebrauchten Laptop gekauft. Nach dem 3 Tag hat sich der BKA Trojaner auf mein Laptop geschlichen. Nix ging mehr. Ein Bekannter hat in im abgesicherten Modus wieder hochgefahren,ein paar Autostart einträge gelöscht,irgendwas in der Registry gelöscht, und danach konnte ich ihn wieder benutzen. Der Trojaner ist aber glaube ich noch drauf. So hab mich hier mal ein bissl schlau gemacht, und habe den Lappi erstmal mit "ESET Online Scanner" gescannt. Malwarebytes ist grad am durchlaufen. So hier mal die Logs von ESET

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=46b7f2b7fa3889488d26bbc603c1d28f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-27 05:22:45
# local_time=2011-07-27 07:22:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 212992 87296096 101893 0
# compatibility_mode=5892 16776573 100 100 71624 149313517 0 0
# compatibility_mode=8192 67108863 100 0 152 152 0 0
# scanned=147354
# found=3
# cleaned=0
# scan_time=6575
C:\Program Files\Paradise8\Loader.exe Win32/RubyRoyal application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kammerzofe\AppData\Local\Temp\jar_cache52817.tmp a variant of Win32/Injector.IEB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kammerzofe\AppData\Roaming\jashla.exe a variant of Win32/Injector.IEB trojan (unable to clean) 00000000000000000000000000000000 I


Ich hoff man kann mir helfen,liebes Team

Antoniaa 28.07.2011 10:28
So hier nun auch die Logdatei von Malwarebyte. ich hoff ich habe alles richtig gemacht.

Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7307

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

28.07.2011 11:23:30
mbam-log-malwarebyte

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 280850
Laufzeit: 1 Stunde(n), 28 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\kammerzofe\AppData\Local\Temp\jar_cache52817.tmp (Backdoor.Bot) -> No action taken.
c:\Users\kammerzofe\AppData\Roaming\jashla.exe (Backdoor.Bot) -> No action taken.

Antoniaa 28.07.2011 12:31
hier nun die logs von "OTL"OTL Logfile:
Code:
OTL logfile created on: 28.07.2011 12:00:27 - Run 1
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\Kammerzofe\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,49 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 57,11% Memory free
3,23 Gb Paging File | 2,40 Gb Available in Paging File | 74,32% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 32,51 Gb Total Space | 5,80 Gb Free Space | 17,84% Space Free | Partition Type: NTFS
Drive D: | 32,26 Gb Total Space | 17,06 Gb Free Space | 52,89% Space Free | Partition Type: NTFS
 
Computer Name: KAMMERZOFE-PC | User Name: Kammerzofe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.28 11:58:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Kammerzofe\Downloads\OTL.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010.05.07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.03.02 03:06:52 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\KAMMER~1\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008.01.19 00:38:34 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2007.04.23 09:51:42 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.03.21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.03.21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.28 11:58:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Kammerzofe\Downloads\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.06.23 10:45:58 | 000,604,488 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010.06.23 10:45:57 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.05.07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009.11.16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.03.21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () [On_Demand | Stopped] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.05.15 00:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C210(UVC)
DRV - [2010.05.15 00:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.05.15 00:02:14 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010.05.07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.12.18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.10.20 18:47:56 | 000,112,640 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.10.06 12:56:34 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009.10.06 12:56:32 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.10.06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.10.06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.10.06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.09.10 14:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007.08.10 09:11:34 | 000,014,336 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007.08.10 09:11:34 | 000,011,264 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2007.04.11 10:40:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2007.04.11 10:40:10 | 000,063,488 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2007.04.11 10:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2007.02.25 16:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.02.07 12:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007.01.30 22:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.12.05 14:26:00 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.08.29 16:56:20 | 000,032,377 | ---- | M] (B-phreaks) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\prodigy.sys -- (PRODIGY)
DRV - [2005.12.07 11:45:00 | 000,031,232 | ---- | M] (LITE-ON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbdtv.sys -- (usbdtv) LITE-ON DVB-T (PID=F001)
DRV - [2005.12.07 11:13:00 | 000,022,016 | ---- | M] (LITE-ON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dtvfw.sys -- (DTVFW)
DRV - [2005.06.13 11:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM)
DRV - [2004.07.14 13:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.7
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=1e6d885e000000000000000000000000&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1483: C:\Program Files\StormII\Codec\Plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: RealPlayer File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.28 09:37:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.26 11:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2010.12.08 21:41:13 | 000,000,000 | ---D | M]
 
