Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   System Tool - erfolgreich entfernt? OTH klappt nicht! (https://www.trojaner-board.de/96458-system-tool-erfolgreich-entfernt-oth-klappt.html)

ginguba 11.03.2011 22:07
System Tool - erfolgreich entfernt? OTH klappt nicht!
 
Hallo liebe Forumsleser,

ich habe mir gestern auf meinem Rechner den Trojaner System Tools eingefangen. Dank der super verständlich geschriebenen Anleitung hier im Forum (http://www.trojaner-board.de/92246-s...entfernen.html) habe ich ihn nun glaube ich soweit entfernen können. Vielen Dank an dieser Stelle an den Verfasser! :daumenhoc

Im letzten Abschnitt steht da aber dass das System könnte trotzdem noch nicht vollständig sauber sein könnte und man doch besser einen Post hier schreiben solle, was ich nun hiermit tue.

Folgendes habe ich bisher getan:
1.) im abgesicherten Modus rkill.com mehrmals ausgeführt
2.) Scan mit Malwarebytes, 5 infizierte Stellen gefunden und gelöscht
3.) Windows HOSTS-Datei gelöscht und ersetzt

Bis dahin alles problemlos, der nächste empfohlene Schritt klappte aber nicht:
das OTH.scr lässt sich bei mir mit Doppelklick nur mit dem Windows Notizblock öffnen und beinhaltet einen Text aus für mich wirr aussehenden Zeichen.
Einen Kill all Process Button gibts da nicht. :confused:

Besteht nun die Gefahr dass der Trojaner noch irgendwo vorhanden ist oder hat das gereicht was ich getan habe? Mein Rechner verhält sich immerhin wieder normal...

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6017

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.03.2011 18:01:34
mbam-log-2011-03-11 (18-01-34).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 165791
Laufzeit: 11 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


-----------------------------------------------------------------------OTL Logfile:
Code:
OTL logfile created on: 11.03.2011 18:09:52 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Alemanha | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 5,69 Gb Free Space | 8,17% Space Free | Partition Type: NTFS
Drive E: | 3,72 Gb Total Space | 2,09 Gb Free Space | 56,20% Space Free | Partition Type: FAT32
Drive F: | 465,65 Gb Total Space | 206,01 Gb Free Space | 44,24% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programas\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programas\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programas\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Programas\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programas\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programas\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programas\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programas\Panda USB Vaccine\USBVaccine.exe (Panda Security)
PRC - C:\Programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programas\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programas\ZTE Wireless Terminal\bin\MonServiceUDisk.exe ()
PRC - C:\Programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programas\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Programas\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programas\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programas\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
PRC - C:\Programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programas\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe (Adobe Systems Incorporated)
PRC - C:\Programas\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programas\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (UDisk Monitor) -- C:\Programas\ZTE Wireless Terminal\bin\MonServiceUDisk.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MpKsl370bc68e) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{79C73BE8-AF94-4498-ABC1-28C8A7B528F4}\MpKsl370bc68e.sys (Microsoft Corporation)
DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (netw5v32) Controlador de Placa de Ligação WiFi Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (ztemtusbser) -- C:\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys (ZTEMT Incorporated)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LVUVC) Logitech Webcam 200(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programas\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programas\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com Search Engine - Better Web Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 6F D3 02 19 A3 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programas\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programas\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.yahoo.de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14778&locale=pt_US&apn_uid=E89DDBA8-5BDC-4EE8-B478-9EB5AD8B98FB&apn_ptnrs=VX&apn_sauid=FCC000CD-AF37-4DEF-B5EC-E2580C4EA338&apn_dtid=YYYYYYYYAO&q="
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.30 01:14:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.06 22:36:52 | 000,000,000 | ---D | M]
 
