Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   ukash - BKA - Aus Sicherheitsgründen Betriebssystem gesperrt . . . (https://www.trojaner-board.de/107610-ukash-bka-sicherheitsgruenden-betriebssystem-gesperrt.html)

Change 05.01.2012 16:42

ukash - BKA - Aus Sicherheitsgründen Betriebssystem gesperrt . . .
 
Und nun bin ich auch auf den Leim gegangen.

Beim surfen plötzlich Bildschirm Weiß, nach einiger Zeit kam dann eine Anzeige, dass das Betriebssystem aus sicherheitsgründen gesperrt worden sei.

Dieser Computer sei in Verbindung mit kinderpornografischem Inhalt und terroristischen E-Mails in verbindung gebracht worden sein.

Die Sperre würde sich mit Bezahlung von 100 Euro über ukash aufheben lassen.

Selbst den Taskmanager hat das Dingen blockiert.
Selbst die IP und den DSL-Anbieter hat der Schlingel ausgegeben!!!

Habe dann über Strg-Alt-Entf auf Abmelden geklickt, als dann die Frage kam ob wirklich abgemeldet werden solle da noch fenster offen sind habe ich auf Abbrechen geklickt, seither habe ich den Bildschirm wieder aber die Fenster werden nicht mehr korrekt in der Taskleiste angezeigt (manche fehlen) und auch viele fenster sind ganz schmal minimiert.

Nach Recherchen im Internet fand ich das:
https://www.bka.de/nn_196810/DE/ThemenABisZ/Kriminalpraevention/Warnhinweise/110401__BKABPolSchadsoftware.html?__nnn=true

Die Seite sah zwar ein wenig anders aus, aber das ist ja egal.

Meine Frage nun, Antivir hat nichts gefunden. Im Task-Manager (den ich wieder öffnen kann) finde ich auch keinen seltsamen hinweis), trotzdem muss dieser Virus ja irgendwo noch sein, da es ja auf mein System zugreifen konnte, was soll ich noch tun... bin jetzt nicht ganz beruhigt weiter an dem Computer zu arbeiten. MBAN hat etwas gefunden, auch in den Temp-Dateien wo meine Vermutung lag, könnt ihr mir sagen ob das dieses Virus gewesen ist oder ob ich mir noch sorgen machen muss und wie ich jetzt weiter vorgehen soll?

Vielen Dank im Voraus

System:
Windows Vista Home Premium 32Bit SP1


P.S.:
Habe auf folgender Seite einen Hinweis gefunden, das diese Datei wpbt0.dll der Trojaner sei.
hxxp://www.las-webservice.com/downloads/bundespolizei-trojaner---schritt-fuer-schritt-.pdf
Kan ich der Anleitung dort Vertrauen bzw. reich diese aus?
Das löschen eines Trojaners mit Umschalt+Entf ist endgültig, hab da umständlichere Entfernungen in erinnerung.

Change 05.01.2012 17:11

Antivir hat nach einer Vollprüfung nun doch etwas gefunden:
Zitat:

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <BOOT>
C:\Users\Medion\AppData\Local\Mozilla\Firefox\Profiles\gx6q39fm.default\Cache\6\7C\73EADd01
[FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen3
C:\Users\Medion\AppData\Local\Temp\plugtmp-15\plugin-fdp2.php
[0] Archivtyp: PDF
--> pdf_form_0.avp
[FUND] Enthält Erkennungsmuster des Exploits EXP/Pidief.aif
C:\Users\Medion\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\4fa65a97-3a0a7669
[0] Archivtyp: ZIP
--> json/Search.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.FK
--> json/ThreadParser.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.Blacole.H
--> json/XSLT.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.Blacole.P
C:\Users\Medion\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\5bb93e46-6c670c4d
[0] Archivtyp: ZIP
--> json/Search.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.FK
--> json/ThreadParser.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.Blacole.H
--> json/XSLT.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.Blacole.P
bzw.
Zitat:

4fa65a97-9a0a7669 -> EXP/Java.Blacole.P
plugin-fdp2.php -> EXP/Pidief.aif
73EADd01 -> HTML/Infected.WebPage.Gen3

Change 07.01.2012 11:37

Laut hxxp://bka-trojaner.de/ habe ich Version 1.03.
Was soll ich nun tun?

Change 07.01.2012 12:32

So, hab die Datei wpbt0.dll nun mal per Umschalt+Entf gelöscht.
Diese befand sich im Ordner:
C:\Users\XXUSERXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpbt0.dll

Seither funktioniert alles wieder ganz passabel, um nun aber restlos auch Registryeinträge o.ä. zurückgebliebenen Trojanerreste zu beseitigen bitte ich nochmal um eure Hilfe.

Ein neuer MBAM-Log poste ich nun auch. (Es sind mehr infizierte Objekte gefunden worden... BOTNet?)

Vielen Dank im Voraus

Code:

Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.07.01

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Medion :: MEDION-PC [Administrator]

Schutz: Aktiviert

07.01.2012 12:27:00
mbam-log-2012-01-07 (12-32-17).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 168537
Laufzeit: 3 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Users\Medion\AppData\Local\Temp\wpbt0.dll (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Medion\AppData\Local\Temp\wpbt0.dll (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.
C:\$RECYCLE.BIN\S-1-5-21-1796333214-148585332-2916717118-1001\$R0W71CL.exe (PUP.CNET.Adware.Bundle) -> Keine Aktion durchgeführt.
C:\$RECYCLE.BIN\S-1-5-21-1796333214-148585332-2916717118-1001\$R073ORC.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.
C:\Users\Medion\AppData\Local\Temp\xFeBvjtc.exe.part (PUP.CNET.Adware.Bundle) -> Keine Aktion durchgeführt.
C:\Users\Medion\AppData\Local\Temp\ICReinstall\cnet2_smac20_setup_exe.exe (PUP.CNET.Adware.Bundle) -> Keine Aktion durchgeführt.

(Ende)


Change 07.01.2012 13:27

OTL Log
Code:

OTL logfile created on: 07.01.2012 13:12:00 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Medion\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,40% Memory free
6,19 Gb Paging File | 4,97 Gb Available in Paging File | 80,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,32 Gb Total Space | 138,10 Gb Free Space | 49,62% Space Free | Partition Type: NTFS
Drive D: | 19,76 Gb Total Space | 6,87 Gb Free Space | 34,78% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: Medion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.07 12:20:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Medion\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.10.19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.08.15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.01.07 21:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.01.07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.04 15:45:56 | 000,304,688 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2008.08.04 15:45:54 | 000,334,384 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlNotifyIcon.exe
PRC - [2008.08.04 15:45:52 | 000,326,192 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2008.02.28 17:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.08 21:46:02 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (IAANTMON) Intel(R)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.08.15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.01.07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2008.08.04 15:45:56 | 000,304,688 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2008.02.28 17:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.30 06:14:56 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.08 21:54:46 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.08 04:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.11.12 00:10:52 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.08.28 13:27:57 | 000,066,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\FPWinIo.sys -- (FPWinIo)
DRV - [2008.08.28 13:27:45 | 000,026,920 | ---- | M] (LTT) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) LTT-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV - [2008.08.06 15:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.08.04 15:46:06 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008.08.04 15:46:04 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008.08.04 15:46:04 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008.07.10 10:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.04.28 05:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2007.07.31 10:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006.11.30 14:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 09:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.10 19:15:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.01.03 17:07:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.10.21 19:44:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Extensions
[2011.12.20 22:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\gx6q39fm.default\extensions
[2011.12.20 22:22:22 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\gx6q39fm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.15 19:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.15 19:23:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.05 08:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe File not found
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{228BBEBE-E967-411B-B950-8E7B8C6843A4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{770313F6-C778-4A84-8FB1-F697B1721686}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{2d0108d6-32a0-11e1-9eed-001f160b7c43}\Shell - "" = AutoRun
O33 - MountPoints2\{2d0108d6-32a0-11e1-9eed-001f160b7c43}\Shell\AutoRun\command - "" = E:\DDFSetup.exe
O33 - MountPoints2\{5821826c-eda0-11e0-b7fd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5821826c-eda0-11e0-b7fd-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.07 12:20:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Medion\Desktop\OTL.exe
[2012.01.05 16:00:51 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Malwarebytes
[2012.01.05 16:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.05 16:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.05 16:00:36 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.05 16:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.05 15:44:49 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Medion\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.05 15:21:59 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\steve
[2012.01.04 20:48:02 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\img
[2012.01.04 18:07:16 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
[2012.01.04 13:33:25 | 000,000,000 | ---D | C] -- C:\xampp
[2012.01.03 17:07:37 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Thunderbird
[2012.01.03 17:07:37 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Thunderbird
[2012.01.03 17:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.01.03 14:06:22 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\htdocs
[2012.01.03 14:05:36 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\data
[2012.01.01 20:53:59 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\jMint-ET
[2012.01.01 19:39:27 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\J1.7
[2011.12.31 06:17:19 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011.12.31 06:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011.12.31 06:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die drei Fragezeichen und das Gold der Inkas
[2011.12.31 06:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Die drei Fragezeichen und das Gold der Inkas
[2011.12.30 06:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.12.30 06:14:56 | 000,239,168 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.12.30 06:14:48 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011.12.30 06:13:02 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\DAEMON Tools Lite
[2011.12.30 06:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.12.28 14:25:08 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\FileZilla
[2011.12.28 14:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011.12.28 14:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011.12.24 03:53:17 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\CyberLink
[2011.12.24 03:53:13 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\CyberLink
[2011.12.22 18:02:32 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2011.12.22 18:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.12.22 18:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011.12.21 19:45:09 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\FreePDF_XP
[2011.12.21 19:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF
[2011.12.21 19:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\FreePDF_XP
[2011.12.21 19:44:34 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\FreePDF
[2011.12.21 19:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2011.12.21 19:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2011.12.20 22:22:26 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoft
[2011.12.20 22:22:20 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.20 22:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.12.20 22:22:02 | 000,000,000 | ---D | C] -- C:\Users\Medion\Documents\DVDVideoSoft
[2011.12.20 22:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011.12.20 22:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011.12.20 17:09:09 | 000,000,000 | ---D | C] -- C:\Users\Medion\Documents\GFDOutDir
[2011.12.20 17:04:39 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUI for dvdauthor
[2011.12.20 17:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GUI for dvdauthor
[2011.12.20 17:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\GUI for dvdauthor
[2011.12.20 16:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD-lab PRO 2
[2011.12.20 16:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\DVDlabPro2
[2011.12.20 15:39:03 | 000,000,000 | ---D | C] -- C:\Users\Medion\Documents\NeroVision
[2011.12.20 15:20:13 | 000,000,000 | ---D | C] -- C:\Users\Medion\Documents\My Downloads
[2011.12.20 15:05:23 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\AVS4YOU
[2011.12.20 15:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2011.12.20 15:04:57 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011.12.20 15:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2011.12.20 15:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011.12.20 15:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2011.12.20 15:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVSDVDAuthoring
[2011.12.20 14:55:54 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\gtk-2.0
[2011.12.20 14:55:05 | 000,000,000 | ---D | C] -- C:\Users\Medion\.thumbnails
[2011.12.20 14:50:55 | 000,000,000 | ---D | C] -- C:\Users\Medion\Documents\gegl-0.0
[2011.12.20 14:50:55 | 000,000,000 | ---D | C] -- C:\Users\Medion\.gimp-2.6
[2011.12.20 14:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011.12.20 14:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2011.12.20 00:31:25 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\c
[2011.12.19 19:48:40 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Canneverbe Limited
[2011.12.19 19:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2011.12.19 19:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2011.12.19 19:24:07 | 000,000,000 | ---D | C] -- C:\Users\Medion\Documents\Nero
[2011.12.19 19:21:07 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Ahead
[2011.12.19 19:20:52 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Nero
[2011.12.19 02:06:31 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\TempDIR
[2011.12.19 02:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDStyler
[2011.12.19 02:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\DVDStyler
[2011.12.18 19:40:01 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\Eine himmlische Familie
[2011.12.12 13:44:20 | 000,094,208 | R--- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll
[2011.12.12 13:44:20 | 000,016,384 | R--- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll
[2011.12.12 13:44:20 | 000,012,288 | R--- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll
[2011.12.12 13:44:17 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll
[2011.12.12 13:43:52 | 000,126,976 | ---- | C] (Brother Industries,LTD) -- C:\Windows\System32\BrfxD05a.dll
[2011.12.11 14:15:36 | 000,057,856 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\brinsstr.dll
[2011.12.11 14:15:17 | 000,163,840 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll
[2011.12.11 14:15:17 | 000,034,816 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\BrWiaNCp.dll
[2011.12.11 14:15:16 | 000,061,952 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrNetSti.dll
[2011.12.11 14:15:16 | 000,037,376 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\System32\Brnsplg.dll
[2011.12.11 14:15:16 | 000,018,944 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\BrnStiCp.cpl
[2011.12.11 14:15:12 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrSti07a.dll
[2011.12.11 14:15:09 | 000,131,072 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\brunin03.dll
[2011.12.11 14:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2011.12.11 14:13:21 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\mflpro
[2011.12.10 03:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2011.12.09 00:23:09 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\Dragonball Z PS2 Game
[2011.12.08 15:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2011.12.08 14:49:52 | 000,000,000 | ---D | C] -- C:\Users\Medion\Documents\PCSX2
[2008.08.28 10:58:13 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008.08.28 10:58:13 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007.03.12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005.11.23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.07 13:15:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2012.01.07 12:33:28 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\kdhow.sys
[2012.01.07 12:20:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Medion\Desktop\OTL.exe
[2012.01.07 12:15:23 | 000,628,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.07 12:15:23 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.07 12:15:23 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.07 12:15:23 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.07 12:09:21 | 000,000,680 | ---- | M] () -- C:\Users\Medion\AppData\Local\d3d9caps.dat
[2012.01.07 12:08:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.07 12:08:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.07 12:08:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.07 12:08:18 | 3215,855,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.07 09:48:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.01.05 16:00:40 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.05 15:47:33 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Medion\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.05 00:42:59 | 000,000,273 | ---- | M] () -- C:\Users\Medion\Desktop\lieder.rtf
[2012.01.04 21:46:40 | 000,000,032 | ---- | M] () -- C:\Users\Medion\Desktop\pfad.php
[2012.01.04 21:25:34 | 000,001,570 | ---- | M] () -- C:\Users\Medion\Desktop\index.html
[2012.01.04 21:24:17 | 000,014,597 | ---- | M] () -- C:\Users\Medion\.recently-used.xbel
[2012.01.04 21:10:06 | 000,013,936 | ---- | M] () -- C:\Users\Medion\Desktop\Agupo.png
[2012.01.04 18:07:16 | 000,000,562 | ---- | M] () -- C:\Users\Medion\Desktop\XAMPP Control Panel.lnk
[2012.01.03 21:32:58 | 000,179,128 | ---- | M] () -- C:\Users\Medion\Desktop\minimizetotray_revived-1.0-fx+tb+sm-windows.xpi
[2012.01.03 17:07:35 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.01.02 12:52:09 | 000,407,390 | ---- | M] () -- C:\Users\Medion\Desktop\Bildschirmfoto 2012-01-02 um 12.51.03.png
[2012.01.01 17:03:25 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011.12.30 16:48:32 | 000,074,196 | ---- | M] () -- C:\Users\Medion\Desktop\Überweisungsbeleg K. Gresel.pdf
[2011.12.30 06:14:56 | 000,239,168 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.12.28 16:02:14 | 003,431,534 | ---- | M] () -- C:\Users\Medion\Desktop\testdisk-6.14-WIP.win.zip
[2011.12.28 14:29:52 | 000,003,711 | ---- | M] () -- C:\Users\Medion\Desktop\Hyrule TwinkBOT.rtf
[2011.12.27 22:49:41 | 005,286,289 | ---- | M] () -- C:\Users\Medion\Desktop\php-kurs-ebook-ohne-sicherheitskapitel.pdf
[2011.12.21 22:52:44 | 000,013,312 | ---- | M] () -- C:\Users\Medion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.21 19:45:12 | 000,064,939 | ---- | M] () -- C:\Users\Medion\Desktop\Überweisungsbeleg Salzgrotte Dortmund.pdf
[2011.12.21 18:25:16 | 000,324,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.12 13:49:02 | 000,000,212 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2011.12.12 13:49:02 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini
[2011.12.12 13:49:02 | 000,000,050 | ---- | M] () -- C:\Windows\System32\bridf07a.dat
[2011.12.11 23:37:43 | 000,138,520 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.12.11 23:36:57 | 000,234,536 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.12.11 15:12:30 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011.12.11 15:12:30 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.08 21:54:46 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.07 12:33:28 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\kdhow.sys
[2012.01.07 09:46:07 | 3215,855,616 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.05 16:00:40 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.05 00:42:59 | 000,000,273 | ---- | C] () -- C:\Users\Medion\Desktop\lieder.rtf
[2012.01.04 21:46:28 | 000,000,032 | ---- | C] () -- C:\Users\Medion\Desktop\pfad.php
[2012.01.04 21:24:17 | 000,014,597 | ---- | C] () -- C:\Users\Medion\.recently-used.xbel
[2012.01.04 21:10:05 | 000,013,936 | ---- | C] () -- C:\Users\Medion\Desktop\Agupo.png
[2012.01.04 20:31:16 | 000,063,624 | ---- | C] () -- C:\Users\Medion\Desktop\tlac.ttf
[2012.01.04 20:26:27 | 000,001,570 | ---- | C] () -- C:\Users\Medion\Desktop\index.html
[2012.01.04 18:07:16 | 000,000,562 | ---- | C] () -- C:\Users\Medion\Desktop\XAMPP Control Panel.lnk
[2012.01.03 21:32:56 | 000,179,128 | ---- | C] () -- C:\Users\Medion\Desktop\minimizetotray_revived-1.0-fx+tb+sm-windows.xpi
[2012.01.03 17:07:33 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.01.03 17:07:32 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.01.03 16:41:04 | 000,002,130 | ---- | C] () -- C:\Users\Medion\Desktop\settings.xml
[2012.01.02 12:51:28 | 000,407,390 | ---- | C] () -- C:\Users\Medion\Desktop\Bildschirmfoto 2012-01-02 um 12.51.03.png
[2011.12.30 16:48:32 | 000,074,196 | ---- | C] () -- C:\Users\Medion\Desktop\Überweisungsbeleg K. Gresel.pdf
[2011.12.28 16:01:46 | 003,431,534 | ---- | C] () -- C:\Users\Medion\Desktop\testdisk-6.14-WIP.win.zip
[2011.12.28 13:40:14 | 004,913,522 | ---- | C] () -- C:\Users\Medion\Desktop\g3382_maximus_extreme.pdf
[2011.12.27 22:48:42 | 005,286,289 | ---- | C] () -- C:\Users\Medion\Desktop\php-kurs-ebook-ohne-sicherheitskapitel.pdf
[2011.12.21 19:45:11 | 000,064,939 | ---- | C] () -- C:\Users\Medion\Desktop\Überweisungsbeleg Salzgrotte Dortmund.pdf
[2011.12.21 19:44:35 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.12.21 19:44:35 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.12.21 02:11:56 | 000,003,711 | ---- | C] () -- C:\Users\Medion\Desktop\Hyrule TwinkBOT.rtf
[2011.12.19 19:48:15 | 000,001,688 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011.12.16 18:07:49 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2011.12.12 13:49:02 | 000,000,212 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.12.12 13:49:02 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.12.12 13:43:54 | 000,006,224 | ---- | C] () -- C:\Windows\CVRPAGE.bmp
[2011.12.12 13:43:53 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.12.11 14:19:46 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2011.12.11 14:15:16 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011.12.10 03:01:49 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.12.10 03:01:48 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.12.08 22:54:39 | 000,001,755 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011.12.08 22:54:39 | 000,001,734 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2011.12.08 22:54:39 | 000,001,713 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011.11.13 17:40:41 | 000,013,312 | ---- | C] () -- C:\Users\Medion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.09 23:20:51 | 000,000,680 | ---- | C] () -- C:\Users\Medion\AppData\Local\d3d9caps.dat
[2011.11.05 02:37:17 | 000,138,520 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.11.05 02:36:29 | 000,234,536 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.11.05 02:35:55 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.11.03 18:20:47 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2011.10.13 21:30:24 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2008.09.02 12:45:19 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2008.08.28 13:27:57 | 000,066,856 | ---- | C] () -- C:\Windows\System32\drivers\FPWinIo.sys
[2008.08.28 13:15:44 | 000,628,730 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.08.28 13:15:44 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.08.28 13:15:44 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.08.28 13:15:44 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.08.28 13:02:32 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2008.08.28 13:02:32 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008.08.28 11:33:16 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008.08.28 10:58:13 | 001,753,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.08.28 10:58:13 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2008.08.28 10:58:13 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.08.28 10:58:13 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008.08.28 10:35:46 | 000,119,296 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.08.28 09:31:15 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008.08.28 09:31:15 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\29563E424B.sys
[2008.08.28 03:21:34 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.08.28 02:43:57 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008.01.21 03:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,324,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.09.19 09:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004.02.27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
 
