Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" (https://www.trojaner-board.de/111304-trojan-spy-win32-zbot-dnei-c-users-default-default-pc-appdata-roaming.html)

infecteduser 12.03.2012 12:19
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"
 
Hallo.
Ich habe mir vorhin möglicherweiße diesen Trojaner eingefangen

Hier der Ablauf der bisherigen Ereignisse:

1.) Besuch der (vermutlich) infizierten Website ( 11:15Uhr)

2.) Windows-Firewall meldet, dass die Datei "piuzyng.exe" mit dem Dateipfad C:\Users\Default.Default-PC\AppData\Roaming\oxqo\piuzyng.exe Zugriff auf das Internet möchte, das habe ich verweigert.

3.) Überprüfen der Datei mit Avira kommt zu keinem Ergebnis, lade sie bei virustotal.com hoch, Kaspersky zeigt "Trojan-Spy.Win32.Zbot.dnei"

3.) Untersuchen der besagten .exe-Datei, der Ordner in dem sie liegt hat als Erstellungsdatum 12.03.12 11:15, also genau als ich auf der Website war...

4.)Im Taskmanager läuft ein Prozess mit Namen "piuzyng.exe" den ich sofort beende und die .exe per Windows-Funktion lösche

5.)Zurücksetzen von Windows per Systemwiederherstellung auf den 10.03.12

6.)Nach dem Neustart des Systems läuft (für mich ersichtlich) kein verdächtiger Prozess mehr im Taskmanager

7.)Habe etwas recherchiert und mir den zbot-Killer von Kaspersky geladen und ausgeführt, der findet jedoch nichts


Ich benutze Windows 7 64bit und gesuft bin ich mit Opera.



Meine Frage: Bin ich nochmal mit einem "blauen Auge" davongekommen oder waren meine (vermutlich sehr stümperhaften) Versuche, mein System zu retten für die Katz und ich komme nicht mehr um ein Neuaufsetzen herum?


Wäre sehr froh, wenn mir das jemand sagen könnte und helfen könnte mein Windows wieder virenfrei zu bekommen :-)


hier noch der virustotal-link: https://www.virustotal.com/file/c43f95df511ab05bcc04bca1789857a2181d4b161dae129e12def4a849462e3e/analysis/1331547589/

Chris4You 12.03.2012 12:27
Hi,

könnte sein das es tatsächlich geklappt hat...

Zur Sicherheit:

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris
Ps.: Mail mir mal (PM- hier im Forum) die Adresse wo das Teil "rumliegt"...

markusg 12.03.2012 12:28
hi,
kannst du mir den link der seite zusenden?
als private nachicht?
edit:
chris war zwar schneller, link hätte ich aber trotzdem gern :-)

infecteduser 12.03.2012 13:26
Hier die Logs von OTL, Malewarebytes folgt gleich (Hinweis: bei OTL.Txt habe ich ein paar private Dateien/Ordner mit *** zensiert, das waren aber auch nur Bilder, excel tabellen u.ä.)

OTL.Txt:OTL Logfile:
Code:
OTL logfile created on: 12.03.2012 12:59:50 - Run 1
OTL by OldTimer - Version 3.2.36.3    Folder = C:\Users\Default.Default-PC\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,43% Memory free
7,99 Gb Paging File | 6,30 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 224,40 Gb Free Space | 48,19% Space Free | Partition Type: NTFS
 
Computer Name: DEFAULT-PC | User Name: Default | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Default.Default-PC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Windows\DAODx.exe ()
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Advanced Wheel Mouse\wh_exec.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL ()
MOD - C:\Windows\DAODx.exe ()
MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
MOD - C:\Advanced Wheel Mouse\wh_exec.exe ()
MOD - C:\Advanced Wheel Mouse\wh_hook.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (whfltr2k) -- C:\Windows\SysNative\drivers\whfltr2k.sys ()
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF 0A B6 4D B6 FB CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "heise.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.3rc4
FF - prefs.js..extensions.enabledItems: googlesharing@extension.thoughtcrime.org:0.22
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: {455D905A-D37C-4643-A9E2-F6FEFAA0424A}:0.8.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11
FF - prefs.js..extensions.enabledItems: refspoof@mozdev.org:0.9.5
FF - prefs.js..extensions.enabledItems: longurlplease@darragh.curran:0.4.4
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.6.0.1
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.18 23:16:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.25 11:17:15 | 000,000,000 | ---D | M]
 