[2008.10.14 21:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kammerzofe\AppData\Roaming\mozilla\Extensions
[2011.07.27 13:03:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kammerzofe\AppData\Roaming\mozilla\Firefox\Profiles\w7zgb186.default\extensions
[2010.12.11 14:21:26 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Kammerzofe\AppData\Roaming\mozilla\Firefox\Profiles\w7zgb186.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.12.09 12:58:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kammerzofe\AppData\Roaming\mozilla\Firefox\Profiles\w7zgb186.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.06 14:54:08 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Kammerzofe\AppData\Roaming\mozilla\Firefox\Profiles\w7zgb186.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.01.10 19:29:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Kammerzofe\AppData\Roaming\mozilla\Firefox\Profiles\w7zgb186.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.11.06 15:47:42 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kammerzofe\AppData\Roaming\mozilla\Firefox\Profiles\w7zgb186.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.08 21:42:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kammerzofe\AppData\Roaming\mozilla\Firefox\Profiles\w7zgb186.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.28 01:33:12 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Kammerzofe\AppData\Roaming\mozilla\Firefox\Profiles\w7zgb186.default\extensions\piclens@cooliris.com
[2009.02.28 17:39:17 | 000,001,632 | ---- | M] () -- C:\Users\Kammerzofe\AppData\Roaming\Mozilla\Firefox\Profiles\w7zgb186.default\searchplugins\live-search.xml
[2011.06.02 14:13:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.06.02 14:13:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.27 22:34:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.08.27 22:34:28 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.08.27 22:34:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.27 22:34:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.08.27 22:34:29 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.11.01 03:35:36 | 000,000,799 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 200.124.131.116 casinocontroller.com
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Kammerzofe\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kammerzofe\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kammerzofe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kammerzofe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{031649af-5ec4-11e0-a91e-001b38221bbf}\Shell - "" = AutoRun
O33 - MountPoints2\{031649af-5ec4-11e0-a91e-001b38221bbf}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{13238157-cec1-11df-81dc-001e101fef43}\Shell - "" = AutoRun
O33 - MountPoints2\{13238157-cec1-11df-81dc-001e101fef43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{13238162-cec1-11df-81dc-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{13238162-cec1-11df-81dc-001e101f50a4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1c004684-bcb3-11df-907f-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{1c004684-bcb3-11df-907f-001e101fabdd}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1ed2f39d-4b7e-11df-bc27-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{1ed2f39d-4b7e-11df-bc27-001e101f82a0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{36831a4f-4a9b-11df-bc36-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{36831a4f-4a9b-11df-bc36-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4f2c985b-49e1-11df-a9c4-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{4f2c985b-49e1-11df-a9c4-001e101f3315}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{694aa061-664f-11df-8a4b-001e101f21c1}\Shell\AutoRun\command - "" = H:\xjb3.exe
O33 - MountPoints2\{694aa061-664f-11df-8a4b-001e101f21c1}\Shell\open\Command - "" = H:\xjb3.exe
O33 - MountPoints2\{854ea5fb-487d-11df-a20e-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{854ea5fb-487d-11df-a20e-001e101f63cf}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{854ea61c-487d-11df-a20e-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{854ea61c-487d-11df-a20e-001e101f82a0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9dff6255-b364-11e0-8be1-001b38221bbf}\Shell - "" = AutoRun
O33 - MountPoints2\{9dff6255-b364-11e0-8be1-001b38221bbf}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9dff625b-b364-11e0-8be1-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{9dff625b-b364-11e0-8be1-001e101f8924}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b365215d-e5ec-11df-864f-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{b365215d-e5ec-11df-864f-001e101f2b52}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf7afef9-90a5-11df-864a-001b38221bbf}\Shell - "" = AutoRun
O33 - MountPoints2\{cf7afef9-90a5-11df-864a-001b38221bbf}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cf7aff06-90a5-11df-864a-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{cf7aff06-90a5-11df-864a-001e101f79c9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d45d8cf7-2ac6-11df-ae36-00197ec9d6b0}\Shell - "" = AutoRun
O33 - MountPoints2\{d45d8cf7-2ac6-11df-ae36-00197ec9d6b0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d45d8d47-2ac6-11df-ae36-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{d45d8d47-2ac6-11df-ae36-001e101f50a4}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d8dc9059-d46f-11df-bafd-00197ec9d6b0}\Shell - "" = AutoRun
O33 - MountPoints2\{d8dc9059-d46f-11df-bafd-00197ec9d6b0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d8dc906d-d46f-11df-bafd-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{d8dc906d-d46f-11df-bafd-001e101f21c1}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{dc1759bc-916e-11df-bf68-001e101f1f81}\Shell - "" = AutoRun
O33 - MountPoints2\{dc1759bc-916e-11df-bf68-001e101f1f81}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e1c9b3f9-01cb-11e0-85bb-00197ec9d6b0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk /p \??\F:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dllh_isv - (C:\Windows\system32\autovate.dll) -  File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C90C2798-5F91-4372-F2EA-F13CDCDF3A0E} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F66415F7-18CB-48CE-600D-0C39F846E69A} - Java (Sun)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.28 09:36:29 | 000,000,000 | ---D | C] -- C:\Users\Kammerzofe\AppData\Roaming\Malwarebytes
[2011.07.28 09:36:21 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.28 09:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.28 09:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.28 09:36:15 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.07.28 09:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.27 17:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.07.27 16:28:08 | 000,134,656 | ---- | C] (Galilean Cauchy Aesop Bellamy) -- C:\Users\Kammerzofe\AppData\Roaming\jashla.exe
[2011.07.27 10:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011.07.26 21:37:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011.07.26 21:37:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011.07.26 21:36:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011.07.21 13:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
[2011.07.21 13:38:57 | 000,112,640 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2011.07.21 13:38:57 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2011.07.21 13:38:57 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2011.07.21 13:38:57 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2011.07.09 18:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2011.07.09 18:49:15 | 000,000,000 | ---D | C] -- C:\Users\Kammerzofe\AppData\Local\PC_Drivers_Headquarters
[2011.07.09 18:49:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Easy Driver Pro
[2011.07.09 18:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Driver Pro
[2011.07.09 18:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Driver Pro
[2011.07.09 05:38:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.07.09 02:10:37 | 000,000,000 | ---D | C] -- C:\Users\Kammerzofe\Documents\My Scans
[2011.07.09 02:08:49 | 000,000,000 | ---D | C] -- C:\Users\Kammerzofe\AppData\Roaming\HP
[2011.07.09 01:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\zvprt50
[2011.07.09 01:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.07.09 01:52:58 | 000,188,416 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\hppafx07.dll
[2011.07.09 01:52:58 | 000,014,336 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\drivers\hpfxfax.sys
[2011.07.09 01:52:49 | 000,011,264 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\drivers\hpfxbulk.sys
[2011.07.09 01:52:48 | 000,188,416 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\hppcew07.dll
[2011.07.09 01:52:48 | 000,019,456 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\drivers\hpfxgen.sys
[2011.07.09 01:52:05 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011.07.08 15:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011.07.08 15:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011.07.08 15:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011.07.08 15:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011.07.08 14:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011.07.08 14:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.06.30 20:26:51 | 000,000,000 | ---D | C] -- C:\Users\Kammerzofe\Aushang Laden
[2007.07.14 18:06:01 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007.05.20 00:03:06 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.28 12:00:04 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2011.07.28 11:41:49 | 000,000,000 | ---- | M] () -- C:\Users\Kammerzofe\defogger_reenable
[2011.07.28 11:36:56 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.28 11:36:56 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.28 11:35:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.28 09:36:21 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.27 17:08:21 | 002,476,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.27 16:54:43 | 000,000,680 | ---- | M] () -- C:\Users\Kammerzofe\AppData\Local\d3d9caps.dat
[2011.07.27 16:28:08 | 000,134,656 | ---- | M] (Galilean Cauchy Aesop Bellamy) -- C:\Users\Kammerzofe\AppData\Roaming\jashla.exe
[2011.07.27 10:14:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.07.27 10:13:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.07.26 11:18:11 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.07.21 13:39:07 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.07.18 13:39:32 | 000,002,339 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.07.09 18:48:28 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\Easy Driver Pro.lnk
[2011.07.09 05:38:33 | 199,038,315 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.07.09 01:56:38 | 000,170,239 | ---- | M] () -- C:\Windows\hppins07.dat
[2011.07.09 01:56:12 | 000,000,608 | -HS- | M] () -- C:\Windows\System32\winzvprt5.sys
[2011.07.08 15:18:53 | 000,161,998 | ---- | M] () -- C:\Windows\hppins07.dat.temp
[2011.07.08 15:12:28 | 000,000,860 | ---- | M] () -- C:\Windows\hpntwksetup.ini
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2011.07.28 11:41:49 | 000,000,000 | ---- | C] () -- C:\Users\Kammerzofe\defogger_reenable
[2011.07.28 09:36:21 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.27 16:54:43 | 000,000,680 | ---- | C] () -- C:\Users\Kammerzofe\AppData\Local\d3d9caps.dat
[2011.07.27 10:14:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.07.27 10:13:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.07.26 11:18:11 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.07.26 11:18:11 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011.07.26 01:00:53 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011.07.26 01:00:50 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011.07.26 01:00:41 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011.07.26 01:00:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.07.26 01:00:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.07.26 01:00:36 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011.07.26 01:00:31 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011.07.26 01:00:16 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011.07.26 01:00:14 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011.07.26 00:58:45 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011.07.26 00:58:34 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011.07.21 13:39:07 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.07.09 18:48:28 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\Easy Driver Pro.lnk
[2011.07.09 01:56:12 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2011.07.09 01:52:55 | 000,000,685 | ---- | C] () -- C:\Windows\System32\hppapr07.dat
[2011.07.09 01:51:19 | 000,170,239 | ---- | C] () -- C:\Windows\hppins07.dat
[2011.07.08 16:13:05 | 000,161,998 | ---- | C] () -- C:\Windows\hppins07.dat.temp
[2011.07.08 16:13:05 | 000,000,838 | ---- | C] () -- C:\Windows\hppmdl07.dat.temp
[2011.07.08 14:56:36 | 000,000,860 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2010.11.21 14:09:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.11.05 20:34:55 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2010.11.05 20:34:54 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2010.08.09 22:43:33 | 000,000,054 | ---- | C] () -- C:\Windows\wininit.ini
[2010.05.21 23:01:58 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2010.05.14 23:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010.05.14 23:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010.05.14 23:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010.05.14 23:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.05.07 19:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010.05.07 19:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010.02.18 17:31:37 | 000,000,040 | ---- | C] () -- C:\Windows\ujf635.bin
[2010.02.03 17:19:48 | 000,000,023 | ---- | C] () -- C:\Windows\sign.ini
[2010.01.10 19:01:35 | 000,002,464 | ---- | C] () -- C:\Windows\netdet.ini
[2010.01.10 18:55:22 | 000,000,032 | ---- | C] () -- C:\Windows\DVD_Start.INI
[2009.12.23 13:26:24 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.10.31 12:32:39 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2009.10.31 12:30:45 | 000,000,248 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2009.10.31 12:30:44 | 000,000,305 | ---- | C] () -- C:\Windows\System32\secushr.dat
[2009.10.31 12:14:03 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.09.12 04:05:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.01 09:09:11 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.06.23 15:53:13 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.01.16 04:00:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.12.05 16:46:44 | 000,000,887 | ---- | C] () -- C:\Windows\uninst.ini
[2008.06.20 11:54:36 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2008.06.20 11:54:36 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008.06.19 02:03:30 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.06.18 13:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008.04.22 15:53:44 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.03.20 00:07:06 | 000,000,000 | ---- | C] () -- C:\Users\Kammerzofe\AppData\Roaming\wklnhst.dat
[2008.03.03 20:29:25 | 000,000,039 | ---- | C] () -- C:\Windows\MB.ini
[2008.03.02 17:59:50 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008.03.02 17:59:50 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.03.02 17:59:08 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2008.02.11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.02.01 22:41:51 | 000,024,227 | ---- | C] () -- C:\Users\Kammerzofe\AppData\Roaming\UserTile.png
[2007.08.10 09:11:50 | 000,000,838 | ---- | C] () -- C:\Windows\hppmdl07.dat
[2007.07.15 03:08:46 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007.07.15 03:08:37 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007.07.14 18:06:01 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007.05.20 02:52:39 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.05.20 00:03:07 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.05.19 15:34:47 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007.05.19 15:34:47 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007.05.19 15:28:31 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2007.04.24 21:31:12 | 000,010,240 | ---- | C] () -- C:\Windows\System32\ucinst32.dll
[2006.11.02 17:33:31 | 000,695,722 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,143,930 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 002,476,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,544 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:33:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[2001.07.07 04:00:00 | 000,003,254 | ---- | C] () -- C:\Windows\System32\HPTCPMON.INI
 