========== LOP Check ==========
 
[2011.12.19 19:48:40 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Canneverbe Limited
[2011.12.31 06:15:49 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DAEMON Tools Lite
[2011.12.20 23:13:52 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoft
[2011.12.20 22:22:20 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.05 15:59:41 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\FileZilla
[2011.12.21 19:44:34 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\FreePDF
[2012.01.04 21:24:18 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\gtk-2.0
[2011.12.15 19:13:29 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\TeamViewer
[2012.01.03 17:07:37 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Thunderbird
[2011.12.11 22:40:04 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\TS3Client
[2012.01.07 09:48:04 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.01.07 13:15:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.10.03 09:34:06 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2008.08.28 13:16:34 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.10.03 09:29:52 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.08.28 04:50:19 | 000,000,000 | ---D | M] -- C:\Intel
[2011.11.05 04:17:40 | 000,000,000 | ---D | M] -- C:\Medion
[2008.08.28 09:52:31 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.05 16:00:36 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.05 16:00:38 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.10.03 09:29:52 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.10.04 07:33:51 | 000,000,000 | ---D | M] -- C:\report
[2012.01.07 13:13:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.03 09:33:46 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.05 17:19:46 | 000,000,000 | ---D | M] -- C:\Windows
[2012.01.04 17:59:33 | 000,000,000 | ---D | M] -- C:\xampp
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\System32\drivers\afd.sys
[2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011.04.21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008.01.21 03:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009.04.11 05:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011.04.21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-07 11:15:47

< End of report >

Extras-Log
Code:

OTL Extras logfile created on: 07.01.2012 13:12:00 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Medion\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,40% Memory free
6,19 Gb Paging File | 4,97 Gb Available in Paging File | 80,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,32 Gb Total Space | 138,10 Gb Free Space | 49,62% Space Free | Partition Type: NTFS
Drive D: | 19,76 Gb Total Space | 6,87 Gb Free Space | 34,78% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: Medion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0815046E-324B-4155-8545-D5BB7603C454}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{461ED946-5410-4984-9DC0-9C3CC882EB87}" = rport=137 | protocol=17 | dir=out | app=system |
"{4AF721BA-4EE6-4F58-882A-5126824F80D2}" = rport=138 | protocol=17 | dir=out | app=system |
"{77EFBD27-7801-4CE9-95FA-C5E502CF4D15}" = lport=138 | protocol=17 | dir=in | app=system |
"{7B3C3A14-B6CA-49D9-A233-F036E0F4552C}" = lport=445 | protocol=6 | dir=in | app=system |
"{80380AB8-9C04-4E90-87D2-2F1619B4FBB4}" = lport=139 | protocol=6 | dir=in | app=system |
"{A1822F71-1510-4AA8-AD88-4B8F657E9B61}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A3328D39-FD4F-4DF6-BA77-ABE85A36C3E7}" = rport=445 | protocol=6 | dir=out | app=system |
"{A369371B-C08C-4E50-958F-F1FEEB0FE0FC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AA44BB9B-354B-4D7C-917B-2C4C5A6A7AFA}" = rport=139 | protocol=6 | dir=out | app=system |
"{B100512D-7F34-47BB-8F62-61282C1D5F16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BEB35B3E-5E16-4924-8229-EB676684EC22}" = lport=137 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02258C4D-EBF5-444A-A933-28F07FF1F3C5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{150EA0D5-5B30-40B9-88C0-434E496D2967}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{158B9A38-A788-4BBE-B523-BB162CD7700C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{31463359-C09A-4D00-B616-DFC8711A570A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{386676C0-CEB9-4F6E-8071-599FA7E7684E}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{38E64B9A-FEA1-4827-9034-F864C12FE89A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{3B33BEFE-E7D1-4F8A-8CC6-3B0D5E8C833B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{407F1DD8-BE32-4BDD-8763-132B3E1A0FF0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{52AF912D-542A-46FF-856A-6F79446E2E00}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{74735CE7-5024-4C37-A486-479F7410DCC1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{7F12D708-E9D3-44CB-A2F3-F205FECD04D4}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{80549CA2-C551-42A2-AB89-5125176A92DC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8082A0D1-CEE1-4A5C-9C42-F4B0DD34E687}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{91CE1C6E-E84E-4D0C-A7F6-39976959CE63}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{92DC2E67-240D-476A-8C0A-FCF79D838AE1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B416B237-B199-4A74-8AED-45FFDEDBAE7C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFBDF621-2C22-45F8-81DF-C9DB0EE8CFD6}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{D4D50CC3-2FA1-4D06-B49F-54964E80420E}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{D56F3A26-2D4F-4E5C-9280-B250D2FD91E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D8FB8F8D-8F98-43A6-B850-E2A6A4E0B283}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{DFF2BEBD-7ED8-42BD-8E23-1122EB6EC9FC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{E295DE7A-C19A-4790-A0B5-1FBA01A07760}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F45A1D01-4D73-4115-8CE2-0B9970D6BF54}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{FAA1B7D3-0C44-4FE5-8E76-2C964CD3B24F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"TCP Query User{1089B5D5-D2D5-4359-98AB-44C49217473E}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"TCP Query User{50E91C62-B05D-477B-8955-6A3C119F3B03}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{5CED3243-71E2-4A7D-BC0E-2C10C2A7F56F}C:\users\medion\appdata\local\temp\rar$ex19.800\commonfiles\java\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\medion\appdata\local\temp\rar$ex19.800\commonfiles\java\bin\javaw.exe |
"TCP Query User{6FE58BF8-BA62-42EB-80E3-4749D096226C}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{AE541B2E-3576-4C1E-BCE2-2BFC6DBB5386}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{BC48F59D-346D-41CF-947E-2B9D4CC37466}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{FC1AFCA3-0488-4975-BE0D-BE286614EC22}C:\users\medion\appdata\local\temp\rar$ex41.992\wow-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\medion\appdata\local\temp\rar$ex41.992\wow-dede-installer-downloader.exe |
"UDP Query User{14A44178-3AB9-4AC5-A7B9-1AB3F23D155C}C:\users\medion\appdata\local\temp\rar$ex41.992\wow-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\medion\appdata\local\temp\rar$ex41.992\wow-dede-installer-downloader.exe |
"UDP Query User{65EC10AC-C8DB-4872-B949-2DE13331638C}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{7B968BCD-582F-40C1-B953-A384636F6FCA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{89BB4E22-B531-4F12-814D-D4E3A7B71D01}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{97516DDD-2595-4A83-A79A-43D24C91BF91}C:\users\medion\appdata\local\temp\rar$ex19.800\commonfiles\java\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\medion\appdata\local\temp\rar$ex19.800\commonfiles\java\bin\javaw.exe |
"UDP Query User{A30A0841-85BD-4672-AA2B-605B7A85ED85}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"UDP Query User{CCDF1506-88FD-4D45-AC99-2A1639DE2C2E}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0ED47137-C071-46CC-A243-E5E33271E10E}" = Windows Live Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS DVD Authoring_is1" = AVS DVD Authoring
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"DAEMON Tools Lite" = DAEMON Tools Lite
"Die drei Fragezeichen und das Gold der Inkas_is1" = Die drei Fragezeichen und das Gold der Inkas
"DVD-lab PRO 2.5_is1" = DVD-lab PRO 2.5
"DVDStyler_is1" = DVDStyler v2.0.1
"FileZilla Client" = FileZilla Client 3.5.2
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.3.1206
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"FreePDF_XP" = FreePDF (Remove only)
"GameSpy Arcade" = GameSpy Arcade
"GPL Ghostscript 9.04" = GPL Ghostscript
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mIRC" = mIRC
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"PremiumSoft Navicat Lite_is1" = PremiumSoft Navicat Lite 10.0
"PSPad editor_is1" = PSPad editor
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Revo Uninstaller" = Revo Uninstaller 1.93
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"X10Hardware" = X10 Hardware(TM)
"xampp" = XAMPP 1.7.7
"Xfire" = Xfire (remove only)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.01.2012 12:12:59 | Computer Name = Medion-PC | Source = MySQL | ID = 100
Description = Fatal error: Can't open and lock privilege tables: Incorrect key file
 for table 'user'; try to repair it    For more information, see Help and Support Center
 at hxxp://www.mysql.com.   
 