[2010.09.18 18:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Extensions
[2012.03.09 09:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions
[2012.03.01 21:16:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.01.24 19:56:43 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions\firefox@ghostery.com
[2012.02.06 23:55:13 | 000,000,000 | ---D | M] (GoogleSharing) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions\googlesharing@extension.thoughtcrime.org
[2012.02.06 23:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions\googlesharing@extension.thoughtcrime.org\chrome
[2012.02.06 23:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions\googlesharing@extension.thoughtcrime.org\components
[2012.02.06 23:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions\googlesharing@extension.thoughtcrime.org\defaults
[2011.07.03 19:38:05 | 000,002,057 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\i480jrob.default\searchplugins\youtube-videosuche.xml
[2011.11.09 00:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\DEFAULT.DEFAULT-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I480JROB.DEFAULT\EXTENSIONS\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.XPI
() (No name found) -- C:\USERS\DEFAULT.DEFAULT-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I480JROB.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\DEFAULT.DEFAULT-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I480JROB.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\DEFAULT.DEFAULT-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I480JROB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DEFAULT.DEFAULT-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I480JROB.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\DEFAULT.DEFAULT-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I480JROB.DEFAULT\EXTENSIONS\LONGURLPLEASE@DARRAGH.CURRAN.XPI
[2012.02.18 23:16:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.09.18 20:48:28 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.09.20 17:14:04 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.23 22:14:20 | 000,001,148 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WheelMouse] C:\Advanced Wheel Mouse\wh_exec.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCF6CA10-59B3-4B67-ADC3-7891F1F803D9}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{dd2fb463-c338-11df-b5e2-afea685bf08f}\Shell - "" = AutoRun
O33 - MountPoints2\{dd2fb463-c338-11df-b5e2-afea685bf08f}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.12 12:58:27 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
[2012.03.12 11:17:27 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Roaming\Hegu
[2012.03.07 20:26:08 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.05 16:42:55 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.04 12:31:54 | 001,019,904 | ---- | C] (www.byphry.de.vu) -- C:\Users\Default.Default-PC\Desktop\ThumbsDbExtractor.exe
[2012.03.04 12:24:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\***
[2012.03.04 12:23:55 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Desktop\***
[2012.02.24 17:48:31 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2012.02.24 17:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2012.02.23 22:06:25 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Documents\***
[2012.02.20 23:48:17 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Documents\***
[2012.02.20 12:23:20 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Desktop\***
[2012.02.19 00:38:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\***
[2012.02.19 00:34:28 | 000,000,000 | ---D | C] -- C:\Downloads
[2012.02.18 16:10:52 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Documents\***
[2012.02.15 22:25:32 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.02.15 22:25:32 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.15 22:25:31 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.02.15 22:25:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.02.15 22:25:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.15 22:25:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.15 22:25:29 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.02.15 22:25:29 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.02.15 22:25:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.02.15 22:25:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.02.15 22:25:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.02.15 14:22:05 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.02.12 11:43:43 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Documents\My Documents
[2012.02.11 20:07:44 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Documents\***
[2012.02.11 19:22:10 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Documents\***
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.12 12:58:29 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
[2012.03.12 12:09:48 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.12 12:09:48 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.12 12:09:48 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.12 12:09:48 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.12 12:09:48 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.12 12:05:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.12 12:05:29 | 3219,771,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.12 12:04:07 | 000,000,020 | ---- | M] () -- C:\Users\Default.Default-PC\***
[2012.03.12 12:03:32 | 000,050,477 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.12 11:42:18 | 000,101,329 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\zbotkiller.zip
[2012.03.09 22:25:56 | 138,989,256 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\FUSSM2PEWD2TPMF.rar
[2012.03.09 21:34:48 | 000,001,514 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 21:28:37 | 000,764,358 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\IMG_6868.jpg
[2012.03.09 21:28:33 | 001,323,217 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\IMG_6795.jpg
[2012.03.09 21:28:26 | 001,554,039 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\IMG_6614.jpg
[2012.03.09 16:47:51 | 000,002,190 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 09:32:42 | 000,057,963 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.06 23:41:53 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 23:41:52 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.04 12:31:58 | 001,019,904 | ---- | M] (www.byphry.de.vu) -- C:\Users\Default.Default-PC\Desktop\ThumbsDbExtractor.exe
[2012.03.04 12:25:19 | 000,001,422 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.02.28 21:21:30 | 000,311,514 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.02.23 18:03:17 | 000,001,800 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.02.18 15:35:33 | 004,845,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.15 20:22:31 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.12 12:04:06 | 000,000,020 | ---- | C] () -- C:\Users\Default.Default-PC\***
[2012.03.12 12:03:31 | 000,050,477 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.12 11:42:18 | 000,101,329 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\zbotkiller.zip
[2012.03.09 21:34:48 | 000,001,514 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 21:33:38 | 138,989,256 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 21:28:36 | 000,764,358 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 21:28:31 | 001,323,217 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 21:28:24 | 001,554,039 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 16:47:50 | 000,002,190 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 09:32:41 | 000,057,963 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.04 12:24:40 | 000,001,422 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.04 12:24:07 | 000,018,944 | ---- | C] () -- C:\Windows\eraser.exe
[2012.02.28 21:22:19 | 000,311,514 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.01.12 17:29:19 | 000,001,800 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.01.01 12:36:35 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.08.28 15:09:33 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\conquests.ini
[2011.06.07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.06.07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.06.07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.06.07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.04.10 15:01:41 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.04.03 20:12:21 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.26 16:01:19 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\prospeed_bmp2jpg.dll
[2010.12.20 20:07:47 | 000,000,004 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\steam_md4.dat
[2010.10.31 20:02:06 | 000,000,156 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\burnaware.ini
[2010.10.31 19:42:21 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Avi Divx Xvid to DVD Burner.INI
[2010.10.06 14:42:38 | 000,005,120 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.02 14:30:59 | 000,007,609 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\Resmon.ResmonCfg
[2010.09.24 14:17:06 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.09.18 19:50:49 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.09.18 19:50:49 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.09.18 19:50:46 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.09.18 19:50:46 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.09.18 19:49:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.09.18 19:49:27 | 000,031,115 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.09.18 18:29:24 | 000,000,760 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\setup_ldm.iss