========== LOP Check ==========
 
[2009.10.31 12:34:06 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\BITS
[2010.12.27 23:02:38 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\DVDVideoSoft
[2010.11.06 15:47:41 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.13 21:40:34 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\elsterformular
[2011.03.28 21:49:14 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\FreeFLVConverter
[2009.01.16 22:25:34 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\gtk-2.0
[2008.03.13 13:57:12 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\Leadertech
[2009.10.31 12:32:10 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\MxBoost
[2009.06.30 00:46:16 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\Nseries
[2010.11.01 21:38:12 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\Scan2PDF
[2008.03.02 01:02:39 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\TuneUp Software
[2010.09.22 13:51:58 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\VTExtra
[2011.07.28 12:00:04 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.07.28 11:33:05 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2008.10.16 21:32:24 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2008.06.19 03:59:26 | 000,000,000 | ---D | M] -- C:\Acer
[2009.07.06 19:28:40 | 000,000,000 | R-SD | M] -- C:\assembly
[2007.05.19 15:16:04 | 000,000,000 | ---D | M] -- C:\Book
[2011.07.26 21:47:16 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.07.26 21:43:01 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.03.02 03:01:21 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2007.07.15 03:08:39 | 000,000,000 | ---D | M] -- C:\DRV
[2010.12.08 23:25:29 | 000,000,000 | ---D | M] -- C:\inetpub
[2007.05.19 15:22:27 | 000,000,000 | ---D | M] -- C:\Intel
[2010.09.17 21:56:17 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.07.28 09:36:15 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.07.28 09:36:19 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.03.02 03:01:22 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.06.05 19:22:54 | 000,000,000 | ---D | M] -- C:\Programs
[2010.02.21 18:04:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.12.28 00:26:54 | 000,000,000 | R--D | M] -- C:\Users
[2011.07.27 16:31:30 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.03.02 13:30:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.03.02 13:30:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 00:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.19 00:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.19 00:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-27 08:08:49
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 72 bytes -> C:\Windows:9BE5E7E968552934

< End of report >
--- --- ---

Antoniaa 28.07.2011 12:33
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 28.07.2011 12:00:27 - Run 1
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\Kammerzofe\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,49 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 57,11% Memory free
3,23 Gb Paging File | 2,40 Gb Available in Paging File | 74,32% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 32,51 Gb Total Space | 5,80 Gb Free Space | 17,84% Space Free | Partition Type: NTFS
Drive D: | 32,26 Gb Total Space | 17,06 Gb Free Space | 52,89% Space Free | Partition Type: NTFS
 
Computer Name: KAMMERZOFE-PC | User Name: Kammerzofe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3047791-560114429-293112349-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"$INSTDIR\FlvDetector.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E7F6BD83-2DCD-4E65-9BB7-5DAD8FA7B4AF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F41EB903-5DC5-4002-87CF-465E6BBFB392}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16CEBE1B-2B09-464A-8B23-60E7C6182B29}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{25AD7D82-0B6A-46B5-BDF8-0352CC888B3A}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{65F84B02-039F-4BBF-B7D6-410731CA4C12}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{B352EBAE-0C74-4634-B77A-24F3E1D7407D}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{D724BA40-D83D-4B8C-A997-BC4240CB719F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{09C9CAB4-A245-4F93-AB61-8CA89B920DA8}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"TCP Query User{3E349BD8-56EC-4CA6-B696-0CDB1BB93F28}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"TCP Query User{420226E3-0219-42EE-B05F-B9276557FF0C}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{089B86E5-21BB-4D4A-954F-47CC328FB061}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"UDP Query User{8A37B3A4-F2F1-47D6-9908-541FE353A99E}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CDA14BF-6D0A-44E2-A970-ED43CDDCC495}" = hppLJM2727
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{33EFDAD7-1686-465A-AE0A-26F22E380315}" = Product_Min_QFolder
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4CD3D573-2176-44AA-B85C-6E2FFD3F8015}" = hppFaxUtility
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5672A10E-1B21-4C2F-85D3-3542D0BC8246}" = hppscanM2727
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57C0B860-F0D4-4F87-9855-361183AE1F6F}" = hppSendFax
"{5D5D5856-A0DB-4C62-89C4-D3270A38A701}" = hppFaxDrvM2727
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.0
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DC5A033-23DA-4083-B9E2-ED0EC78E2ED9}" = hppManualsM2727
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A964774D-6D5A-4925-AA9A-A45329C90EEA}" = hpzTLBXFX
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B00690AD-B4F5-4730-9110-5C495B89E647}" = Scan
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BF107E4C-C9AC-4B89-847D-900597E0B0B4}" = hppScanTo
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4C5CF89-51BC-4B2B-9057-EA2D24B56148}" = hppIOFiles
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{E51BD3A9-BEF0-40DA-8718-C37AF53EF877}" = hppTLBXFXM2727
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced PDF-to-Word 1.0 Demo" = Advanced PDF-to-Word 1.0 Demo
"Argente - Registry Cleaner_is1" = Argente - Registry Cleaner 1.5.5.2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular für Unternehmer 12.1.1.6214u" = ElsterFormular für Unternehmer
"ESET Online Scanner" = ESET Online Scanner v3
"Free Studio_is1" = Free Studio version 4.9.13
"Freemake Video Converter_is1" = Freemake Video Converter Version 2.1.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP LaserJet M2727" = HP LaserJet M2727 MFP Series 1.0
"JDownloader" = JDownloader
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Mozilla Firefox 4.0b6 (x86 de)" = Mozilla Firefox 4.0b6 (x86 de)
"Scan2PDF_is1" = Scan2PDF 1.6
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.01.2010 21:12:14 | Computer Name = Kammerzofe-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PCSuite.exe, Version 7.1.55.0, Zeitstempel 0x4afa7c7d,
 fehlerhaftes Modul ole32.dll, Version 6.0.6001.22247, Zeitstempel 0x48ab8fcc, Ausnahmecode
 0xc0000005, Fehleroffset 0x00038962,  Prozess-ID 0x142c, Anwendungsstartzeit 01caa1f76d2ba3dd.
 
Error - 30.01.2010 22:16:41 | Computer Name = Kammerzofe-PC | Source = Application Hang | ID = 1002
Description = Programm NokiaOviSuite.exe, Version 2.0.2.42 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 474  Anfangszeit: 01caa21acce5f686  Zeitpunkt
 der Beendigung: 47
 
Error - 30.01.2010 22:54:03 | Computer Name = Kammerzofe-PC | Source = LoadPerf | ID = 3002
Description =
 
Error - 30.01.2010 22:56:14 | Computer Name = Kammerzofe-PC | Source = LoadPerf | ID = 3002
Description =
 
Error - 30.01.2010 22:56:36 | Computer Name = Kammerzofe-PC | Source = LoadPerf | ID = 3012
Description =
 
Error - 30.01.2010 22:56:36 | Computer Name = Kammerzofe-PC | Source = LoadPerf | ID = 3012
Description =
 
Error - 30.01.2010 22:56:36 | Computer Name = Kammerzofe-PC | Source = LoadPerf | ID = 3011
Description =
 
Error - 30.01.2010 22:57:32 | Computer Name = Kammerzofe-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =
 
Error - 30.01.2010 22:57:51 | Computer Name = Kammerzofe-PC | Source = LoadPerf | ID = 3002
Description =
 
Error - 30.01.2010 23:14:34 | Computer Name = Kammerzofe-PC | Source = LoadPerf | ID = 3002
Description =
 
[ Media Center Events ]
Error - 08.03.2008 10:05:33 | Computer Name = Kammerzofe-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 21.06.2008 06:00:36 | Computer Name = Kammerzofe-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 27.09.2010 03:54:45 | Computer Name = Kammerzofe-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 27.07.2011 11:07:53 | Computer Name = Kammerzofe-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 27.07.2011 11:07:53 | Computer Name = Kammerzofe-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 27.07.2011 11:13:40 | Computer Name = Kammerzofe-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 28.07.2011 03:31:55 | Computer Name = Kammerzofe-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 28.07.2011 um 03:04:14 unerwartet heruntergefahren.
 