Error - 04.01.2012 12:13:10 | Computer Name = Medion-PC | Source = MySQL | ID = 100
Description = Fatal error: Can't open and lock privilege tables: Incorrect key file
 for table 'user'; try to repair it    For more information, see Help and Support Center
 at hxxp://www.mysql.com.   
 
Error - 04.01.2012 12:27:31 | Computer Name = Medion-PC | Source = MySQL | ID = 100
Description = Fatal error: Can't open and lock privilege tables: Incorrect key file
 for table 'user'; try to repair it    For more information, see Help and Support Center
 at hxxp://www.mysql.com.   
 
Error - 04.01.2012 12:27:51 | Computer Name = Medion-PC | Source = VSS | ID = 8194
Description =
 
Error - 05.01.2012 08:23:48 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.01.2012 12:18:36 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 07.01.2012 04:42:26 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 07.01.2012 04:47:48 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 07.01.2012 07:09:57 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 07.01.2012 07:33:51 | Computer Name = Medion-PC | Source = VSS | ID = 8194
Description =
 
[ System Events ]
Error - 31.12.2011 05:11:58 | Computer Name = Medion-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 0016EAD0C51E zugeteilt werden. Der
 folgende Fehler ist aufgetreten:  %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 31.12.2011 10:52:43 | Computer Name = Medion-PC | Source = HTTP | ID = 15016
Description =
 
Error - 31.12.2011 10:54:11 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 31.12.2011 10:54:11 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 31.12.2011 13:34:16 | Computer Name = Medion-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 0016EAD0C51E zugeteilt werden. Der
 folgende Fehler ist aufgetreten:  %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 01.01.2012 07:06:12 | Computer Name = Medion-PC | Source = HTTP | ID = 15016
Description =
 
Error - 01.01.2012 07:07:41 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01.01.2012 07:07:41 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01.01.2012 12:08:40 | Computer Name = Medion-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 0016EAD0C51E zugeteilt werden. Der
 folgende Fehler ist aufgetreten:  %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 01.01.2012 12:21:08 | Computer Name = Medion-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 0016EAD0C51E zugeteilt werden. Der
 folgende Fehler ist aufgetreten:  %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
 
< End of report >


Sven Uwe 07.01.2012 13:38

Unsinn entfernt //cosinus

cad 07.01.2012 13:53

OT
 
@Change
Posting von Sven-Uwe bitte nicht beachten, sobald einer der zuständigen Mods online ist, wird der Beitrag entfernt. :)

BTW: Du hast dir selbst im Thread geantwortet, somit wurde der Beitrag übersehen

Zitat:

Das Forum ist ein vielbesuchter Ort und es kann leider passieren, dass gelegentlich ein Thema übersehen wird.

Auf Grund der großen Anfrage kann es bis zu 3 Tagen dauern, bis sich jemand eures Themas annehmen kann.
Wer nach drei Tagen immer noch keine Antwort erhalten hat,
sollte noch einmal überprüfen, dass er die ersten 3 Punkte dieser Anleitung auch wirklich korrekt abgearbeitet hat.

Sind die notwendigen Angaben vorhanden, dann ist es an der Zeit, sich mit einer kurzen Problembeschreibung und vor allem einem Link zum Thema in folgendem Thread zu melden:
Erinnerung an meinen Thread

Dein Thema nicht pushen! Threads mit mehreren Antworten werden als "in Arbeit" angesehen und nicht mehr beachtet.

Die Themen aus dem Erinnerung an meinen Thread werden dann so bald wie möglich von jemanden übernommen.


Bitte keine OTL- Logs oder Ähnliches in diesen Thread posten! Direkte Hilfeanfragen in diesem Thread werden ignoriert, er dient nur der Sammlung von übersehenen Themen!


@Sven-Uwe

Nicht in andere Threads in den Sicherheitsforen einmischen!

Gründe -> http://www.trojaner-board.de/95121-hilft-mir.html

Chris4You 07.01.2012 16:30

Hi,

Dateien Online überprüfen lassen
  • Suche die Seite Virustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:

C:\Windows\System32\drivers\hamachi.sys
C:\Windows\system32\DRIVERS\FPWinIo.sys
C:\Windows\System32\drivers\kdhow.sys

  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
SRV - File not found [Auto | Stopped] --  -- (IAANTMON) Intel(R)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
[2012.01.07 13:15:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
:Commands
[emptytemp]
[Reboot]

  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

Change 07.01.2012 23:25

Hallo,
vielen, vielen Dank.

1. Virus-Total-Scans
  • hamachi.sys hochgeladen (kam kurz die meldung diese Datei sei schonmal hochgeladen worden: reanalyze) Log siehe unten
  • FPWinIo.sys hochgeladen, Log siehe unten
  • kdhow.sys existiert bei mir nicht mehr im Ordner DRIVERS. (Kann das sein, das es am löschen der Datei wpbt0.dll aus dem Temp Ordner liegt)
2. OTL Fix
Fix durchgeführt. Er hat wohl einen Eintrag in der Registry nicht gefunden.
Der Log öffnet sich nach dem Neustart übrigens von selbst.

3. TDSS-Killer
Scan durchgeführt, 0 results. Log siehe unten.

4. Malewarebytes
Das Programm Antimalewarebytes habe ich schon (Quick Scan-Logs stehen ja auch schon oben)
Der Reiter heißt übrigens "Aktualisierungen" nicht "Updates", nicht falsch verstehen, nur für die nächsten Male, damit andere User nicht verwirrt sind.

Komplettscan 0 Ergebnisse, deshalb gab es auch keinen Log.