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 12.03.2012 12:59:50 - Run 1
OTL by OldTimer - Version 3.2.36.3    Folder = C:\Users\Default.Default-PC\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,43% Memory free
7,99 Gb Paging File | 6,30 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 224,40 Gb Free Space | 48,19% Space Free | Partition Type: NTFS
 
Computer Name: DEFAULT-PC | User Name: Default | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.4.2499.0 x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8019A54F-530F-84C2-24DD-1C9F53257F7C}" = ATI Catalyst Install Manager
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"ffdshow64_is1" = ffdshow x64 v1.1.3572 [2010-09-13]
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Sandboxie" = Sandboxie 3.62 (64-bit)
"WinRAR archiver" = WinRAR 4.00 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.005.00
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.1.0.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"6103-4188-8184-5707" = RapidShare Manager 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Afterburner" = MSI Afterburner 1.6.0
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.50
"AirlineTycoon2_is1" = Airline Tycoon 2 v1.01
"Album Art Downloader XUI" = Album Art Downloader XUI 0.37
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Blur(TM)_is1" = Blur(TM)
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Easy Avi/Divx/Xvid to DVD Burner_is1" = Easy Avi/Divx/Xvid to DVD Burner 2.8.0
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"foobar2000" = foobar2000 v1.1.1
"FormatFactory" = FormatFactory 2.80
"Foxit Reader" = Foxit Reader
"Gaming Mouse" = Gaming Mouse
"Griffith_is1" = Griffith 0.12.1
"Homefront_is1" = Homefront
"Image Grabber II" = Image Grabber II
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"JDownloader" = JDownloader
"LeechFTP" = LeechFTP
"Mafia II_is1" = Mafia II
"ManyCam" = ManyCam 2.5.74 (remove only)
"mIRC" = mIRC
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mp3tag" = Mp3tag v2.47b
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"MyMDb_0" = MyMDb 3.6
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.61.1250" = Opera 11.61
"qutIM" = qutIM 0.2.0
"RouterControl" = RouterControl 2.0
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"SpeedFan" = SpeedFan (remove only)
"SystemRequirementsLab" = System Requirements Lab
"TIPP10_is1" = TIPP10 Version 2.0.3
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.11
"WheelMouse" = Advanced Wheel Mouse 6.0.0.002
"WinLiveSuite" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 3.0.5.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fbaaf7d101824206" = RoboGUI
"QIP 2010" = QIP 2010 10.10.11.4237
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

Chris4You 12.03.2012 14:44
Hi,

sieht soweit gut aus, MAM noch laufen lassen und log posten...
Eine Kleinigkeit:


Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris

infecteduser 12.03.2012 14:54
ok danke mach ich gleich, muss malewarebytes ein zweites mal laufen lassen, nach dem ersten mal hat es mein Windows neu gestartet und es gab keinen log mehr :/

Chris4You 12.03.2012 14:59
Hi,

starte MAM und schau mal auf dem Reiter "Logdateien" nach, poste das entsprechende LOG...