Error - 28.07.2011 03:32:02 | Computer Name = KAMMERZOFE-PC | Source = APPHOSTSVC | ID = 9010
Description =
 
Error - 28.07.2011 03:32:10 | Computer Name = KAMMERZOFE-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 28.07.2011 03:32:10 | Computer Name = KAMMERZOFE-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 28.07.2011 05:35:41 | Computer Name = Kammerzofe-PC | Source = APPHOSTSVC | ID = 9010
Description =
 
Error - 28.07.2011 05:35:51 | Computer Name = Kammerzofe-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 28.07.2011 05:35:51 | Computer Name = Kammerzofe-PC | Source = Service Control Manager | ID = 7000
Description =
 
[ TuneUp Events ]
Error - 26.08.2010 19:07:36 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-27 01:07:36', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','588',0)
 
Error - 26.08.2010 19:23:24 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-27 01:23:24', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbamgui.exe','2524',0)
 
Error - 26.08.2010 19:23:34 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-27 01:23:34', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','2808',0)
 
Error - 26.08.2010 19:24:34 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-27 01:24:34', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','3764',0)
 
Error - 26.08.2010 19:25:29 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-27 01:25:29', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','2544',0)
 
Error - 26.08.2010 19:43:11 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-27 01:43:11', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','3428',0)
 
Error - 28.08.2010 04:21:45 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-28 10:21:45', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','2728',0)
 
Error - 28.08.2010 10:45:15 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-28 16:45:15', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','2772',0)
 
Error - 11.09.2010 07:38:44 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-11 13:38:44', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','1260',0)
 
Error - 12.09.2010 04:32:23 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-12 10:32:22', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\unins000.exe','1140',0)
 
 
< End of report >
--- --- ---

Antoniaa 28.07.2011 12:34
so und von "gmer"
GMER Logfile:
Code:
GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-28 13:20:52
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL25
Running: wdjcb25o.exe; Driver: C:\Users\KAMMER~1\AppData\Local\Temp\kwldiaod.sys


---- System - GMER 1.0.15 ----

SSDT                                                                                                                                  8CC3031C                                  ZwCreateThread
SSDT                                                                                                                                  8CC30308                                  ZwOpenProcess
SSDT                                                                                                                                  8CC3030D                                  ZwOpenThread
SSDT                                                                                                                                  8CC30317                                  ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text                                                                                                                                ntkrnlpa.exe!KeSetEvent + 221            824E29A4 4 Bytes  [1C, 03, C3, 8C]
.text                                                                                                                                ntkrnlpa.exe!KeSetEvent + 3F1            824E2B74 4 Bytes  [08, 03, C3, 8C]
.text                                                                                                                                ntkrnlpa.exe!KeSetEvent + 40D            824E2B90 4 Bytes  [0D, 03, C3, 8C]
.text                                                                                                                                ntkrnlpa.exe!KeSetEvent + 621            824E2DA4 4 Bytes  [17, 03, C3, 8C]
.text                                                                                                                                C:\Windows\system32\drivers\hardlock.sys  section is writeable [0x9DA08400, 0x82482, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9DAA8420]  C:\Windows\system32\drivers\hardlock.sys  entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9DAA8420]
.protectÿÿÿÿhardlockunknown last code section [0x9DAA8200, 0x5105, 0xE0000020]                                                        C:\Windows\system32\drivers\hardlock.sys  unknown last code section [0x9DAA8200, 0x5105, 0xE0000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice                                                                                                                        \FileSystem\fastfat \Fat                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice                                                                                                                        \FileSystem\fastfat \Fat                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---

cosinus 28.07.2011 14:04
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.


Zitat:
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Antoniaa 28.07.2011 14:14
Hi Cosinus,
erstmal danke für deine Hilfe.
Bei malwarebytes gibt es noch eine "Protection Log", meinst du diese Datei mit "weiteren Logs"?
Nein ich habe die Funde noch nicht gelöscht,wollte erstmal deine Antwort abwarten.
Das heißt, ich muss Malwarebytes nochmal durchlaufen lassen,und dann die Funde entfernen,oder? Genügt dann auch ein "Quickscan" oder muss ich den "vollständigen scan" durchlaufen lassen.

Sorry für meine Unwissendheit,aber ich hab echt kein Plan von der Materie.

Antoniaa 28.07.2011 14:18
Ok hab die Funde jetzt gelöscht.

Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7307

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

28.07.2011 15:16:32
mbam-log-2011-07-28 (15-16-32).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 140743
Laufzeit: 7 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\kammerzofe\AppData\Roaming\jashla.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\kammerzofe\AppData\Local\Temp\jar_cache52817.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.

cosinus 28.07.2011 14:44
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL

O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{031649af-5ec4-11e0-a91e-001b38221bbf}\Shell - "" = AutoRun
O33 - MountPoints2\{031649af-5ec4-11e0-a91e-001b38221bbf}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{13238157-cec1-11df-81dc-001e101fef43}\Shell - "" = AutoRun
O33 - MountPoints2\{13238157-cec1-11df-81dc-001e101fef43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{13238162-cec1-11df-81dc-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{13238162-cec1-11df-81dc-001e101f50a4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1c004684-bcb3-11df-907f-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{1c004684-bcb3-11df-907f-001e101fabdd}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1ed2f39d-4b7e-11df-bc27-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{1ed2f39d-4b7e-11df-bc27-001e101f82a0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{36831a4f-4a9b-11df-bc36-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{36831a4f-4a9b-11df-bc36-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4f2c985b-49e1-11df-a9c4-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{4f2c985b-49e1-11df-a9c4-001e101f3315}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{694aa061-664f-11df-8a4b-001e101f21c1}\Shell\AutoRun\command - "" = H:\xjb3.exe
O33 - MountPoints2\{694aa061-664f-11df-8a4b-001e101f21c1}\Shell\open\Command - "" = H:\xjb3.exe
O33 - MountPoints2\{854ea5fb-487d-11df-a20e-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{854ea5fb-487d-11df-a20e-001e101f63cf}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{854ea61c-487d-11df-a20e-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{854ea61c-487d-11df-a20e-001e101f82a0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9dff6255-b364-11e0-8be1-001b38221bbf}\Shell - "" = AutoRun
O33 - MountPoints2\{9dff6255-b364-11e0-8be1-001b38221bbf}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9dff625b-b364-11e0-8be1-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{9dff625b-b364-11e0-8be1-001e101f8924}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b365215d-e5ec-11df-864f-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{b365215d-e5ec-11df-864f-001e101f2b52}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf7afef9-90a5-11df-864a-001b38221bbf}\Shell - "" = AutoRun
O33 - MountPoints2\{cf7afef9-90a5-11df-864a-001b38221bbf}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cf7aff06-90a5-11df-864a-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{cf7aff06-90a5-11df-864a-001e101f79c9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d45d8cf7-2ac6-11df-ae36-00197ec9d6b0}\Shell - "" = AutoRun
O33 - MountPoints2\{d45d8cf7-2ac6-11df-ae36-00197ec9d6b0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d45d8d47-2ac6-11df-ae36-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{d45d8d47-2ac6-11df-ae36-001e101f50a4}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d8dc9059-d46f-11df-bafd-00197ec9d6b0}\Shell - "" = AutoRun
O33 - MountPoints2\{d8dc9059-d46f-11df-bafd-00197ec9d6b0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d8dc906d-d46f-11df-bafd-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{d8dc906d-d46f-11df-bafd-001e101f21c1}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{dc1759bc-916e-11df-bf68-001e101f1f81}\Shell - "" = AutoRun
O33 - MountPoints2\{dc1759bc-916e-11df-bf68-001e101f1f81}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e1c9b3f9-01cb-11e0-85bb-00197ec9d6b0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
@Alternate Data Stream - 72 bytes -> C:\Windows:9BE5E7E968552934
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Antoniaa 28.07.2011 15:01
So hab ich gemacht.