LOGS

hamachi.sys-Log
Code:

File name:
hamachi.sys
Submission date:
2012-01-07 20:04:33 (UTC)
Current status:
finished
Result:
0/ 43 (0.0%)
       


not reviewed
 Safety score: -
Compact
Print results
Antivirus        Version        Last Update        Result
AhnLab-V3        2012.01.07.00        2012.01.07        -
AntiVir        7.11.20.194        2012.01.06        -
Antiy-AVL        2.0.3.7        2012.01.07        -
Avast        6.0.1289.0        2012.01.07        -
AVG        10.0.0.1190        2012.01.07        -
BitDefender        7.2        2012.01.07        -
ByteHero        1.0.0.1        2011.12.31        -
CAT-QuickHeal        12.00        2012.01.07        -
ClamAV        0.97.3.0        2012.01.07        -
Commtouch        5.3.2.6        2012.01.07        -
Comodo        11205        2012.01.07        -
DrWeb        5.0.2.03300        2012.01.07        -
Emsisoft        5.1.0.11        2012.01.07        -
eSafe        7.0.17.0        2012.01.03        -
eTrust-Vet        37.0.9668        2012.01.06        -
F-Prot        4.6.5.141        2012.01.07        -
F-Secure        9.0.16440.0        2012.01.07        -
Fortinet        4.3.388.0        2012.01.07        -
GData        22.337/22.631        2012.01.07        -
Ikarus        T3.1.1.109.0        2012.01.07        -
Jiangmin        13.0.900        2012.01.07        -
K7AntiVirus        9.123.5881        2012.01.06        -
Kaspersky        9.0.0.837        2012.01.07        -
McAfee        5.400.0.1158        2012.01.07        -
McAfee-GW-Edition        2010.1E        2012.01.07        -
Microsoft        1.7903        2012.01.07        -
NOD32        6775        2012.01.07        -
Norman        6.07.13        2012.01.07        -
nProtect        2012-01-07.01        2012.01.07        -
Panda        10.0.3.5        2012.01.07        -
PCTools        8.0.0.5        2012.01.07        -
Prevx        3.0        2012.01.07        -
Rising        23.91.04.02        2012.01.06        -
Sophos        4.73.0        2012.01.07        -
SUPERAntiSpyware        4.40.0.1006        2012.01.07        -
Symantec        20111.2.0.82        2012.01.07        -
TheHacker        6.7.0.1.373        2012.01.06        -
TrendMicro        9.500.0.1008        2012.01.07        -
TrendMicro-HouseCall        9.500.0.1008        2012.01.07        -
VBA32        3.12.16.4        2012.01.06        -
VIPRE        11365        2012.01.07        -
ViRobot        2012.1.7.4869        2012.01.07        -
VirusBuster        14.1.155.0        2012.01.07        -

Additional information
MD5  : 833051c6c6c42117191935f734cfbd97
SHA1  : f7d5e5a82e9083dfcc3d49658668b1d1d4342d46
SHA256: 5eb5672abc7994a4aff855a572158b8be4fc6e541cfd4b9be4ff2739a9a6afb8


FPWinIo.sys-Log
Code:

File name:
FPWinIo.sys
Submission date:
2012-01-07 20:07:28 (UTC)
Current status:
finished
Result:
0/ 43 (0.0%)
       
VT Community

not reviewed
 Safety score: -
Compact
Print results
Antivirus        Version        Last Update        Result
AhnLab-V3        2012.01.07.00        2012.01.07        -
AntiVir        7.11.20.194        2012.01.06        -
Antiy-AVL        2.0.3.7        2012.01.07        -
Avast        6.0.1289.0        2012.01.07        -
AVG        10.0.0.1190        2012.01.07        -
BitDefender        7.2        2012.01.07        -
ByteHero        1.0.0.1        2011.12.31        -
CAT-QuickHeal        12.00        2012.01.07        -
ClamAV        0.97.3.0        2012.01.07        -
Commtouch        5.3.2.6        2012.01.07        -
Comodo        11205        2012.01.07        -
DrWeb        5.0.2.03300        2012.01.07        -
Emsisoft        5.1.0.11        2012.01.07        -
eSafe        7.0.17.0        2012.01.03        -
eTrust-Vet        37.0.9668        2012.01.06        -
F-Prot        4.6.5.141        2012.01.07        -
F-Secure        9.0.16440.0        2012.01.07        -
Fortinet        4.3.388.0        2012.01.07        -
GData        22        2012.01.07        -
Ikarus        T3.1.1.109.0        2012.01.07        -
Jiangmin        13.0.900        2012.01.07        -
K7AntiVirus        9.123.5881        2012.01.06        -
Kaspersky        9.0.0.837        2012.01.07        -
McAfee        5.400.0.1158        2012.01.07        -
McAfee-GW-Edition        2010.1E        2012.01.07        -
Microsoft        1.7903        2012.01.07        -
NOD32        6775        2012.01.07        -
Norman        6.07.13        2012.01.07        -
nProtect        2012-01-07.01        2012.01.07        -
Panda        10.0.3.5        2012.01.07        -
PCTools        8.0.0.5        2012.01.07        -
Prevx        3.0        2012.01.07        -
Rising        23.91.04.02        2012.01.06        -
Sophos        4.73.0        2012.01.07        -
SUPERAntiSpyware        4.40.0.1006        2012.01.07        -
Symantec        20111.2.0.82        2012.01.07        -
TheHacker        6.7.0.1.373        2012.01.06        -
TrendMicro        9.500.0.1008        2012.01.07        -
TrendMicro-HouseCall        9.500.0.1008        2012.01.07        -
VBA32        3.12.16.4        2012.01.06        -
VIPRE        11365        2012.01.07        -
ViRobot        2012.1.7.4869        2012.01.07        -
VirusBuster        14.1.155.0        2012.01.07        -
Additional information
MD5  : 4eff8408dd280f2468c39d0f4a2cec0d
SHA1  : 95b9c184ab9477e2ef639581c1610ed056394e6d
SHA256: 91e60862d1ec9640dc9a01b41ac737524cd2d54cfc34aef193c335e085308482

OTL-Fix-Log
Code:

All processes killed
========== OTL ==========
Error: No service named IAANTMON) Intel(R was found to stop!
Service\Driver key IAANTMON) Intel(R not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
D:\AUTOEXEC.BAT moved successfully.
C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Medion
->Temp folder emptied: 601407900 bytes
->Temporary Internet Files folder emptied: 44277050 bytes
->Java cache emptied: 4273226 bytes
->FireFox cache emptied: 201443696 bytes
->Flash cache emptied: 55673 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6266852026 bytes
RecycleBin emptied: 2711570081 bytes
 
Total Files Cleaned = 9.375,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 01072012_212026

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JETACD1.tmp not found!

Registry entries deleted on Reboot...

TDSS-Log
Code:

21:31:32.0312 5608        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
21:31:32.0468 5608        ============================================================
21:31:32.0468 5608        Current date / time: 2012/01/07 21:31:32.0468
21:31:32.0468 5608        SystemInfo:
21:31:32.0468 5608       
21:31:32.0468 5608        OS Version: 6.0.6001 ServicePack: 1.0
21:31:32.0468 5608        Product type: Workstation
21:31:32.0468 5608        ComputerName: MEDION-PC
21:31:32.0468 5608        UserName: Medion
21:31:32.0468 5608        Windows directory: C:\Windows
21:31:32.0468 5608        System windows directory: C:\Windows
21:31:32.0468 5608        Processor architecture: Intel x86
21:31:32.0468 5608        Number of processors: 2
21:31:32.0468 5608        Page size: 0x1000
21:31:32.0468 5608        Boot type: Normal boot
21:31:32.0468 5608        ============================================================
21:31:32.0999 5608        Initialize success
21:31:34.0824 4308        ============================================================
21:31:34.0824 4308        Scan started
21:31:34.0824 4308        Mode: Manual;
21:31:34.0824 4308        ============================================================
21:31:35.0167 4308        ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
21:31:35.0167 4308        ACPI - ok
21:31:35.0214 4308        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:31:35.0214 4308        adp94xx - ok
21:31:35.0245 4308        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:31:35.0245 4308        adpahci - ok
21:31:35.0276 4308        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:31:35.0292 4308        adpu160m - ok
21:31:35.0339 4308        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:31:35.0339 4308        adpu320 - ok
21:31:35.0386 4308        AFD            (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
21:31:35.0386 4308        AFD - ok
21:31:35.0432 4308        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:31:35.0432 4308        agp440 - ok
21:31:35.0464 4308        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:31:35.0464 4308        aic78xx - ok
21:31:35.0495 4308        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:31:35.0495 4308        aliide - ok
21:31:35.0526 4308        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:31:35.0526 4308        amdagp - ok
21:31:35.0542 4308        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:31:35.0557 4308        amdide - ok
21:31:35.0588 4308        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:31:35.0588 4308        AmdK7 - ok
21:31:35.0620 4308        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:31:35.0620 4308        AmdK8 - ok
21:31:35.0666 4308        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:31:35.0666 4308        arc - ok
21:31:35.0698 4308        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:31:35.0698 4308        arcsas - ok
21:31:35.0713 4308        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:31:35.0713 4308        AsyncMac - ok
21:31:35.0744 4308        atapi          (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
21:31:35.0744 4308        atapi - ok
21:31:35.0791 4308        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
21:31:35.0791 4308        avgntflt - ok
21:31:35.0869 4308        avipbb          (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
21:31:35.0885 4308        avipbb - ok
21:31:35.0947 4308        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:31:35.0947 4308        Beep - ok
21:31:35.0978 4308        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:31:35.0978 4308        blbdrive - ok
21:31:36.0010 4308        bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
21:31:36.0010 4308        bowser - ok
21:31:36.0056 4308        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:31:36.0056 4308        BrFiltLo - ok
21:31:36.0072 4308        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:31:36.0072 4308        BrFiltUp - ok
21:31:36.0103 4308        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:31:36.0103 4308        Brserid - ok
21:31:36.0119 4308        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:31:36.0119 4308        BrSerWdm - ok
21:31:36.0134 4308        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:31:36.0150 4308        BrUsbMdm - ok
21:31:36.0150 4308        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:31:36.0150 4308        BrUsbSer - ok
21:31:36.0212 4308        BthEnum        (cce53afc28347cc18ea139972e5b5e5a) C:\Windows\system32\DRIVERS\BthEnum.sys
21:31:36.0212 4308        BthEnum - ok
21:31:36.0259 4308        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:31:36.0259 4308        BTHMODEM - ok
21:31:36.0290 4308        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
21:31:36.0290 4308        BthPan - ok
21:31:36.0353 4308        BTHPORT        (ac8a1689d5efc4d214201155a78d8f4b) C:\Windows\system32\Drivers\BTHport.sys
21:31:36.0353 4308        BTHPORT - ok
21:31:36.0400 4308        BTHUSB          (288c1f74e3e2eed6c7b54eb3aac70856) C:\Windows\system32\Drivers\BTHUSB.sys
21:31:36.0400 4308        BTHUSB - ok
21:31:36.0446 4308        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:31:36.0446 4308        cdfs - ok
21:31:36.0493 4308        cdrom          (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
21:31:36.0493 4308        cdrom - ok
21:31:36.0509 4308        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:31:36.0509 4308        circlass - ok
21:31:36.0540 4308        CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
21:31:36.0540 4308        CLFS - ok
21:31:36.0634 4308        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:31:36.0634 4308        CmBatt - ok
21:31:36.0649 4308        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:31:36.0665 4308        cmdide - ok
21:31:36.0680 4308        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:31:36.0680 4308        Compbatt - ok
21:31:36.0696 4308        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:31:36.0696 4308        crcdisk - ok
21:31:36.0712 4308        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:31:36.0727 4308        Crusoe - ok
21:31:36.0790 4308        DfsC            (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
21:31:36.0805 4308        DfsC - ok
21:31:36.0868 4308        disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
21:31:36.0868 4308        disk - ok
21:31:36.0961 4308        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:31:36.0961 4308        drmkaud - ok
21:31:37.0008 4308        dtsoftbus01    (fb38473835476a6fb272215a1d972af9) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:31:37.0008 4308        dtsoftbus01 - ok
21:31:37.0055 4308        DXGKrnl        (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
21:31:37.0055 4308        DXGKrnl - ok
21:31:37.0117 4308        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:31:37.0117 4308        E1G60 - ok
21:31:37.0164 4308        Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
21:31:37.0164 4308        Ecache - ok
21:31:37.0195 4308        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:31:37.0195 4308        elxstor - ok
21:31:37.0226 4308        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:31:37.0226 4308        ErrDev - ok
21:31:37.0289 4308        exfat          (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
21:31:37.0289 4308        exfat - ok
21:31:37.0336 4308        fastfat        (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
21:31:37.0351 4308        fastfat - ok
21:31:37.0398 4308        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:31:37.0398 4308        fdc - ok
21:31:37.0429 4308        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:31:37.0429 4308        FileInfo - ok
21:31:37.0476 4308        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:31:37.0476 4308        Filetrace - ok
21:31:37.0492 4308        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:31:37.0507 4308        flpydisk - ok
21:31:37.0523 4308        FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
21:31:37.0538 4308        FltMgr - ok
21:31:37.0601 4308        FPSensor        (78c108c807afdc45d7867b96d01aa8f2) C:\Windows\system32\Drivers\FPSensor.sys
21:31:37.0601 4308        FPSensor - ok
21:31:37.0632 4308        FPWinIo        (4eff8408dd280f2468c39d0f4a2cec0d) C:\Windows\system32\DRIVERS\FPWinIo.sys
21:31:37.0632 4308        FPWinIo - ok
21:31:37.0632 4308        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:31:37.0648 4308        Fs_Rec - ok
21:31:37.0663 4308        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:31:37.0663 4308        gagp30kx - ok
21:31:37.0710 4308        hamachi        (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
21:31:37.0710 4308        hamachi - ok
21:31:37.0741 4308        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:31:37.0741 4308        HdAudAddService - ok
21:31:37.0757 4308        HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:31:37.0757 4308        HDAudBus - ok
21:31:37.0788 4308        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:31:37.0788 4308        HidBth - ok
21:31:37.0804 4308        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:31:37.0804 4308        HidIr - ok
21:31:37.0819 4308        HidUsb          (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
21:31:37.0819 4308        HidUsb - ok
21:31:37.0882 4308        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:31:37.0882 4308        HpCISSs - ok
21:31:37.0944 4308        HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
21:31:37.0960 4308        HTTP - ok
21:31:37.0960 4308        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:31:37.0960 4308        i2omp - ok
21:31:37.0991 4308        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:31:37.0991 4308        i8042prt - ok
21:31:38.0053 4308        iaStor          (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
21:31:38.0053 4308        iaStor - ok
21:31:38.0084 4308        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:31:38.0084 4308        iaStorV - ok
21:31:38.0131 4308        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:31:38.0131 4308        iirsp - ok
21:31:38.0178 4308        IntcAzAudAddService - ok
21:31:38.0194 4308        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:31:38.0194 4308        intelide - ok
21:31:38.0209 4308        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:31:38.0209 4308        intelppm - ok
21:31:38.0256 4308        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:31:38.0256 4308        IpFilterDriver - ok
21:31:38.0256 4308        IpInIp - ok
21:31:38.0287 4308        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:31:38.0287 4308        IPMIDRV - ok
21:31:38.0318 4308        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:31:38.0318 4308        IPNAT - ok
21:31:38.0334 4308        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:31:38.0350 4308        IRENUM - ok
21:31:38.0350 4308        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:31:38.0350 4308        isapnp - ok
21:31:38.0365 4308        iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
21:31:38.0381 4308        iScsiPrt - ok
21:31:38.0396 4308        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:31:38.0396 4308        iteatapi - ok
21:31:38.0412 4308        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:31:38.0428 4308        iteraid - ok
21:31:38.0443 4308        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:31:38.0443 4308        kbdclass - ok
21:31:38.0459 4308        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
21:31:38.0459 4308        kbdhid - ok
21:31:38.0506 4308        KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
21:31:38.0506 4308        KSecDD - ok
21:31:38.0537 4308        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:31:38.0537 4308        lltdio - ok
21:31:38.0599 4308        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:31:38.0599 4308        LSI_FC - ok
21:31:38.0615 4308        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:31:38.0630 4308        LSI_SAS - ok
21:31:38.0662 4308        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:31:38.0677 4308        LSI_SCSI - ok
21:31:38.0724 4308        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:31:38.0724 4308        luafv - ok
21:31:38.0755 4308        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
21:31:38.0771 4308        MBAMProtector - ok
21:31:38.0833 4308        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:31:38.0833 4308        megasas - ok
21:31:38.0911 4308        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:31:38.0911 4308        MegaSR - ok
21:31:38.0927 4308        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:31:38.0927 4308        Modem - ok
21:31:38.0974 4308        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:31:38.0974 4308        monitor - ok
21:31:38.0989 4308        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:31:38.0989 4308        mouclass - ok
21:31:39.0005 4308        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:31:39.0005 4308        mouhid - ok
21:31:39.0020 4308        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:31:39.0020 4308        MountMgr - ok
21:31:39.0052 4308        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:31:39.0052 4308        mpio - ok
21:31:39.0114 4308        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:31:39.0114 4308        mpsdrv - ok
21:31:39.0145 4308        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:31:39.0145 4308        Mraid35x - ok
21:31:39.0145 4308        MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
21:31:39.0145 4308        MRxDAV - ok
21:31:39.0192 4308        mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:31:39.0192 4308        mrxsmb - ok
21:31:39.0223 4308        mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:31:39.0223 4308        mrxsmb10 - ok
21:31:39.0223 4308        mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:31:39.0223 4308        mrxsmb20 - ok
21:31:39.0301 4308        msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
21:31:39.0301 4308        msahci - ok
21:31:39.0332 4308        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:31:39.0332 4308        msdsm - ok
21:31:39.0348 4308        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:31:39.0348 4308        Msfs - ok
21:31:39.0395 4308        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:31:39.0395 4308        msisadrv - ok
21:31:39.0426 4308        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:31:39.0426 4308        MSKSSRV - ok
21:31:39.0442 4308        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:31:39.0442 4308        MSPCLOCK - ok
21:31:39.0457 4308        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:31:39.0473 4308        MSPQM - ok
21:31:39.0488 4308        MsRPC          (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
21:31:39.0488 4308        MsRPC - ok
21:31:39.0504 4308        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:31:39.0504 4308        mssmbios - ok
21:31:39.0520 4308        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:31:39.0520 4308        MSTEE - ok
21:31:39.0535 4308        Mup            (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
21:31:39.0551 4308        Mup - ok