[2010.01.16 15:37:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.03.11 13:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2qvhfb4z.default\extensions
[2010.12.24 12:46:58 | 000,000,000 | ---D | M] (VDownloader Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2qvhfb4z.default\extensions\toolbar@ask.com
[2011.03.11 17:45:33 | 000,002,394 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\searchplugins\askcom.xml
[2011.03.11 13:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programas\Mozilla Firefox\extensions
[2010.12.03 14:01:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programas\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.06 22:36:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.07 19:24:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.01.05 16:00:40 | 000,000,000 | ---D | M] (Ultimatefox 1.0) -- C:\Programas\Mozilla Firefox\extensions\ultimatefox@gmail.com
[2010.01.05 16:00:40 | 000,000,000 | ---D | M] (Vistafox 2.1) -- C:\Programas\Mozilla Firefox\extensions\vistafox@gmail.com
[2010.12.03 14:01:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2011.03.06 22:36:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.07 19:24:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.02.04 18:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Programas\Mozilla Firefox\plugins\npOGAPlugin.dll
 
Hosts file not found
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programas\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programas\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programas\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programas\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programas\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programas\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programas\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programas\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programas\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programas\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programas\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.01.14 20:25:16 | 000,000,016 | -H-- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.11 17:55:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.03.11 17:38:14 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTH.scr
[2011.03.11 16:19:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ZEUG
[2011.03.11 14:02:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.03.11 13:58:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.11 13:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.11 13:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.11 13:58:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.11 13:58:12 | 000,000,000 | ---D | C] -- C:\Programas\Malwarebytes' Anti-Malware
[2011.03.11 13:57:16 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup.exe
[2011.03.10 20:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\pEeDfNd18100
[2011.03.09 12:48:55 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.09 12:48:55 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.03.09 12:48:47 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 12:48:47 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011.03.09 12:48:47 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 12:48:46 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.08 11:34:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.03.07 19:24:30 | 000,000,000 | ---D | C] -- C:\Programas\Common Files\Java
[2011.03.07 19:24:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.03.07 19:24:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.03.07 19:24:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.03.06 22:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.03.06 22:36:52 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.03.06 22:36:27 | 000,000,000 | ---D | C] -- C:\Programas\Java
[2011.03.05 16:59:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2011.03.05 16:59:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Live Writer
[2011.03.02 11:31:47 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Nova pasta (3)
[2011.03.01 12:26:46 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Hochzeit
[2011.02.23 08:03:48 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.02.23 08:03:47 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.02.10 21:39:26 | 000,000,000 | ---D | C] -- C:\Windows\TempE3E9925E-A8CC-5BD7-6FDD-6C1DE94A4E2B-Signatures
[2011.02.10 21:38:30 | 000,000,000 | ---D | C] -- C:\Programas\Microsoft Security Client
[2011.02.10 21:37:40 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011.02.10 20:54:36 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.02.10 20:54:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.10 20:54:36 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.10 20:54:36 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.10 20:54:35 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.02.10 20:54:35 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.10 20:54:35 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.10 20:54:35 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.10 20:54:35 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.02.10 20:36:42 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.10 20:36:42 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.10 20:10:40 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.02.10 20:10:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.02.10 20:10:25 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.02.10 20:10:18 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.02.10 20:10:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.02.10 20:10:12 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.02.10 20:09:29 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011.02.10 20:09:27 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011.02.10 20:09:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011.02.10 20:09:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2010.12.24 06:03:44 | 003,056,008 | ---- | C] (Ask) -- C:\Programas\Common Files\AskToolbarInstaller.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.11 17:55:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.03.11 17:47:35 | 000,015,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.11 17:47:35 | 000,015,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.11 17:40:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.11 17:40:28 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.11 17:38:16 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTH.scr
[2011.03.11 17:23:56 | 000,000,130 | ---- | M] () -- C:\Users\***\Desktop\hosts-perm.bat
[2011.03.11 13:58:16 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.11 13:57:18 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup.exe
[2011.03.11 13:46:28 | 001,006,747 | ---- | M] () -- C:\Users\***\Desktop\rkill.com
[2011.03.02 11:34:05 | 000,681,442 | ---- | M] () -- C:\Windows\System32\prfh0816.dat
[2011.03.02 11:34:05 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.02 11:34:05 | 000,134,752 | ---- | M] () -- C:\Windows\System32\prfc0816.dat
[2011.03.02 11:34:05 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.22 23:20:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011.02.21 07:02:51 | 001,712,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.19 06:32:48 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.02.19 06:32:35 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.02.10 21:41:03 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
 