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{031649af-5ec4-11e0-a91e-001b38221bbf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{031649af-5ec4-11e0-a91e-001b38221bbf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{031649af-5ec4-11e0-a91e-001b38221bbf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{031649af-5ec4-11e0-a91e-001b38221bbf}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13238157-cec1-11df-81dc-001e101fef43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13238157-cec1-11df-81dc-001e101fef43}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13238157-cec1-11df-81dc-001e101fef43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13238157-cec1-11df-81dc-001e101fef43}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13238162-cec1-11df-81dc-001e101f50a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13238162-cec1-11df-81dc-001e101f50a4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13238162-cec1-11df-81dc-001e101f50a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13238162-cec1-11df-81dc-001e101f50a4}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c004684-bcb3-11df-907f-001e101fabdd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c004684-bcb3-11df-907f-001e101fabdd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c004684-bcb3-11df-907f-001e101fabdd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c004684-bcb3-11df-907f-001e101fabdd}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ed2f39d-4b7e-11df-bc27-001e101f82a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ed2f39d-4b7e-11df-bc27-001e101f82a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ed2f39d-4b7e-11df-bc27-001e101f82a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ed2f39d-4b7e-11df-bc27-001e101f82a0}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36831a4f-4a9b-11df-bc36-001e101fb4df}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36831a4f-4a9b-11df-bc36-001e101fb4df}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36831a4f-4a9b-11df-bc36-001e101fb4df}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36831a4f-4a9b-11df-bc36-001e101fb4df}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f2c985b-49e1-11df-a9c4-001e101f3315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f2c985b-49e1-11df-a9c4-001e101f3315}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f2c985b-49e1-11df-a9c4-001e101f3315}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f2c985b-49e1-11df-a9c4-001e101f3315}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{694aa061-664f-11df-8a4b-001e101f21c1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{694aa061-664f-11df-8a4b-001e101f21c1}\ not found.
File H:\xjb3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{694aa061-664f-11df-8a4b-001e101f21c1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{694aa061-664f-11df-8a4b-001e101f21c1}\ not found.
File H:\xjb3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{854ea5fb-487d-11df-a20e-001e101f63cf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{854ea5fb-487d-11df-a20e-001e101f63cf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{854ea5fb-487d-11df-a20e-001e101f63cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{854ea5fb-487d-11df-a20e-001e101f63cf}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{854ea61c-487d-11df-a20e-001e101f82a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{854ea61c-487d-11df-a20e-001e101f82a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{854ea61c-487d-11df-a20e-001e101f82a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{854ea61c-487d-11df-a20e-001e101f82a0}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dff6255-b364-11e0-8be1-001b38221bbf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9dff6255-b364-11e0-8be1-001b38221bbf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dff6255-b364-11e0-8be1-001b38221bbf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9dff6255-b364-11e0-8be1-001b38221bbf}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dff625b-b364-11e0-8be1-001e101f8924}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9dff625b-b364-11e0-8be1-001e101f8924}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dff625b-b364-11e0-8be1-001e101f8924}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9dff625b-b364-11e0-8be1-001e101f8924}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b365215d-e5ec-11df-864f-001e101f2b52}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b365215d-e5ec-11df-864f-001e101f2b52}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b365215d-e5ec-11df-864f-001e101f2b52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b365215d-e5ec-11df-864f-001e101f2b52}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf7afef9-90a5-11df-864a-001b38221bbf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf7afef9-90a5-11df-864a-001b38221bbf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf7afef9-90a5-11df-864a-001b38221bbf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf7afef9-90a5-11df-864a-001b38221bbf}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf7aff06-90a5-11df-864a-001e101f79c9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf7aff06-90a5-11df-864a-001e101f79c9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf7aff06-90a5-11df-864a-001e101f79c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf7aff06-90a5-11df-864a-001e101f79c9}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d45d8cf7-2ac6-11df-ae36-00197ec9d6b0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d45d8cf7-2ac6-11df-ae36-00197ec9d6b0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d45d8cf7-2ac6-11df-ae36-00197ec9d6b0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d45d8cf7-2ac6-11df-ae36-00197ec9d6b0}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d45d8d47-2ac6-11df-ae36-001e101f50a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d45d8d47-2ac6-11df-ae36-001e101f50a4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d45d8d47-2ac6-11df-ae36-001e101f50a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d45d8d47-2ac6-11df-ae36-001e101f50a4}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8dc9059-d46f-11df-bafd-00197ec9d6b0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8dc9059-d46f-11df-bafd-00197ec9d6b0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8dc9059-d46f-11df-bafd-00197ec9d6b0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8dc9059-d46f-11df-bafd-00197ec9d6b0}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8dc906d-d46f-11df-bafd-001e101f21c1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8dc906d-d46f-11df-bafd-001e101f21c1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8dc906d-d46f-11df-bafd-001e101f21c1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8dc906d-d46f-11df-bafd-001e101f21c1}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc1759bc-916e-11df-bf68-001e101f1f81}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc1759bc-916e-11df-bf68-001e101f1f81}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc1759bc-916e-11df-bf68-001e101f1f81}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc1759bc-916e-11df-bf68-001e101f1f81}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1c9b3f9-01cb-11e0-85bb-00197ec9d6b0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1c9b3f9-01cb-11e0-85bb-00197ec9d6b0}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
ADS C:\Windows:9BE5E7E968552934 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07282011_155307

cosinus 28.07.2011 15:18
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Antoniaa 28.07.2011 15:36
Ok hab ich so gemacht wie beschrieben.

Hier der report:

2011/07/28 16:32:15.0635 3456 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/28 16:32:17.0218 3456 ================================================================================
2011/07/28 16:32:17.0218 3456 SystemInfo:
2011/07/28 16:32:17.0218 3456
2011/07/28 16:32:17.0218 3456 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/28 16:32:17.0218 3456 Product type: Workstation
2011/07/28 16:32:17.0219 3456 ComputerName: *********-PC
2011/07/28 16:32:17.0219 3456 UserName: **********
2011/07/28 16:32:17.0219 3456 Windows directory: C:\Windows
2011/07/28 16:32:17.0219 3456 System windows directory: C:\Windows
2011/07/28 16:32:17.0219 3456 Processor architecture: Intel x86
2011/07/28 16:32:17.0219 3456 Number of processors: 1
2011/07/28 16:32:17.0219 3456 Page size: 0x1000
2011/07/28 16:32:17.0219 3456 Boot type: Normal boot
2011/07/28 16:32:17.0219 3456 ================================================================================
2011/07/28 16:32:18.0468 3456 Initialize success
2011/07/28 16:32:40.0096 1820 ================================================================================
2011/07/28 16:32:40.0096 1820 Scan started
2011/07/28 16:32:40.0096 1820 Mode: Manual;
2011/07/28 16:32:40.0096 1820 ================================================================================
2011/07/28 16:32:41.0913 1820 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/28 16:32:42.0572 1820 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/07/28 16:32:42.0999 1820 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/07/28 16:32:43.0467 1820 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/07/28 16:32:43.0684 1820 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/07/28 16:32:44.0004 1820 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/28 16:32:44.0460 1820 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/07/28 16:32:44.0681 1820 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/28 16:32:44.0844 1820 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/07/28 16:32:45.0139 1820 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/07/28 16:32:45.0590 1820 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/07/28 16:32:46.0003 1820 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/07/28 16:32:46.0334 1820 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/07/28 16:32:46.0719 1820 ApfiltrService (18bff317bdb10c64a35e1ca85f1ec051) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/28 16:32:47.0178 1820 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/07/28 16:32:47.0453 1820 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/07/28 16:32:47.0996 1820 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/28 16:32:48.0300 1820 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/28 16:32:48.0607 1820 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/07/28 16:32:48.0976 1820 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/28 16:32:49.0419 1820 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/28 16:32:49.0747 1820 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/28 16:32:50.0174 1820 BCM43XX (1c29299baf836f213ae5ee6eb9014a9a) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/07/28 16:32:50.0460 1820 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/28 16:32:50.0918 1820 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/28 16:32:51.0231 1820 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/28 16:32:51.0672 1820 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/28 16:32:51.0990 1820 Bridge (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
2011/07/28 16:32:52.0011 1820 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
2011/07/28 16:32:52.0442 1820 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/28 16:32:52.0906 1820 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/28 16:32:53.0227 1820 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/28 16:32:53.0541 1820 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/28 16:32:53.0887 1820 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/28 16:32:54.0435 1820 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/28 16:32:54.0803 1820 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/28 16:32:55.0156 1820 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/07/28 16:32:55.0474 1820 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/28 16:32:55.0971 1820 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/28 16:32:56.0418 1820 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/07/28 16:32:56.0953 1820 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/28 16:32:57.0154 1820 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2011/07/28 16:32:57.0504 1820 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/28 16:32:57.0969 1820 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/07/28 16:32:58.0201 1820 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/28 16:32:58.0400 1820 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/28 16:32:59.0022 1820 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/07/28 16:32:59.0331 1820 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/07/28 16:32:59.0939 1820 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/28 16:33:00.0680 1820 DTVFW (2b76bb072234efcc4c495a05e384af49) C:\Windows\system32\DRIVERS\dtvfw.sys
2011/07/28 16:33:01.0148 1820 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/28 16:33:01.0618 1820 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/28 16:33:02.0022 1820 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/28 16:33:02.0539 1820 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/07/28 16:33:02.0757 1820 EMSCR (fc37a2212b56663bbabef748266a58c7) C:\Windows\system32\DRIVERS\EMS7SK.sys
2011/07/28 16:33:02.0815 1820 ESDCR (a498240d0e1f0b27702e3df77b0c6e56) C:\Windows\system32\DRIVERS\ESD7SK.sys
2011/07/28 16:33:03.0059 1820 ESMCR (ce6e1032802ee415955721a208a86718) C:\Windows\system32\DRIVERS\ESM7SK.sys
2011/07/28 16:33:03.0502 1820 ewusbnet (1fc8c55255d197aa3a423624786d090c) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/07/28 16:33:03.0719 1820 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/28 16:33:04.0117 1820 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/28 16:33:04.0484 1820 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/28 16:33:04.0849 1820 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/28 16:33:05.0138 1820 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/28 16:33:05.0368 1820 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/28 16:33:05.0469 1820 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/28 16:33:05.0725 1820 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/28 16:33:05.0983 1820 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/28 16:33:06.0281 1820 Hardlock (ed32d389f8b0e74e400932e020bcfbdf) C:\Windows\system32\drivers\hardlock.sys
2011/07/28 16:33:06.0739 1820 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/07/28 16:33:07.0056 1820 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/28 16:33:07.0485 1820 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/28 16:33:08.0201 1820 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/28 16:33:08.0623 1820 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/28 16:33:08.0955 1820 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/07/28 16:33:09.0225 1820 HPFXBULK (d63b7f6b2b992c0b566f44efde620b5d) C:\Windows\system32\drivers\hpfxbulk.sys
2011/07/28 16:33:09.0442 1820 HPFXFAX (2bdff04d7d9a3cf07d9417cd366756e1) C:\Windows\system32\drivers\hpfxfax.sys
2011/07/28 16:33:10.0102 1820 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/07/28 16:33:10.0332 1820 HSF_DPV (347385d69c15e3d045aa1cb46e4cb86d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/07/28 16:33:10.0535 1820 HSXHWAZL (919337d853703267da203e79a0ac1f2b) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/07/28 16:33:10.0810 1820 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/28 16:33:13.0264 1820 hwdatacard (0515065a3c7e8869dd01253e987c5bd1) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/07/28 16:33:13.0409 1820 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys
2011/07/28 16:33:14.0228 1820 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/07/28 16:33:14.0351 1820 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/28 16:33:15.0329 1820 ialm (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/28 16:33:17.0306 1820 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/28 16:33:17.0623 1820 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/07/28 16:33:18.0729 1820 igfx (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/28 16:33:18.0939 1820 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/28 16:33:19.0061 1820 IntcAzAudAddService (389f5d4859f4300d52ead838f1a17131) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/28 16:33:19.0251 1820 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/28 16:33:19.0291 1820 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/28 16:33:19.0350 1820 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/28 16:33:20.0000 1820 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/28 16:33:20.0441 1820 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/28 16:33:20.0777 1820 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/28 16:33:21.0093 1820 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/07/28 16:33:21.0428 1820 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/28 16:33:21.0691 1820 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/28 16:33:21.0937 1820 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/28 16:33:22.0306 1820 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/28 16:33:22.0988 1820 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/07/28 16:33:23.0374 1820 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/28 16:33:23.0703 1820 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/28 16:33:23.0923 1820 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/28 16:33:24.0299 1820 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/28 16:33:24.0703 1820 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/28 16:33:25.0013 1820 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/28 16:33:25.0260 1820 lvpopflt (af280405c10f0d20f37670b7432e5c2f) C:\Windows\system32\DRIVERS\lvpopflt.sys
2011/07/28 16:33:25.0411 1820 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/07/28 16:33:25.0691 1820 LVRS (e52f5a2cadcf08d07f559962f807a0a2) C:\Windows\system32\DRIVERS\lvrs.sys