Wir prüfen nach her noch den MBR und auf TDSS..

chris

infecteduser 12.03.2012 15:05
soll ich den suchlauf den ich gestartet habe also wieder abbrechen?

Chris4You 12.03.2012 15:23
Hi,

nein, lass laufen und poste dann einfach bei logs...

Später dann:
TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:
http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg
Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

aswMBR
Von http://filepony.de/download-aswmbr/ die aswMBR.exe runterladen und auf dem Desktop speichern.
  • Doppelklick auf die aswMBR.exe.
  • Scan-Button anklicken
  • Bootsectoren (MBR) etc. werden nun untersucht.....
  • Log speichern und im Thread posten

chris

infecteduser 12.03.2012 15:59
so hier mal alle Scanns:

Malewarebytes:

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.12.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Default :: DEFAULT-PC [Administrator]

Schutz: Aktiviert

12.03.2012 14:43:41
mbam-log-2012-03-12 (14-43-41).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 441644
Laufzeit: 1 Stunde(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL:

Code:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default.Default-PC
->Temp folder emptied: 263326818 bytes
->Temporary Internet Files folder emptied: 188410584 bytes
->Java cache emptied: 52193042 bytes
->FireFox cache emptied: 130617503 bytes
->Opera cache emptied: 11358255 bytes
->Flash cache emptied: 470 bytes
 
User: DEFAUL~1~DEF
->Temp folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 107105487 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 718,00 mb
 
 
OTL by OldTimer - Version 3.2.36.3 log created on 03122012_154650

Files\Folders moved on Reboot...
C:\Users\Default.Default-PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

tdsskiller:
Code:

15:57:12.0473 1348        TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
15:57:12.0753 1348        ============================================================
15:57:12.0753 1348        Current date / time: 2012/03/12 15:57:12.0753
15:57:12.0753 1348        SystemInfo:
15:57:12.0753 1348       
15:57:12.0753 1348        OS Version: 6.1.7600 ServicePack: 0.0
15:57:12.0753 1348        Product type: Workstation
15:57:12.0753 1348        ComputerName: DEFAULT-PC
15:57:12.0753 1348        UserName: Default
15:57:12.0753 1348        Windows directory: C:\Windows
15:57:12.0753 1348        System windows directory: C:\Windows
15:57:12.0753 1348        Running under WOW64
15:57:12.0753 1348        Processor architecture: Intel x64
15:57:12.0753 1348        Number of processors: 4
15:57:12.0753 1348        Page size: 0x1000
15:57:12.0753 1348        Boot type: Normal boot
15:57:12.0753 1348        ============================================================
15:57:14.0625 1348        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:57:14.0625 1348        Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:57:14.0625 1348        Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:57:14.0625 1348        \Device\Harddisk0\DR0:
15:57:14.0625 1348        MBR used
15:57:14.0625 1348        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:57:14.0625 1348        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
15:57:14.0625 1348        \Device\Harddisk1\DR1:
15:57:14.0625 1348        GPT used
15:57:14.0625 1348        \Device\Harddisk1\DR1\Partition0: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {243D31A8-A48C-4488-A2A9-EAC517EBF326}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
15:57:14.0625 1348        \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {5F7A2127-5DA3-4181-BE49-AE41CA5998D1}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000
15:57:14.0625 1348        \Device\Harddisk2\DR2:
15:57:14.0625 1348        MBR used
15:57:14.0625 1348        \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E08000
15:57:14.0641 1348        Initialize success
15:57:14.0641 1348        ============================================================
15:57:28.0166 1584        ============================================================
15:57:28.0166 1584        Scan started
15:57:28.0166 1584        Mode: Manual; SigCheck; TDLFS;
15:57:28.0166 1584        ============================================================
15:57:28.0712 1584        1394ohci - ok
15:57:28.0728 1584        ACPI - ok
15:57:28.0728 1584        AcpiPmi - ok
15:57:28.0728 1584        adp94xx - ok
15:57:28.0743 1584        adpahci - ok
15:57:28.0743 1584        adpu320 - ok
15:57:28.0775 1584        AFD - ok
15:57:28.0775 1584        agp440 - ok
15:57:28.0775 1584        aliide - ok
15:57:28.0790 1584        amdide - ok
15:57:28.0790 1584        AmdK8 - ok
15:57:28.0790 1584        AmdPPM - ok
15:57:28.0790 1584        amdsata - ok
15:57:28.0790 1584        amdsbs - ok
15:57:28.0806 1584        amdxata - ok
15:57:28.0821 1584        androidusb - ok
15:57:28.0837 1584        AppID - ok
15:57:28.0853 1584        arc - ok
15:57:28.0853 1584        arcsas - ok
15:57:28.0853 1584        AsIO - ok
15:57:28.0868 1584        AsyncMac - ok
15:57:28.0868 1584        atapi - ok
15:57:28.0884 1584        AtiPcie - ok
15:57:28.0899 1584        avgntflt - ok
15:57:28.0915 1584        avipbb - ok
15:57:28.0915 1584        avkmgr - ok
15:57:28.0915 1584        avmeject - ok
15:57:28.0931 1584        b06bdrv - ok
15:57:28.0931 1584        b57nd60a - ok
15:57:28.0931 1584        Beep - ok
15:57:28.0946 1584        blbdrive - ok
15:57:28.0946 1584        bowser - ok
15:57:28.0946 1584        BrFiltLo - ok
15:57:28.0946 1584        BrFiltUp - ok
15:57:28.0962 1584        Brserid - ok
15:57:28.0962 1584        BrSerWdm - ok
15:57:28.0962 1584        BrUsbMdm - ok
15:57:28.0962 1584        BrUsbSer - ok
15:57:28.0962 1584        BTHMODEM - ok
15:57:28.0977 1584        cdfs - ok
15:57:28.0977 1584        cdrom - ok
15:57:28.0993 1584        circlass - ok
15:57:28.0993 1584        CLFS - ok
15:57:28.0993 1584        CmBatt - ok
15:57:29.0009 1584        cmdide - ok
15:57:29.0009 1584        CNG - ok
15:57:29.0009 1584        Compbatt - ok
15:57:29.0009 1584        CompositeBus - ok
15:57:29.0024 1584        crcdisk - ok
15:57:29.0024 1584        CSC - ok
15:57:29.0040 1584        DfsC - ok
15:57:29.0040 1584        discache - ok
15:57:29.0040 1584        Disk - ok
15:57:29.0055 1584        drmkaud - ok
15:57:29.0055 1584        DXGKrnl - ok
15:57:29.0055 1584        ebdrv - ok
15:57:29.0071 1584        elxstor - ok
15:57:29.0071 1584        ErrDev - ok
15:57:29.0071 1584        exfat - ok
15:57:29.0071 1584        fastfat - ok
15:57:29.0087 1584        fdc - ok
15:57:29.0102 1584        FileInfo - ok
15:57:29.0102 1584        Filetrace - ok