========== Files Created - No Company Name ==========
 
[2011.03.11 16:14:39 | 000,000,130 | ---- | C] () -- C:\Users\***\Desktop\hosts-perm.bat
[2011.03.11 13:58:16 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.11 13:46:26 | 001,006,747 | ---- | C] () -- C:\Users\***\Desktop\rkill.com
[2011.02.22 23:20:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011.02.10 21:41:03 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2010.12.26 21:52:41 | 000,001,741 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin
[2010.12.24 06:03:45 | 000,444,283 | ---- | C] () -- C:\Programas\Common Files\WinPcapNmap.exe
[2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010.01.15 23:57:59 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.01.15 19:31:49 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010.01.13 12:09:40 | 000,000,189 | ---- | C] () -- C:\Windows\hpdj1280.ini
[2010.01.07 09:00:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.05 16:44:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.01.05 16:32:14 | 000,007,648 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.01.05 16:04:16 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.01.05 16:04:14 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010.01.05 16:04:14 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.01.05 16:04:14 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.01.05 16:04:13 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.07.14 09:10:46 | 000,681,442 | ---- | C] () -- C:\Windows\System32\prfh0816.dat
[2009.07.14 09:10:46 | 000,336,656 | ---- | C] () -- C:\Windows\System32\prfi0816.dat
[2009.07.14 09:10:46 | 000,134,752 | ---- | C] () -- C:\Windows\System32\prfc0816.dat
[2009.07.14 09:10:46 | 000,040,548 | ---- | C] () -- C:\Windows\System32\prfd0816.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 001,712,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,618,108 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,107,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.05.08 10:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.04.30 16:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008.12.01 20:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.12.01 20:08:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.10.30 14:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
 
< End of report >
--- --- ---



------------------------------------------------------------------------
OTL Logfile:
Code:
OTL Extras logfile created on: 11.03.2011 18:09:52 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Alemanha | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 5,69 Gb Free Space | 8,17% Space Free | Partition Type: NTFS
Drive E: | 3,72 Gb Total Space | 2,09 Gb Free Space | 56,20% Space Free | Partition Type: FAT32
Drive F: | 465,65 Gb Total Space | 206,01 Gb Free Space | 44,24% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client PT-BR Language Pack
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EF54987-EE4A-4096-90CB-8B21214B50E8}" = Microsoft Antimalware Service PT-BR Language Pack
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.733
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFAAE758-85CE-4A3D-93D8-70563CBE3663}" = OpenOffice.org 3.2
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D40C0608-033D-43A7-B4D7-B0EE493F938C}" = Microsoft Antimalware Service PT-BR Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A160F1-127B-43AC-AF96-EBB6319B01C7}" = Google SketchUp Pro 8
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F855451C-21E2-3034-B042-E1E66923548A}" = Microsoft .NET Framework 4 Client Profile PTG Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HijackThis" = HijackThis 2.0.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.9.0
"lvdrivers_12.0" = Pacote de drivers Logitech Webcam Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTG Language Pack" = Microsoft .NET Framework 4 Client Profile PTG Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Power Management Driver" = ThinkPad Power Management Driver
"printeria UnikatprintDigitalPrintLab3" = DigitalPrintLab3
"printeriaDigitalPrintLab3" = DigitalPrintLab3
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"ZTEWireless-101_is1" = ZTE Wireless Terminal
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.03.2011 11:03:09 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
 
Error - 11.03.2011 11:06:11 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
 
Error - 11.03.2011 11:06:13 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
 
Error - 11.03.2011 11:10:53 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
 
Error - 11.03.2011 11:10:53 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
 
Error - 11.03.2011 11:21:54 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
 
Error - 11.03.2011 11:21:54 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
 
Error - 11.03.2011 12:38:24 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
 
Error - 11.03.2011 12:53:10 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
 
Error - 11.03.2011 12:53:10 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
 
[ Media Center Events ]
Error - 21.12.2010 07:29:49 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 12:29:48 - Erro ao ligar à Internet. 12:29:48 - Não é possível
contactar o servidor..
 