2011/07/28 16:33:27.0749 1820 LVUVC (c3d02260beb2b48dea1efdfca91e4b69) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/07/28 16:33:28.0515 1820 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/07/28 16:33:29.0012 1820 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/07/28 16:33:29.0249 1820 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/07/28 16:33:29.0394 1820 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/07/28 16:33:29.0623 1820 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/28 16:33:30.0302 1820 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/28 16:33:30.0650 1820 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/28 16:33:30.0959 1820 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/28 16:33:31.0114 1820 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/28 16:33:31.0269 1820 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/07/28 16:33:31.0652 1820 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/28 16:33:32.0002 1820 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/28 16:33:32.0245 1820 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/28 16:33:32.0433 1820 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/28 16:33:32.0552 1820 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/28 16:33:32.0820 1820 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/28 16:33:32.0920 1820 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/07/28 16:33:33.0189 1820 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/07/28 16:33:33.0430 1820 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/28 16:33:33.0696 1820 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/28 16:33:34.0070 1820 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/28 16:33:34.0554 1820 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/28 16:33:34.0835 1820 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/28 16:33:34.0961 1820 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/28 16:33:35.0641 1820 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/28 16:33:35.0796 1820 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/28 16:33:35.0918 1820 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/28 16:33:36.0285 1820 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/28 16:33:36.0696 1820 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/28 16:33:37.0005 1820 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/28 16:33:37.0191 1820 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/28 16:33:37.0307 1820 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/28 16:33:37.0777 1820 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/28 16:33:38.0142 1820 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/28 16:33:38.0527 1820 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/28 16:33:39.0035 1820 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/07/28 16:33:39.0964 1820 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/07/28 16:33:40.0360 1820 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/28 16:33:40.0768 1820 nmwcd (357ddb51e03cae598c096d95497373d0) C:\Windows\system32\drivers\ccdcmb.sys
2011/07/28 16:33:41.0034 1820 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\Windows\system32\drivers\ccdcmbo.sys
2011/07/28 16:33:41.0581 1820 nmwcdnsu (02120406f27f5895dfce4c640e6ee237) C:\Windows\system32\drivers\nmwcdnsu.sys
2011/07/28 16:33:41.0899 1820 nmwcdnsuc (9c5de8b7cf5680307bbdf512c9258ecc) C:\Windows\system32\drivers\nmwcdnsuc.sys
2011/07/28 16:33:42.0111 1820 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/28 16:33:42.0505 1820 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/28 16:33:43.0191 1820 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/28 16:33:43.0608 1820 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/07/28 16:33:44.0024 1820 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/28 16:33:44.0411 1820 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/28 16:33:44.0796 1820 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/07/28 16:33:45.0049 1820 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/07/28 16:33:45.0425 1820 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/07/28 16:33:45.0760 1820 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/07/28 16:33:46.0076 1820 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/28 16:33:46.0389 1820 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/28 16:33:46.0805 1820 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/28 16:33:47.0025 1820 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/28 16:33:47.0337 1820 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/07/28 16:33:47.0826 1820 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/28 16:33:48.0541 1820 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/28 16:33:48.0916 1820 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/28 16:33:48.0972 1820 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/07/28 16:33:49.0218 1820 PRODIGY (65937a34c9a5741e3030a86905400d91) C:\Windows\system32\Drivers\PRODIGY.SYS
2011/07/28 16:33:49.0537 1820 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/28 16:33:50.0029 1820 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/07/28 16:33:50.0260 1820 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/28 16:33:50.0472 1820 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/28 16:33:50.0589 1820 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/28 16:33:50.0858 1820 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/28 16:33:51.0070 1820 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/28 16:33:51.0214 1820 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/28 16:33:51.0589 1820 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/28 16:33:51.0896 1820 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/28 16:33:52.0211 1820 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/07/28 16:33:52.0529 1820 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/28 16:33:52.0868 1820 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/28 16:33:53.0145 1820 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/28 16:33:53.0213 1820 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/28 16:33:53.0561 1820 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/28 16:33:53.0795 1820 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/28 16:33:54.0300 1820 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/28 16:33:54.0539 1820 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/28 16:33:54.0789 1820 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/28 16:33:55.0182 1820 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/07/28 16:33:55.0584 1820 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/28 16:33:55.0843 1820 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/28 16:33:55.0889 1820 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/28 16:33:56.0089 1820 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/07/28 16:33:56.0387 1820 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/07/28 16:33:56.0597 1820 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/07/28 16:33:56.0757 1820 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/28 16:33:57.0104 1820 SNP2UVC (53d1e2ecbf26b313ffdd2b8ba3d2f66e) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/07/28 16:33:57.0359 1820 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/28 16:33:57.0775 1820 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/28 16:33:58.0141 1820 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/28 16:33:58.0369 1820 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/28 16:33:58.0437 1820 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/07/28 16:33:58.0638 1820 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/28 16:33:58.0709 1820 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/28 16:33:58.0897 1820 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/28 16:33:58.0952 1820 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/28 16:33:59.0284 1820 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/28 16:33:59.0802 1820 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/28 16:34:00.0194 1820 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/28 16:34:00.0594 1820 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/28 16:34:00.0983 1820 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/28 16:34:01.0320 1820 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/28 16:34:01.0670 1820 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/28 16:34:02.0034 1820 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/28 16:34:02.0483 1820 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/28 16:34:02.0872 1820 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/28 16:34:03.0180 1820 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/07/28 16:34:03.0348 1820 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/28 16:34:03.0451 1820 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/28 16:34:03.0570 1820 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/07/28 16:34:03.0621 1820 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/28 16:34:03.0708 1820 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/28 16:34:03.0845 1820 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/28 16:34:03.0949 1820 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
2011/07/28 16:34:04.0107 1820 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/07/28 16:34:04.0212 1820 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/28 16:34:04.0351 1820 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/28 16:34:04.0445 1820 usbdtv (b74f53feda52ccab5394f5ee9903eba5) C:\Windows\system32\Drivers\usbdtv.sys
2011/07/28 16:34:04.0577 1820 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/28 16:34:04.0664 1820 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/28 16:34:04.0768 1820 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/07/28 16:34:04.0928 1820 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/28 16:34:05.0045 1820 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/28 16:34:05.0183 1820 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
2011/07/28 16:34:05.0258 1820 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
2011/07/28 16:34:05.0385 1820 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/28 16:34:05.0463 1820 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/28 16:34:05.0522 1820 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/28 16:34:05.0704 1820 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/28 16:34:05.0768 1820 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/28 16:34:05.0925 1820 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/07/28 16:34:05.0968 1820 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/07/28 16:34:06.0006 1820 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/07/28 16:34:06.0166 1820 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/28 16:34:06.0222 1820 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/28 16:34:06.0360 1820 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/28 16:34:06.0443 1820 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/07/28 16:34:06.0633 1820 w800bus (b8c182df79ac8938311ac8e193d52762) C:\Windows\system32\DRIVERS\w800bus.sys
2011/07/28 16:34:06.0781 1820 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/28 16:34:06.0934 1820 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/28 16:34:06.0951 1820 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/28 16:34:07.0046 1820 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/07/28 16:34:07.0186 1820 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/28 16:34:07.0344 1820 winachsf (3344b5c3209e538291398ff12f895155) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/07/28 16:34:07.0523 1820 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/28 16:34:07.0667 1820 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/28 16:34:07.0775 1820 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/28 16:34:07.0932 1820 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/28 16:34:08.0041 1820 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys
2011/07/28 16:34:08.0448 1820 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
2011/07/28 16:34:08.0571 1820 Boot (0x1200) (2854e8da9015565f54ca635123957dae) \Device\Harddisk0\DR0\Partition0
2011/07/28 16:34:08.0604 1820 Boot (0x1200) (31261da0ccb078e0412b3fd6298f5e9e) \Device\Harddisk0\DR0\Partition1
2011/07/28 16:34:08.0617 1820 ================================================================================
2011/07/28 16:34:08.0617 1820 Scan finished
2011/07/28 16:34:08.0617 1820 ================================================================================
2011/07/28 16:34:08.0626 1608 Detected object count: 0
2011/07/28 16:34:08.0626 1608 Actual detected object count: 0