15:57:29.0102 1584        flpydisk - ok
15:57:29.0118 1584        FltMgr - ok
15:57:29.0149 1584        FsDepends - ok
15:57:29.0149 1584        Fs_Rec - ok
15:57:29.0149 1584        fvevol - ok
15:57:29.0149 1584        fwlanusbn - ok
15:57:29.0149 1584        gagp30kx - ok
15:57:29.0165 1584        GMSIPCI - ok
15:57:29.0165 1584        hcw85cir - ok
15:57:29.0165 1584        HdAudAddService - ok
15:57:29.0165 1584        HDAudBus - ok
15:57:29.0180 1584        HidBatt - ok
15:57:29.0180 1584        HidBth - ok
15:57:29.0180 1584        HidIr - ok
15:57:29.0180 1584        HidUsb - ok
15:57:29.0196 1584        HpSAMD - ok
15:57:29.0196 1584        HTTP - ok
15:57:29.0196 1584        hwpolicy - ok
15:57:29.0196 1584        i8042prt - ok
15:57:29.0211 1584        iaStorV - ok
15:57:29.0211 1584        iirsp - ok
15:57:29.0211 1584        intelide - ok
15:57:29.0227 1584        intelppm - ok
15:57:29.0227 1584        IpFilterDriver - ok
15:57:29.0227 1584        IPMIDRV - ok
15:57:29.0227 1584        IPNAT - ok
15:57:29.0243 1584        IRENUM - ok
15:57:29.0243 1584        isapnp - ok
15:57:29.0243 1584        iScsiPrt - ok
15:57:29.0243 1584        kbdclass - ok
15:57:29.0243 1584        kbdhid - ok
15:57:29.0258 1584        KSecDD - ok
15:57:29.0258 1584        KSecPkg - ok
15:57:29.0258 1584        ksthunk - ok
15:57:29.0289 1584        LHidFilt - ok
15:57:29.0289 1584        lltdio - ok
15:57:29.0289 1584        LSI_FC - ok
15:57:29.0305 1584        LSI_SAS - ok
15:57:29.0305 1584        LSI_SAS2 - ok
15:57:29.0305 1584        LSI_SCSI - ok
15:57:29.0305 1584        luafv - ok
15:57:29.0305 1584        LUsbFilt - ok
15:57:29.0321 1584        MBAMProtector - ok
15:57:29.0336 1584        megasas - ok
15:57:29.0336 1584        MegaSR - ok
15:57:29.0336 1584        Modem - ok
15:57:29.0352 1584        monitor - ok
15:57:29.0352 1584        mouclass - ok
15:57:29.0352 1584        mouhid - ok
15:57:29.0352 1584        mountmgr - ok
15:57:29.0352 1584        mpio - ok
15:57:29.0367 1584        mpsdrv - ok
15:57:29.0367 1584        MRxDAV - ok
15:57:29.0367 1584        mrxsmb - ok
15:57:29.0367 1584        mrxsmb10 - ok
15:57:29.0383 1584        mrxsmb20 - ok
15:57:29.0383 1584        msahci - ok
15:57:29.0383 1584        msdsm - ok
15:57:29.0383 1584        Msfs - ok
15:57:29.0399 1584        mshidkmdf - ok
15:57:29.0399 1584        msisadrv - ok
15:57:29.0399 1584        MSKSSRV - ok
15:57:29.0399 1584        MSPCLOCK - ok
15:57:29.0414 1584        MSPQM - ok
15:57:29.0414 1584        MsRPC - ok
15:57:29.0414 1584        mssmbios - ok
15:57:29.0414 1584        MSTEE - ok
15:57:29.0430 1584        MTConfig - ok
15:57:29.0430 1584        MTsensor - ok
15:57:29.0430 1584        Mup - ok
15:57:29.0430 1584        NativeWifiP - ok
15:57:29.0445 1584        NDIS - ok
15:57:29.0445 1584        NdisCap - ok
15:57:29.0445 1584        NdisTapi - ok
15:57:29.0445 1584        Ndisuio - ok
15:57:29.0445 1584        NdisWan - ok
15:57:29.0461 1584        NDProxy - ok
15:57:29.0461 1584        NetBIOS - ok
15:57:29.0461 1584        NetBT - ok
15:57:29.0477 1584        nfrd960 - ok
15:57:29.0477 1584        Npfs - ok
15:57:29.0492 1584        nsiproxy - ok
15:57:29.0492 1584        Ntfs - ok
15:57:29.0492 1584        Null - ok
15:57:29.0508 1584        nusb3hub - ok
15:57:29.0508 1584        nusb3xhc - ok
15:57:29.0523 1584        NVHDA - ok
15:57:29.0523 1584        nvlddmkm - ok
15:57:29.0523 1584        nvraid - ok
15:57:29.0523 1584        nvstor - ok
15:57:29.0539 1584        nv_agp - ok
15:57:29.0539 1584        ohci1394 - ok
15:57:29.0555 1584        Parport - ok
15:57:29.0555 1584        partmgr - ok
15:57:29.0555 1584        pci - ok
15:57:29.0555 1584        pciide - ok
15:57:29.0570 1584        pcmcia - ok
15:57:29.0570 1584        pcw - ok
15:57:29.0570 1584        PEAUTH - ok
15:57:29.0586 1584        PptpMiniport - ok
15:57:29.0601 1584        Processor - ok
15:57:29.0601 1584        Psched - ok
15:57:29.0601 1584        ql2300 - ok
15:57:29.0617 1584        ql40xx - ok
15:57:29.0617 1584        QWAVEdrv - ok
15:57:29.0617 1584        RasAcd - ok
15:57:29.0617 1584        RasAgileVpn - ok
15:57:29.0633 1584        Rasl2tp - ok
15:57:29.0633 1584        RasPppoe - ok
15:57:29.0633 1584        RasSstp - ok
15:57:29.0633 1584        rdbss - ok
15:57:29.0648 1584        rdpbus - ok
15:57:29.0648 1584        RDPCDD - ok
15:57:29.0648 1584        RDPDR - ok
15:57:29.0648 1584        RDPENCDD - ok
15:57:29.0664 1584        RDPREFMP - ok
15:57:29.0664 1584        RDPWD - ok
15:57:29.0664 1584        rdyboost - ok
15:57:29.0679 1584        rspndr - ok
15:57:29.0695 1584        RTL8167 - ok
15:57:29.0695 1584        s0016bus - ok
15:57:29.0695 1584        s0016mdfl - ok
15:57:29.0695 1584        s0016mdm - ok
15:57:29.0695 1584        s0016mgmt - ok
15:57:29.0711 1584        s0016nd5 - ok
15:57:29.0711 1584        s0016obex - ok