Error - 21.12.2010 07:29:58 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 12:29:54 - Erro ao ligar à Internet. 12:29:54 - Não é possível
contactar o servidor..
 
Error - 22.12.2010 22:47:08 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 03:47:03 - Erro ao ligar à Internet. 03:47:03 - Não é possível
contactar o servidor..
 
Error - 22.12.2010 23:47:15 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 04:47:13 - Erro ao ligar à Internet. 04:47:13 - Não é possível
contactar o servidor..
 
Error - 23.12.2010 00:47:20 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 05:47:19 - Erro ao ligar à Internet. 05:47:19 - Não é possível
contactar o servidor..
 
Error - 23.12.2010 01:47:26 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 06:47:25 - Erro ao ligar à Internet. 06:47:25 - Não é possível
contactar o servidor..
 
Error - 23.12.2010 19:28:17 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 00:28:17 - Erro ao ligar à Internet. 00:28:17 - Não é possível
contactar o servidor..
 
Error - 23.12.2010 19:28:28 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 00:28:23 - Erro ao ligar à Internet. 00:28:23 - Não é possível
contactar o servidor..
 
Error - 25.12.2010 15:53:37 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 20:53:37 - Erro ao ligar à Internet. 20:53:37 - Não é possível
contactar o servidor..
 
Error - 25.12.2010 15:53:54 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 20:53:43 - Erro ao ligar à Internet. 20:53:43 - Não é possível
contactar o servidor..
 
[ System Events ]
Error - 11.03.2011 11:10:56 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 11.03.2011 11:13:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = O serviço Fornecedor do Grupo Doméstico depende do serviço Anfitrião
do Fornecedor de Detecção de Funções o qual falhou o arranque devido ao seguinte
erro: %%1068
 
Error - 11.03.2011 11:13:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = O serviço Browser de computador depende do serviço Servidor o qual
falhou o arranque devido ao seguinte erro: %%1068
 
Error - 11.03.2011 11:13:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = O serviço Browser de computador depende do serviço Servidor o qual
falhou o arranque devido ao seguinte erro: %%1068
 
Error - 11.03.2011 11:26:25 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = O serviço Fornecedor do Grupo Doméstico depende do serviço Anfitrião
do Fornecedor de Detecção de Funções o qual falhou o arranque devido ao seguinte
erro: %%1068
 
Error - 11.03.2011 12:27:08 | Computer Name = ***-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ocorreu um erro ao tentar ler o ficheiro hosts local.
 
Error - 11.03.2011 12:41:29 | Computer Name = ***-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ocorreu um erro ao tentar ler o ficheiro hosts local.
 
Error - 11.03.2011 12:42:03 | Computer Name = ***-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ocorreu um erro ao tentar ler o ficheiro hosts local.
 
Error - 11.03.2011 12:42:04 | Computer Name = ***-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ocorreu um erro ao tentar ler o ficheiro hosts local.
 
Error - 11.03.2011 12:42:15 | Computer Name = ***-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ocorreu um erro ao tentar ler o ficheiro hosts local.
 