cosinus 28.07.2011 15:40
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Antoniaa 28.07.2011 16:12
Hab jetzt Combofix ausgeführt. Ich hoff, ich hab bis jetzt alles richtig gemacht?
Combofix Logfile:
Code:
ComboFix 11-07-28.02 - *********** 28.07.2011  16:45:46.1.1 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.1525.910 [GMT 2:00]
ausgeführt von:: c:\users\***********\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
c:\windows\system32\Temp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-06-28 bis 2011-07-28  ))))))))))))))))))))))))))))))
.
.
2011-07-28 14:55 . 2011-07-28 14:56        --------        d-----w-        c:\users\********\AppData\Local\temp
2011-07-28 14:43 . 2011-07-28 14:43        --------        d-----w-        C:\32788R22FWJFW
2011-07-28 13:53 . 2011-07-28 13:53        --------        d-----w-        C:\_OTL
2011-07-28 07:36 . 2011-07-28 07:36        --------        d-----w-        c:\users\*********\AppData\Roaming\Malwarebytes
2011-07-28 07:36 . 2011-07-06 17:52        41272        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-28 07:36 . 2011-07-28 07:36        --------        d-----w-        c:\programdata\Malwarebytes
2011-07-28 07:36 . 2011-07-28 07:36        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-07-28 07:36 . 2011-07-06 17:52        22712        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-07-27 15:30 . 2011-07-27 15:30        --------        d-----w-        c:\program files\ESET
2011-07-27 08:15 . 2011-07-27 08:15        --------        d-----w-        c:\program files\Windows Portable Devices
2011-07-27 08:06 . 2009-09-10 02:00        92672        ----a-w-        c:\windows\system32\UIAnimation.dll
2011-07-27 08:06 . 2009-09-10 02:01        3023360        ----a-w-        c:\windows\system32\UIRibbon.dll
2011-07-27 08:06 . 2009-09-10 02:00        1164800        ----a-w-        c:\windows\system32\UIRibbonRes.dll
2011-07-27 08:05 . 2009-09-25 01:33        369664        ----a-w-        c:\windows\system32\WMPhoto.dll
2011-07-27 08:05 . 2009-09-25 02:10        974848        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2011-07-27 08:05 . 2009-09-25 02:07        189440        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2011-07-27 08:05 . 2009-09-25 02:04        321024        ----a-w-        c:\windows\system32\PhotoMetadataHandler.dll
2011-07-27 08:05 . 2009-09-25 01:33        195584        ----a-w-        c:\windows\system32\dxdiagn.dll
2011-07-27 08:05 . 2009-09-25 01:32        252928        ----a-w-        c:\windows\system32\dxdiag.exe
2011-07-27 08:05 . 2009-09-25 01:31        519680        ----a-w-        c:\windows\system32\d3d11.dll
2011-07-27 08:03 . 2009-10-01 01:02        30208        ----a-w-        c:\windows\system32\WPDShextAutoplay.exe
2011-07-27 08:03 . 2009-10-01 01:02        31232        ----a-w-        c:\windows\system32\BthMtpContextHandler.dll
2011-07-27 08:03 . 2009-10-01 01:01        81920        ----a-w-        c:\windows\system32\wpdbusenum.dll
2011-07-27 07:58 . 2009-10-08 21:07        4096        ----a-w-        c:\windows\system32\oleaccrc.dll
2011-07-27 07:58 . 2009-10-08 21:08        555520        ----a-w-        c:\windows\system32\UIAutomationCore.dll
2011-07-27 07:58 . 2009-10-08 21:08        234496        ----a-w-        c:\windows\system32\oleacc.dll
2011-07-27 07:39 . 2011-01-20 14:12        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll
2011-07-27 07:39 . 2011-01-20 16:08        160768        ----a-w-        c:\windows\system32\d3d10_1.dll
2011-07-27 07:39 . 2011-01-20 13:47        683008        ----a-w-        c:\windows\system32\d2d1.dll
2011-07-27 07:39 . 2011-01-20 16:08        1029120        ----a-w-        c:\windows\system32\d3d10.dll
2011-07-27 07:39 . 2011-02-22 13:33        1068544        ----a-w-        c:\windows\system32\DWrite.dll
2011-07-27 07:39 . 2011-02-22 13:33        797696        ----a-w-        c:\windows\system32\FntCache.dll
2011-07-27 07:39 . 2011-01-20 14:11        486400        ----a-w-        c:\windows\system32\d3d10level9.dll
2011-07-27 07:39 . 2011-02-22 14:13        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-07-27 07:39 . 2011-01-20 16:08        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll
2011-07-27 07:39 . 2011-01-20 16:08        189952        ----a-w-        c:\windows\system32\d3d10core.dll
2011-07-27 07:39 . 2011-01-20 14:28        1554432        ----a-w-        c:\windows\system32\xpsservices.dll
2011-07-27 07:39 . 2011-01-20 14:25        847360        ----a-w-        c:\windows\system32\OpcServices.dll
2011-07-27 07:36 . 2010-05-04 19:13        231424        ----a-w-        c:\windows\system32\msshsq.dll
2011-07-26 19:37 . 2011-07-26 19:38        --------        d-----w-        c:\windows\system32\ca-ES
2011-07-26 19:37 . 2011-07-26 19:38        --------        d-----w-        c:\windows\system32\eu-ES
2011-07-26 19:36 . 2011-07-26 19:38        --------        d-----w-        c:\windows\system32\vi-VN
2011-07-26 08:13 . 2011-07-13 03:39        6881616        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{90D38BB2-A4B0-47FA-938C-970A11A99865}\mpengine.dll
2011-07-25 23:00 . 2009-04-11 06:28        1589248        ----a-w-        c:\windows\system32\msjet40.dll
2011-07-25 22:59 . 2009-04-11 06:32        161752        ----a-w-        c:\windows\system32\drivers\msrpc.sys
2011-07-25 22:58 . 2009-04-11 06:28        140288        ----a-w-        c:\windows\system32\wpcsvc.dll
2011-07-25 22:57 . 2009-04-11 06:28        705536        ----a-w-        c:\windows\system32\SmiEngine.dll
2011-07-25 22:57 . 2009-04-11 06:28        218624        ----a-w-        c:\windows\system32\wdscore.dll
2011-07-25 22:57 . 2009-04-11 06:27        130560        ----a-w-        c:\windows\system32\PkgMgr.exe
2011-07-25 22:57 . 2009-04-11 06:28        247808        ----a-w-        c:\windows\system32\drvstore.dll
2011-07-25 22:54 . 2011-03-03 15:40        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2011-07-25 22:54 . 2011-03-03 13:35        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2011-07-21 11:38 . 2009-10-20 16:47        112640        ----a-w-        c:\windows\system32\drivers\ewusbnet.sys
2011-07-21 11:38 . 2009-10-12 13:22        101120        ----a-w-        c:\windows\system32\drivers\ewusbdev.sys
2011-07-21 11:38 . 2009-09-10 12:55        102912        ----a-w-        c:\windows\system32\drivers\ewusbmdm.sys
2011-07-21 11:38 . 2007-08-09 02:06        23424        ----a-w-        c:\windows\system32\drivers\ewdcsc.sys
2011-07-16 08:30 . 2011-05-02 12:00        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-07-16 08:29 . 2011-05-02 17:19        766464        ----a-w-        c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-07-16 08:29 . 2011-04-29 13:24        214016        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-07-16 08:29 . 2011-04-29 13:24        79872        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-07-16 08:29 . 2011-04-29 13:24        106496        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-07-16 08:27 . 2011-04-20 15:55        375808        ----a-w-        c:\windows\system32\winsrv.dll
2011-07-16 08:27 . 2011-04-20 15:50        49152        ----a-w-        c:\windows\system32\csrsrv.dll
2011-07-16 08:25 . 2011-05-02 17:16        739328        ----a-w-        c:\windows\system32\inetcomm.dll
2011-07-16 08:24 . 2011-04-29 15:59        276992        ----a-w-        c:\windows\system32\schannel.dll
2011-07-09 16:49 . 2011-07-09 16:49        --------        d-----w-        c:\programdata\UAB
2011-07-09 16:49 . 2011-07-09 16:49        --------        d-----w-        c:\users\**********\AppData\Local\PC_Drivers_Headquarters
2011-07-09 16:49 . 2011-07-09 16:49        --------        d-----w-        c:\programdata\Easy Driver Pro
2011-07-09 16:48 . 2011-07-09 16:48        --------        d-----w-        c:\program files\Easy Driver Pro
2011-07-09 16:34 . 2008-01-18 22:34        89600        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2011-07-09 00:08 . 2011-07-09 00:08        --------        d-----w-        c:\users\***********\AppData\Roaming\HP
2011-07-08 23:56 . 2011-07-08 23:56        --------        d-----w-        c:\programdata\zvprt50
2011-07-08 23:56 . 2011-07-08 23:56        608        --sha-w-        c:\windows\system32\winzvprt5.sys
2011-07-08 23:56 . 2007-04-02 06:19        9451        ------w-        c:\windows\system32\hppfaxprintermonui5.dll
2011-07-08 23:56 . 2007-04-02 06:19        13385        ------w-        c:\windows\system32\hppfaxprintermon5.dll
2011-07-08 23:54 . 2007-05-17 19:31        241664        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\hpzpp072.DLL
2011-07-08 23:52 . 2007-08-10 07:11        188416        ----a-w-        c:\windows\system32\hppafx07.dll
2011-07-08 23:52 . 2007-08-10 07:11        14336        ----a-w-        c:\windows\system32\drivers\hpfxfax.sys
2011-07-08 23:52 . 2007-08-10 07:11        876544        ----a-w-        c:\windows\system32\hpxp2727.dll
2011-07-08 23:52 . 2007-08-10 07:11        767488        ----a-w-        c:\windows\system32\hpptsp02.dll
2011-07-08 23:52 . 2007-08-10 07:11        450560        ----a-w-        c:\windows\system32\hppasc07.dll
2011-07-08 23:52 . 2007-08-10 07:11        327680        ----a-w-        c:\windows\system32\hppcpr07.dll
2011-07-08 23:52 . 2007-08-10 07:11        11264        ----a-w-        c:\windows\system32\drivers\hpfxbulk.sys
2011-07-08 23:52 . 2007-08-10 07:11        188416        ----a-w-        c:\windows\system32\hppcew07.dll
2011-07-08 23:52 . 2007-08-10 07:11        19456        ----a-w-        c:\windows\system32\drivers\hpfxgen.sys
2011-07-08 13:18 . 2011-07-08 13:18        --------        d-----w-        c:\program files\Common Files\HP
2011-07-08 13:18 . 2011-07-08 13:18        --------        d-----w-        c:\program files\Common Files\Hewlett-Packard
2011-07-08 13:18 . 2011-07-08 13:18        --------        d-----w-        c:\program files\Hewlett-Packard
2011-07-08 13:10 . 2011-07-09 00:08        --------        d-----w-        c:\programdata\Hewlett-Packard
2011-07-08 13:10 . 2008-03-03 17:18        241664        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mg.DLL
2011-07-08 12:56 . 2007-07-17 03:29        59928        ----a-w-        c:\windows\system32\fxcompchannel.dll
2011-07-08 12:56 . 2011-07-08 23:56        --------        d-----w-        c:\program files\HP
2011-07-08 12:53 . 2011-07-08 13:18        --------        d-----w-        c:\programdata\HP
2011-07-08 12:53 . 2007-07-16 21:29        59928        ----a-w-        c:\windows\system32\fxfaxchannel.dll
2011-06-30 18:26 . 2011-06-30 18:27        --------        d-----w-        c:\users\**********\Aushang Laden
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2009-10-03 10:08        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-05-20 05:30 . 2011-05-20 05:30        1138440        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-11-07 159744]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk /p \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2010-12-14 15:44        216456        ----a-w-        c:\program files\PDF24\pdf24.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" -bootmode
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Persistence"=c:\windows\system32\igfxpers.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"LWS"=c:\program files\Logitech\LWS\Webcam Software\LWS.exe -hide
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3047791-560114429-293112349-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 DTVFW;LITE-ON DVB-T USB adapter firmware;c:\windows\system32\DRIVERS\dtvfw.sys [2005-12-07 22016]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-20 112640]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2007-08-10 14336]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-10-06 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-10-06 8320]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 usbdtv;LITE-ON DVB-T (PID=F001) receiver;c:\windows\system32\Drivers\usbdtv.sys [2005-12-07 31232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 39589983
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - 39589983
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-28 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 12:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Kammerzofe\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\**********\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\w7zgb186.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=1e6d885e000000000000000000000000&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 6\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-28 16:56
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-07-28  17:01:19
ComboFix-quarantined-files.txt  2011-07-28 15:01
.
Vor Suchlauf: 7.074.684.928 Bytes frei
Nach Suchlauf: 7.493.857.280 Bytes frei
.
- - End Of File - - 8C7DB7F981C696A25AB024667C95530B
--- --- ---

Antoniaa 28.07.2011 18:12
Hab mein system jetzt nochmal mit malwarebytes gescannt,und ich glaube es ist alles wieder gut,meines erachtens nach. Ich hoffs zumindestens

Ich danke dir schonmal für deine super kompetente, schnelle und unkomplizierte Hilfe.

Jetzt noch die Logdatei von malwarebyte

Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7310

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

28.07.2011 19:05:34
mbam-log-2011-07-28 (19-05-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 282775
Laufzeit: 1 Stunde(n), 11 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:42 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131