15:57:29.0711 1584        s0016unic - ok
15:57:29.0711 1584        s3cap - ok
15:57:29.0726 1584        SbieDrv - ok
15:57:29.0726 1584        sbp2port - ok
15:57:29.0726 1584        scfilter - ok
15:57:29.0742 1584        secdrv - ok
15:57:29.0742 1584        Serenum - ok
15:57:29.0757 1584        Serial - ok
15:57:29.0757 1584        sermouse - ok
15:57:29.0757 1584        sffdisk - ok
15:57:29.0773 1584        sffp_mmc - ok
15:57:29.0773 1584        sffp_sd - ok
15:57:29.0773 1584        sfloppy - ok
15:57:29.0773 1584        SiSRaid2 - ok
15:57:29.0789 1584        SiSRaid4 - ok
15:57:29.0789 1584        Smb - ok
15:57:29.0789 1584        speedfan - ok
15:57:29.0789 1584        spldr - ok
15:57:29.0820 1584        sptd - ok
15:57:29.0820 1584        srv - ok
15:57:29.0820 1584        srv2 - ok
15:57:29.0820 1584        srvnet - ok
15:57:29.0913 1584        ssadbus - ok
15:57:29.0929 1584        ssadmdfl - ok
15:57:29.0945 1584        ssadmdm - ok
15:57:29.0945 1584        sscdbus - ok
15:57:29.0976 1584        sscdmdfl - ok
15:57:29.0976 1584        sscdmdm - ok
15:57:29.0991 1584        stexstor - ok
15:57:30.0007 1584        storflt - ok
15:57:30.0007 1584        storvsc - ok
15:57:30.0007 1584        swenum - ok
15:57:30.0023 1584        tap0901 - ok
15:57:30.0038 1584        Tcpip - ok
15:57:30.0038 1584        TCPIP6 - ok
15:57:30.0038 1584        tcpipreg - ok
15:57:30.0054 1584        TDPIPE - ok
15:57:30.0054 1584        TDTCP - ok
15:57:30.0054 1584        tdx - ok
15:57:30.0069 1584        TermDD - ok
15:57:30.0069 1584        truecrypt - ok
15:57:30.0085 1584        tssecsrv - ok
15:57:30.0085 1584        tunnel - ok
15:57:30.0101 1584        uagp35 - ok
15:57:30.0101 1584        udfs - ok
15:57:30.0101 1584        uliagpkx - ok
15:57:30.0101 1584        umbus - ok
15:57:30.0116 1584        UmPass - ok
15:57:30.0147 1584        usbaudio - ok
15:57:30.0147 1584        usbccgp - ok
15:57:30.0163 1584        usbcir - ok
15:57:30.0163 1584        usbehci - ok
15:57:30.0163 1584        usbfilter - ok
15:57:30.0179 1584        usbhub - ok
15:57:30.0179 1584        usbohci - ok
15:57:30.0179 1584        usbprint - ok
15:57:30.0179 1584        USBSTOR - ok
15:57:30.0179 1584        usbuhci - ok
15:57:30.0194 1584        usbvideo - ok
15:57:30.0194 1584        vdrvroot - ok
15:57:30.0194 1584        vga - ok
15:57:30.0210 1584        VgaSave - ok
15:57:30.0210 1584        vhdmp - ok
15:57:30.0210 1584        VIAHdAudAddService - ok
15:57:30.0210 1584        viaide - ok
15:57:30.0225 1584        vmbus - ok
15:57:30.0225 1584        VMBusHID - ok
15:57:30.0225 1584        volmgr - ok
15:57:30.0225 1584        volmgrx - ok
15:57:30.0225 1584        volsnap - ok
15:57:30.0241 1584        vsmraid - ok
15:57:30.0241 1584        vwifibus - ok
15:57:30.0241 1584        WacomPen - ok
15:57:30.0241 1584        WANARP - ok
15:57:30.0257 1584        Wanarpv6 - ok
15:57:30.0257 1584        Wd - ok
15:57:30.0272 1584        Wdf01000 - ok
15:57:30.0288 1584        WfpLwf - ok
15:57:30.0288 1584        whfltr2k - ok
15:57:30.0288 1584        WIMMount - ok
15:57:30.0303 1584        WinUsb - ok
15:57:30.0303 1584        WmiAcpi - ok
15:57:30.0319 1584        ws2ifsl - ok
15:57:30.0335 1584        WudfPf - ok
15:57:30.0335 1584        WUDFRd - ok
15:57:30.0350 1584        MBR (0x1B8)    (9c58313c5dda6d94904a3d60ad87b6bb) \Device\Harddisk0\DR0
15:57:30.0615 1584        \Device\Harddisk0\DR0 - ok
15:57:30.0631 1584        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
15:57:30.0771 1584        \Device\Harddisk1\DR1 - ok
15:57:30.0771 1584        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
15:57:31.0395 1584        \Device\Harddisk2\DR2 - ok
15:57:31.0427 1584        Boot (0x1200)  (01e8b4a1190ce473cbd1a4fc821982b2) \Device\Harddisk0\DR0\Partition0
15:57:31.0427 1584        \Device\Harddisk0\DR0\Partition0 - ok
15:57:31.0442 1584        Boot (0x1200)  (3a4a50e3678c1f5d005c66d9a8a9e3e0) \Device\Harddisk0\DR0\Partition1
15:57:31.0442 1584        \Device\Harddisk0\DR0\Partition1 - ok
15:57:31.0442 1584        Boot (0x1200)  (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk1\DR1\Partition0
15:57:31.0442 1584        \Device\Harddisk1\DR1\Partition0 - ok
15:57:31.0458 1584        Boot (0x1200)  (fbbb329176e2d72a4e4b064594771fae) \Device\Harddisk1\DR1\Partition1
15:57:31.0458 1584        \Device\Harddisk1\DR1\Partition1 - ok
15:57:31.0458 1584        Boot (0x1200)  (04c170b5072e296d806ad0b0435f8fce) \Device\Harddisk2\DR2\Partition0
15:57:31.0458 1584        \Device\Harddisk2\DR2\Partition0 - ok
15:57:31.0458 1584        ============================================================
15:57:31.0458 1584        Scan finished
15:57:31.0458 1584        ============================================================
15:57:31.0473 3700        Detected object count: 0
15:57:31.0473 3700        Actual detected object count: 0