 
< End of report >
--- --- ---

:crazy:

Wäre dankbar für eure Einschätzung! :heilig:
Ginguba

cosinus 12.03.2011 12:40
Zitat:
2.) Scan mit Malwarebytes, 5 infizierte Stellen gefunden und gelöscht
Bitte alle Logs dazu posten!

ginguba 13.03.2011 12:21
Ich seh grad es waren 4 infizierte Dateien. Hab dann gesagt alle entfernen, im Malwarebytes sind sie jetzt unter Quarantäne zu finden. Hier der erste log:

--------------------------------------------

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6017

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

11.03.2011 16:01:19
mbam-log-2011-03-11 (16-01-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Durchsuchte Objekte: 396363
Laufzeit: 1 Stunde(n), 4 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pEeDfNd18100 (Trojan.FakeAlert) -> Value: pEeDfNd18100 -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\peedfnd18100\peedfnd18100.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\AdbUpd.lnk (Malware.Trace) -> No action taken.
c:\Users\***\AppData\Roaming\Adobe\adobeutil .exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\***\AppData\Roaming\Adobe\adobeutil.exe (Trojan.Agent.Gen) -> No action taken.

ginguba 13.03.2011 12:53
Ich seh grad es waren 4 infizierte Dateien. Hab dann gesagt alle entfernen, im Malwarebytes sind sie jetzt unter Quarantäne zu finden. Hier der erste log:

--------------------------------------------

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6017

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

11.03.2011 16:01:19
mbam-log-2011-03-11 (16-01-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Durchsuchte Objekte: 396363
Laufzeit: 1 Stunde(n), 4 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pEeDfNd18100 (Trojan.FakeAlert) -> Value: pEeDfNd18100 -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\peedfnd18100\peedfnd18100.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\AdbUpd.lnk (Malware.Trace) -> No action taken.
c:\Users\***\AppData\Roaming\Adobe\adobeutil .exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\***\AppData\Roaming\Adobe\adobeutil.exe (Trojan.Agent.Gen) -> No action taken.

cosinus 13.03.2011 14:25
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.01.14 20:25:16 | 000,000,016 | -H-- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

ginguba 14.03.2011 01:07
Ok, hab ich gemacht soweit, hier das Ergebnis:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File F:\AUTORUN.INF not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0 deleted successfully.
C:\Programas\Adobe\Acrobat 8.0\Acrobat\acrotray.exe moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ***
->Temp folder emptied: 3447569921 bytes
->Temporary Internet Files folder emptied: 96829581 bytes
->Java cache emptied: 842025 bytes
->FireFox cache emptied: 91795780 bytes
->Flash cache emptied: 2609012 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 142948217 bytes
RecycleBin emptied: 230135993 bytes

Total Files Cleaned = 3.827,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03142011_005908

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 14.03.2011 10:45
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

ginguba 30.03.2011 16:51
Hallo,

ich war eine Weile ausser Gefecht, daher konnte ich mich erst jetzt wieder um meinen Rechner kuemmern...

Danke, Arne, hab getan wie mir aufgetragen wurde. Hier ist das Ergebnis von ComboFix:



Combofix Logfile:
Code:
ComboFix 11-03-29.05 - *** 30.03.2011  15:39:49.1.2 - x86
Microsoft Windows 7 Professional  6.1.7600.0.1252.351.2070.18.3070.1899 [GMT 1:00]
Executando de: c:\users\***\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((  Outras Exclusões  )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\Adobe\adb.cer
c:\users\***\AppData\Roaming\Adobe\plugs
c:\users\***\AppData\Roaming\Adobe\shed
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((  Arquivos/Ficheiros criados de 2011-02-28 to 2011-03-30  ))))))))))))))))))))))))))))
.
.
2011-03-30 14:45 . 2011-03-30 14:49        --------        d-----w-        c:\users\***\AppData\Local\temp
2011-03-30 14:45 . 2011-03-30 14:45        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-03-30 13:16 . 2011-03-30 13:16        28752        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECDB4753-5BB2-46E8-99CB-C222CA501EBB}\MpKsl21da1b12.sys
2011-03-30 13:16 . 2011-03-15 04:05        6792528        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECDB4753-5BB2-46E8-99CB-C222CA501EBB}\mpengine.dll
2011-03-30 12:39 . 2011-03-30 12:39        --------        d-----w-        c:\program files\CCleaner
2011-03-30 11:41 . 2011-03-30 11:41        --------        d-----w-        c:\programdata\Hewlett-Packard
2011-03-30 11:40 . 2009-07-14 01:15        280064        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2011-03-25 12:54 . 2010-11-30 09:43        439632        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-25 12:53 . 2010-11-30 09:43        439632        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A06CF22-E7D7-4C8A-8C60-9E6AD3B1D739}\gapaengine.dll
2011-03-13 23:59 . 2011-03-13 23:59        --------        d-----w-        C:\_OTL
2011-03-11 13:02 . 2011-03-11 13:02        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2011-03-11 12:58 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-11 12:58 . 2011-03-11 12:58        --------        d-----w-        c:\programdata\Malwarebytes
2011-03-11 12:58 . 2011-03-11 12:58        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-03-11 12:58 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-03-10 19:45 . 2011-03-11 15:01        --------        d-----w-        c:\programdata\pEeDfNd18100
2011-03-09 11:48 . 2011-02-19 05:33        802304        ----a-w-        c:\windows\system32\FntCache.dll
2011-03-09 11:48 . 2011-02-19 05:32        1074176        ----a-w-        c:\windows\system32\DWrite.dll
2011-03-09 11:48 . 2011-02-19 05:32        739840        ----a-w-        c:\windows\system32\d2d1.dll
2011-03-09 11:48 . 2010-12-23 05:28        850432        ----a-w-        c:\windows\system32\sbe.dll
2011-03-09 11:48 . 2010-12-23 05:28        642048        ----a-w-        c:\windows\system32\CPFilters.dll
2011-03-09 11:48 . 2010-12-23 05:28        534528        ----a-w-        c:\windows\system32\EncDec.dll
2011-03-09 11:48 . 2010-12-23 05:24        199680        ----a-w-        c:\windows\system32\mpg2splt.ax
2011-03-09 11:48 . 2010-12-18 05:30        2690560        ----a-w-        c:\windows\system32\mstscax.dll
2011-03-09 11:48 . 2010-12-18 05:26        1034240        ----a-w-        c:\windows\system32\mstsc.exe
2011-03-07 18:24 . 2011-03-07 18:24        --------        d-----w-        c:\program files\Common Files\Java
2011-03-06 21:36 . 2011-02-02 20:40        472808        ----a-w-        c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-06 21:36 . 2011-02-02 20:40        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-03-06 21:36 . 2011-03-07 18:24        --------        d-----w-        c:\program files\Java
2011-03-05 15:59 . 2011-03-05 15:59        --------        d-----w-        c:\users\***\AppData\Local\Windows Live Writer