21:31:39.0582 4308        mwlPSDFilter    (62d3c8e2e75abd9fc3dee1b0e5b437e0) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:31:39.0582 4308        mwlPSDFilter - ok
21:31:39.0644 4308        mwlPSDNServ    (3963db3d50d60d17ce7a5eb7d4da2e7d) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:31:39.0644 4308        mwlPSDNServ - ok
21:31:39.0691 4308        mwlPSDVDisk    (c6de675ce2f2b6e4f78bf7e8187fc1ec) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:31:39.0691 4308        mwlPSDVDisk - ok
21:31:39.0738 4308        NativeWifiP    (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
21:31:39.0738 4308        NativeWifiP - ok
21:31:39.0785 4308        NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
21:31:39.0800 4308        NDIS - ok
21:31:39.0832 4308        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:31:39.0832 4308        NdisTapi - ok
21:31:39.0863 4308        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:31:39.0863 4308        Ndisuio - ok
21:31:39.0894 4308        NdisWan        (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
21:31:39.0894 4308        NdisWan - ok
21:31:39.0956 4308        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:31:39.0956 4308        NDProxy - ok
21:31:40.0019 4308        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:31:40.0019 4308        NetBIOS - ok
21:31:40.0034 4308        netbt          (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
21:31:40.0034 4308        netbt - ok
21:31:40.0206 4308        NETw5v32        (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
21:31:40.0253 4308        NETw5v32 - ok
21:31:40.0331 4308        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:31:40.0331 4308        nfrd960 - ok
21:31:40.0409 4308        Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
21:31:40.0409 4308        Npfs - ok
21:31:40.0440 4308        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:31:40.0456 4308        nsiproxy - ok
21:31:40.0487 4308        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
21:31:40.0502 4308        Ntfs - ok
21:31:40.0534 4308        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:31:40.0549 4308        ntrigdigi - ok
21:31:40.0549 4308        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:31:40.0565 4308        Null - ok
21:31:40.0612 4308        NVHDA          (92cfe8964b3a6da0692331fa66630db3) C:\Windows\system32\drivers\nvhda32v.sys
21:31:40.0612 4308        NVHDA - ok
21:31:40.0939 4308        nvlddmkm        (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:31:41.0267 4308        nvlddmkm - ok
21:31:41.0360 4308        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:31:41.0360 4308        nvraid - ok
21:31:41.0392 4308        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:31:41.0392 4308        nvstor - ok
21:31:41.0407 4308        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:31:41.0407 4308        nv_agp - ok
21:31:41.0423 4308        NwlnkFlt - ok
21:31:41.0438 4308        NwlnkFwd - ok
21:31:41.0470 4308        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:31:41.0470 4308        ohci1394 - ok
21:31:41.0548 4308        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:31:41.0548 4308        Parport - ok
21:31:41.0563 4308        partmgr        (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
21:31:41.0579 4308        partmgr - ok
21:31:41.0594 4308        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:31:41.0594 4308        Parvdm - ok
21:31:41.0610 4308        pci            (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
21:31:41.0610 4308        pci - ok
21:31:41.0626 4308        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:31:41.0626 4308        pciide - ok
21:31:41.0641 4308        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:31:41.0657 4308        pcmcia - ok
21:31:41.0704 4308        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:31:41.0719 4308        PEAUTH - ok
21:31:41.0782 4308        PhilCap        (f433b5aa6dbac3c8626eefaf134e4763) C:\Windows\system32\DRIVERS\PhilCap.sys
21:31:41.0797 4308        PhilCap - ok
21:31:41.0875 4308        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:31:41.0875 4308        PptpMiniport - ok
21:31:41.0906 4308        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:31:41.0906 4308        Processor - ok
21:31:41.0969 4308        PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
21:31:41.0969 4308        PSched - ok
21:31:42.0031 4308        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:31:42.0047 4308        ql2300 - ok
21:31:42.0062 4308        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:31:42.0078 4308        ql40xx - ok
21:31:42.0109 4308        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:31:42.0109 4308        QWAVEdrv - ok
21:31:42.0140 4308        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:31:42.0140 4308        RasAcd - ok
21:31:42.0187 4308        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:31:42.0187 4308        Rasl2tp - ok
21:31:42.0203 4308        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
21:31:42.0203 4308        RasPppoe - ok
21:31:42.0218 4308        RasSstp        (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
21:31:42.0218 4308        RasSstp - ok
21:31:42.0250 4308        rdbss          (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
21:31:42.0250 4308        rdbss - ok
21:31:42.0250 4308        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:31:42.0250 4308        RDPCDD - ok
21:31:42.0281 4308        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:31:42.0296 4308        rdpdr - ok
21:31:42.0312 4308        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:31:42.0312 4308        RDPENCDD - ok
21:31:42.0328 4308        RDPWD          (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
21:31:42.0343 4308        RDPWD - ok
21:31:42.0406 4308        RFCOMM          (23f486726da7a9b2f3ec7326421a9c36) C:\Windows\system32\DRIVERS\rfcomm.sys
21:31:42.0406 4308        RFCOMM - ok
21:31:42.0437 4308        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:31:42.0437 4308        rspndr - ok
21:31:42.0484 4308        RTL8169        (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:31:42.0484 4308        RTL8169 - ok
21:31:42.0546 4308        RTSTOR          (9ea88492b1dab90dce43a6f2c0e133bd) C:\Windows\system32\drivers\RTSTOR.SYS
21:31:42.0546 4308        RTSTOR - ok
21:31:42.0577 4308        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:31:42.0577 4308        sbp2port - ok
21:31:42.0624 4308        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:31:42.0640 4308        secdrv - ok
21:31:42.0686 4308        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:31:42.0686 4308        Serenum - ok
21:31:42.0718 4308        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:31:42.0718 4308        Serial - ok
21:31:42.0733 4308        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:31:42.0749 4308        sermouse - ok
21:31:42.0764 4308        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:31:42.0764 4308        sffdisk - ok
21:31:42.0780 4308        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:31:42.0780 4308        sffp_mmc - ok
21:31:42.0811 4308        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:31:42.0811 4308        sffp_sd - ok
21:31:42.0827 4308        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:31:42.0827 4308        sfloppy - ok
21:31:42.0842 4308        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:31:42.0858 4308        sisagp - ok
21:31:42.0952 4308        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:31:42.0952 4308        SiSRaid2 - ok
21:31:42.0967 4308        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:31:42.0967 4308        SiSRaid4 - ok
21:31:43.0014 4308        Smb            (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
21:31:43.0014 4308        Smb - ok
21:31:43.0154 4308        SNP2UVC        (913d2ce973ed904fe54de9db38fceff2) C:\Windows\system32\DRIVERS\snp2uvc.sys
21:31:43.0170 4308        SNP2UVC - ok
21:31:43.0529 4308        SNPSTD3        (11bb0e11d42cc3a43d741d9b30839be1) C:\Windows\system32\DRIVERS\snpstd3.sys
21:31:43.0825 4308        SNPSTD3 - ok
21:31:43.0934 4308        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:31:43.0934 4308        spldr - ok
21:31:43.0997 4308        srv            (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
21:31:43.0997 4308        srv - ok
21:31:44.0044 4308        srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
21:31:44.0044 4308        srv2 - ok
21:31:44.0090 4308        srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
21:31:44.0090 4308        srvnet - ok
21:31:44.0168 4308        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:31:44.0168 4308        swenum - ok
21:31:44.0184 4308        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:31:44.0184 4308        Symc8xx - ok
21:31:44.0215 4308        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:31:44.0215 4308        Sym_hi - ok
21:31:44.0231 4308        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:31:44.0231 4308        Sym_u3 - ok
21:31:44.0278 4308        Tcpip          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
21:31:44.0309 4308        Tcpip - ok
21:31:44.0324 4308        Tcpip6          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
21:31:44.0340 4308        Tcpip6 - ok
21:31:44.0356 4308        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
21:31:44.0356 4308        tcpipreg - ok
21:31:44.0387 4308        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:31:44.0387 4308        TDPIPE - ok
21:31:44.0418 4308        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:31:44.0434 4308        TDTCP - ok
21:31:44.0449 4308        tdx            (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
21:31:44.0449 4308        tdx - ok
21:31:44.0512 4308        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
21:31:44.0512 4308        TermDD - ok
21:31:44.0590 4308        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:31:44.0590 4308        tssecsrv - ok
21:31:44.0621 4308        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:31:44.0621 4308        tunmp - ok
21:31:44.0636 4308        tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
21:31:44.0636 4308        tunnel - ok
21:31:44.0668 4308        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:31:44.0668 4308        uagp35 - ok
21:31:44.0699 4308        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
21:31:44.0699 4308        udfs - ok
21:31:44.0761 4308        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:31:44.0777 4308        uliagpkx - ok
21:31:44.0808 4308        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:31:44.0808 4308        uliahci - ok
21:31:44.0824 4308        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:31:44.0839 4308        UlSata - ok
21:31:44.0902 4308        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:31:44.0917 4308        ulsata2 - ok
21:31:44.0933 4308        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:31:44.0933 4308        umbus - ok
21:31:44.0995 4308        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:31:44.0995 4308        usbccgp - ok
21:31:45.0042 4308        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:31:45.0042 4308        usbcir - ok
21:31:45.0073 4308        usbehci        (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
21:31:45.0073 4308        usbehci - ok
21:31:45.0104 4308        usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
21:31:45.0104 4308        usbhub - ok
21:31:45.0136 4308        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:31:45.0151 4308        usbohci - ok
21:31:45.0214 4308        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:31:45.0214 4308        usbprint - ok
21:31:45.0276 4308        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:31:45.0276 4308        usbscan - ok
21:31:45.0323 4308        USBSTOR        (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:31:45.0338 4308        USBSTOR - ok
21:31:45.0354 4308        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:31:45.0354 4308        usbuhci - ok
21:31:45.0401 4308        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:31:45.0401 4308        usbvideo - ok
21:31:45.0448 4308        uxddrv - ok
21:31:45.0510 4308        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:31:45.0510 4308        vga - ok
21:31:45.0526 4308        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:31:45.0526 4308        VgaSave - ok
21:31:45.0541 4308        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:31:45.0541 4308        viaagp - ok
21:31:45.0604 4308        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:31:45.0604 4308        ViaC7 - ok
21:31:45.0635 4308        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:31:45.0635 4308        viaide - ok
21:31:45.0666 4308        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:31:45.0666 4308        volmgr - ok
21:31:45.0697 4308        volmgrx        (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
21:31:45.0697 4308        volmgrx - ok
21:31:45.0713 4308        volsnap        (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
21:31:45.0713 4308        volsnap - ok
21:31:45.0744 4308        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:31:45.0760 4308        vsmraid - ok
21:31:45.0822 4308        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:31:45.0838 4308        WacomPen - ok
21:31:45.0869 4308        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:31:45.0869 4308        Wanarp - ok
21:31:45.0884 4308        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:31:45.0884 4308        Wanarpv6 - ok
21:31:45.0916 4308        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:31:45.0916 4308        Wd - ok
21:31:45.0947 4308        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:31:45.0947 4308        Wdf01000 - ok
21:31:46.0040 4308        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:31:46.0040 4308        WmiAcpi - ok
21:31:46.0103 4308        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:31:46.0103 4308        ws2ifsl - ok
21:31:46.0165 4308        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:31:46.0165 4308        WUDFRd - ok
21:31:46.0212 4308        X10Hid          (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
21:31:46.0212 4308        X10Hid - ok
21:31:46.0274 4308        XUIF            (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
21:31:46.0274 4308        XUIF - ok
21:31:46.0306 4308        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:31:46.0368 4308        \Device\Harddisk0\DR0 - ok
21:31:46.0368 4308        Boot (0x1200)  (8904967d3c55762ed00a378317c8f356) \Device\Harddisk0\DR0\Partition0
21:31:46.0368 4308        \Device\Harddisk0\DR0\Partition0 - ok
21:31:46.0399 4308        Boot (0x1200)  (8957560f233718f623a9d17568901752) \Device\Harddisk0\DR0\Partition1
21:31:46.0399 4308        \Device\Harddisk0\DR0\Partition1 - ok
21:31:46.0399 4308        ============================================================
21:31:46.0399 4308        Scan finished
21:31:46.0399 4308        ============================================================
21:31:46.0415 4224        Detected object count: 0
21:31:46.0415 4224        Actual detected object count: 0