aswMBR:

Code:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-12 16:07:06
-----------------------------
16:07:06.546    OS Version: Windows x64 6.1.7600
16:07:06.546    Number of processors: 4 586 0x403
16:07:06.546    ComputerName: DEFAULT-PC  UserName: Default
16:07:07.466    Initialize success
16:07:23.058    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:07:23.058    Disk 0 Vendor: WDC_WD5000AAKS-007AA0 05.01D05 Size: 476940MB BusType: 3
16:07:23.073    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
16:07:23.073    Disk 1 Vendor: ST32000542AS CC37 Size: 1907729MB BusType: 3
16:07:23.089    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T1L0-6
16:07:23.089    Disk 2 Vendor: WDC_WD2001FASS-00W2B0 05.01D05 Size: 1907729MB BusType: 3
16:07:23.104    Disk 0 MBR read successfully
16:07:23.104    Disk 0 MBR scan
16:07:23.104    Disk 0 unknown MBR code
16:07:23.104    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS              100 MB offset 2048
16:07:23.120    Disk 0 Partition 2 00    07    HPFS/NTFS            476838 MB offset 206848
16:07:23.120    Disk 0 scanning C:\Windows\system32\drivers
16:07:23.120    Service scanning
16:07:25.990    Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
16:07:33.338    Modules scanning
16:07:33.354    Disk 0 trace - called modules:
16:07:33.369    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:07:33.385    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a28790]
16:07:33.385    3 CLASSPNP.SYS[fffff880018bd43f] -> nt!IofCallDriver -> [0xfffffa80048f69b0]
16:07:33.400    5 ACPI.sys[fffff88000f5f781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049a6060]
16:07:33.400    Scan finished successfully
16:07:42.324    Disk 0 MBR has been saved successfully to "C:\Users\Default.Default-PC\Desktop\MBR.dat"
16:07:42.339    The log file has been saved successfully to "C:\Users\Default.Default-PC\Desktop\aswMBR.txt"

Chris4You 12.03.2012 16:53
Hi,

sieht ok aus...

chris

infecteduser 12.03.2012 16:55
Da bin ich ja mehr als erleichtert :-)

Tausend Dank für die kompetente und schnelle Hilfe :daumenhoc


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:23 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131