2011-03-05 15:59 . 2011-03-05 15:59        --------        d-----w-        c:\users\***\AppData\Roaming\Windows Live Writer
.
.
(((((((((((((((((((((((((((((((((((((  Relatório Find3M  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 04:05 . 2010-01-11 11:54        6792528        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-10 09:26 . 2010-06-24 10:33        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-03 05:45 . 2011-02-10 19:10        219008        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2011-01-07 07:31 . 2011-02-23 07:03        442880        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 07:03        288256        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-10 19:10        34304        ----a-w-        c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-10 19:10        294400        ----a-w-        c:\windows\system32\atmfd.dll
2011-01-06 18:37 . 2011-01-06 18:37        44416        ----a-w-        c:\windows\system32\drivers\dc3d.sys
2011-01-06 18:37 . 2011-01-06 18:37        1461992        ----a-w-        c:\windows\system32\WdfCoInstaller01009.dll
2011-01-05 05:37 . 2011-02-10 19:10        428032        ----a-w-        c:\windows\system32\vbscript.dll
2011-01-05 03:37 . 2011-02-10 19:10        2329088        ----a-w-        c:\windows\system32\win32k.sys
2010-10-16 10:50 . 2010-12-24 05:03        3056008        ----a-w-        c:\program files\Common Files\AskToolbarInstaller.exe
2010-01-26 09:11 . 2010-12-24 05:03        444283        ----a-w-        c:\program files\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((  Pontos de Carregamento do Registro  )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44        1400712        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2009-12-31 10:53        2349080        ----a-w-        c:\program files\DVDVideoSoft\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1343400]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [2009-05-31 104704]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 MpKsl21da1b12;MpKsl21da1b12;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECDB4753-5BB2-46E8-99CB-C222CA501EBB}\MpKsl21da1b12.sys [2011-03-30 28752]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S2 UDisk Monitor;UDisk Monitor;c:\program files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe [2009-06-11 262144]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-01-06 44416]
S3 netw5v32;Controlador de Placa de Ligação WiFi Intel(R) Sem Fios 5000 Series para Windows Vista de 32 Bits;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.ask.com?o=14780&l=dis
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14778&locale=pt_US&apn_uid=E89DDBA8-5BDC-4EE8-B478-9EB5AD8B98FB&apn_ptnrs=VX&apn_sauid=FCC000CD-AF37-4DEF-B5EC-E2580C4EA338&apn_dtid=YYYYYYYYAO&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: VDownloader Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
.
------- Associação de arquivos/ficheiros -------
.
.scr=AutoCADScriptFile
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-3823376189-4068465128-1039079962-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3823376189-4068465128-1039079962-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'Explorer.exe'(6080)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Panda USB Vaccine\USBVaccine.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Tempo para conclusão: 2011-03-30  15:53:04 - Máquina reiniciou
ComboFix-quarantined-files.txt  2011-03-30 14:53
.
Pré-execução: 11.425.910.784 bytes livres
Pós execução: 11.332.386.816 bytes livres
.
- - End Of File - - A2E3EB85FA67C3F29C19534B370CE1D1
--- --- ---