Change 08.01.2012 00:47

Laut dem komplettscan ist nichts mehr drauf, das kann aber nicht sein.
Bei mir spinnt der BRowser immernoch (sowohl Firefox als auch InternetExplorer)

Manche seiten wie z.B. Chip.de werden garnicht mehr geladen, als seien sie off und zB amazon.de läd keine grafiken (normaler Text-Seiten-Aufbau HTML)

Betrifft auch andere Seiten die lt. Freunden online sind.

Firefox neuinstallation hat nichts geholfen.
gebe ich auch hxxp://amazon.de ein so wird dies direkt in www.amazon.de geändert. Das ändert er bei jeder URL. das sollte so auch nicht sein, vermute eine änderung in der Registry, aber wo?

Chris4You 08.01.2012 09:40

Hi,

Du hast mehrer DHCP-Server konfiguriert:
192.168.178.1
192.168.2.1

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:


:Files
ipconfig /flushdns /c

  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Deployment-Cache löschen:
Folge den Anweisungen auf dieser Seite
Virus im Java-Cacheverzeichnis gefunden
und dann dem Abschnitt "Lösung"...

Lade Dir Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe runter, starte ihn und wähle folgende Optionen aus:
  • Internet Services
  • Windows Firewall
  • System Restore


Starte durch "Scan".
Das Logfile (FSS.txt) wird in dem Arbeitsverzeichnis erstellt.
Log hier posten

chris

Change 08.01.2012 13:39

Hallo, vielen Dank.

1. OTL-Fix
Ich habe ganz sicher keine DHCP-Server eingerichtet ;)
Log siehe unten


2. Java
lt. Anleitung soll ich auf Einstellungen > Systemsteuerung > Java-Plugin > Cache
Ich finde dies aber irgendwie nicht, wenn ich auf Start > Systemsteuerung > Java klicke gibt es dort keinen Reiter der Cache heißt. Es gibt jedoch Temporäre Internetdateien, beim Klick auf Anzeigen öffnet sich der Java Cache Viewer, da steht aber 0.0 KB

Im Browsermenü konnte ich auch nichts vergleichliches finden.

3. Farbar-Scan
Nach Anleitung durchgeführt. Log siehe unten.

Der http-Fehler besteht weiterhin.
Zudem ist mir aufgefallen, das zB Skype nicht mehr rechts unten im Tray angezeigt wird.
Nach Prozessabbruch durch den task-Manager und neustart wird es auch wieder im Tray angezeigt...aber nicht beim Startup von Windows.
So langsam denke ich echt nach das System nochmal neu aufzusetzten . . .

OTL-Fix-Log
Code:

========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Medion\Desktop\cmd.bat deleted successfully.
C:\Users\Medion\Desktop\cmd.txt deleted successfully.
 
OTL by OldTimer - Version 3.2.31.0 log created on 01082012_132727

Farbar-Log
Code:

Farbar Service Scanner
Ran by Medion (administrator) on 08-01-2012 at 13:35:53
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2008-01-21 03:24] - [2008-01-21 03:24] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\system32\Drivers\afd.sys
[2011-10-21 20:11] - [2011-04-21 14:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-10-21 20:09] - [2010-06-16 16:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2011-10-21 20:11] - [2011-03-02 15:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-01-21 03:24] - [2008-01-21 03:24] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2008-01-21 03:23] - [2008-01-21 03:23] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-21 03:23] - [2008-01-21 03:23] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2011-10-21 20:10] - [2009-03-03 05:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830


**** End of log ****


Change 08.01.2012 23:15

Update:

Aufgrund der ganzen Fehler habe ich nun mein Betriebssystem neu aufgezogen.

Vielen Dank für deine Mühen! Ich habe nun noch eine Frage.

Habe die Dateien die ich nicht brauche (ca. 350 MB) in ein Archiv gepackt und dieses auf eine Onlinefestplatte hochgeladen.

Wenn ich die Dateien jetzt herunterlade möchte ich nicht gleich wieder infiziert sein, wie kann ich die Dateien sicher entpacken und auf infizierungen hin prüfen?

Stichwort Sandbox? Ist mir ein Begriff aber keine Erfahrung/Kenntnis im Umgang.

Vielen Dank

Change 09.01.2012 22:06

*Habe die Dateien die ich brauche ...

Chris4You 10.01.2012 07:25

Hi,

Sandboxie (http://filepony.de/download-sandboxie/).
Ich nehme an, dass Du nur Daten gesichert hast, eine Infizierung ist da eher unwahrscheinlich... Einfach auspacken und bevor Du eine Datei aufrufst, den Scanner drüber jagen...

Du solltest von der Sandbox aus den Firefox starten...

chris


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131