:rolleyes:

cosinus 30.03.2011 19:05
Kein Problem, eigene Gesundheit geht vor der "Gesundheit" des PC! ;)

Zitat:
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
Hm, AntiVir und MSE geht nicht, eins von beiden bitte deinstallieren. Ich würde bei MSW bleiben und AntiVir deinstallieren, aber wenn dir AntiVir besser gefällt mach es andersrum, prinzipiell ist es fast egal welchen Scanner man nimmt.

Nach der Deinstallation im dem obligatorischen Neustart des Rechners bitte dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

ginguba 31.03.2011 09:40
Hallo,
hab AntiVir deinstalliert, hier ist das log vom TDSS Killer:

2011/03/31 09:30:57.0804 0172 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/31 09:30:58.0917 0172 ================================================================================
2011/03/31 09:30:58.0917 0172 SystemInfo:
2011/03/31 09:30:58.0917 0172
2011/03/31 09:30:58.0917 0172 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/31 09:30:58.0917 0172 Product type: Workstation
2011/03/31 09:30:58.0917 0172 ComputerName: ***-PC
2011/03/31 09:30:58.0918 0172 UserName: ***
2011/03/31 09:30:58.0918 0172 Windows directory: C:\Windows
2011/03/31 09:30:58.0918 0172 System windows directory: C:\Windows
2011/03/31 09:30:58.0918 0172 Processor architecture: Intel x86
2011/03/31 09:30:58.0918 0172 Number of processors: 2
2011/03/31 09:30:58.0918 0172 Page size: 0x1000
2011/03/31 09:30:58.0918 0172 Boot type: Normal boot
2011/03/31 09:30:58.0918 0172 ================================================================================
2011/03/31 09:30:59.0894 0172 Initialize success
2011/03/31 09:31:11.0088 4012 ================================================================================
2011/03/31 09:31:11.0088 4012 Scan started
2011/03/31 09:31:11.0088 4012 Mode: Manual;
2011/03/31 09:31:11.0088 4012 ================================================================================
2011/03/31 09:31:34.0438 4012 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/31 09:31:34.0529 4012 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/31 09:31:34.0628 4012 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/31 09:31:34.0706 4012 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/31 09:31:34.0941 4012 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/31 09:31:35.0030 4012 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/31 09:31:35.0142 4012 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/03/31 09:31:35.0208 4012 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/31 09:31:35.0378 4012 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/03/31 09:31:35.0494 4012 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/31 09:31:35.0564 4012 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/03/31 09:31:35.0636 4012 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/31 09:31:35.0713 4012 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/31 09:31:35.0837 4012 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/31 09:31:35.0918 4012 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/31 09:31:36.0008 4012 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/31 09:31:36.0070 4012 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/31 09:31:36.0147 4012 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/03/31 09:31:36.0331 4012 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/03/31 09:31:36.0407 4012 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/31 09:31:36.0478 4012 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/31 09:31:36.0528 4012 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/31 09:31:36.0822 4012 atikmdag (d2e9acb68fa61c911cc21e07f87705bf) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/31 09:31:37.0234 4012 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/03/31 09:31:37.0435 4012 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/03/31 09:31:37.0517 4012 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/03/31 09:31:37.0593 4012 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/31 09:31:37.0757 4012 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/31 09:31:37.0860 4012 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/31 09:31:37.0928 4012 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/31 09:31:38.0071 4012 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/03/31 09:31:38.0474 4012 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/31 09:31:38.0727 4012 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/31 09:31:39.0088 4012 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/31 09:31:39.0386 4012 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/03/31 09:31:39.0620 4012 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/31 09:31:39.0940 4012 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/03/31 09:31:40.0266 4012 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/03/31 09:31:40.0601 4012 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/03/31 09:31:41.0414 4012 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/31 09:31:41.0651 4012 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/31 09:31:42.0064 4012 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/31 09:31:42.0356 4012 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/03/31 09:31:42.0704 4012 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/31 09:31:42.0774 4012 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/31 09:31:42.0948 4012 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/03/31 09:31:43.0131 4012 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/31 09:31:43.0187 4012 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/31 09:31:43.0479 4012 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/31 09:31:43.0963 4012 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/03/31 09:31:44.0403 4012 dc3d (484ffbcec4091ff617494b6b0cb04eb3) C:\Windows\system32\DRIVERS\dc3d.sys
2011/03/31 09:31:44.0584 4012 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/03/31 09:31:44.0696 4012 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/03/31 09:31:45.0012 4012 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/03/31 09:31:45.0182 4012 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/03/31 09:31:45.0470 4012 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/31 09:31:45.0637 4012 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/03/31 09:31:46.0329 4012 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/03/31 09:31:46.0915 4012 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/31 09:31:47.0134 4012 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/31 09:31:47.0526 4012 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/03/31 09:31:47.0657 4012 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/03/31 09:31:48.0006 4012 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/31 09:31:48.0136 4012 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/03/31 09:31:48.0338 4012 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/03/31 09:31:48.0647 4012 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/31 09:31:48.0922 4012 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/03/31 09:31:49.0199 4012 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/03/31 09:31:49.0460 4012 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/03/31 09:31:49.0736 4012 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/31 09:31:49.0931 4012 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/31 09:31:50.0134 4012 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/31 09:31:50.0298 4012 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/31 09:31:50.0388 4012 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/03/31 09:31:50.0460 4012 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/31 09:31:50.0525 4012 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/31 09:31:50.0593 4012 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/31 09:31:50.0702 4012 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/31 09:31:50.0900 4012 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/31 09:31:51.0188 4012 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/31 09:31:51.0822 4012 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/03/31 09:31:52.0152 4012 hwdatacard (bd01cb77fbeff75089915e361457f7cb) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/03/31 09:31:52.0248 4012 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/31 09:31:52.0330 4012 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/31 09:31:52.0590 4012 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/31 09:31:52.0802 4012 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
2011/03/31 09:31:53.0685 4012 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/31 09:31:53.0839 4012 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/31 09:31:53.0899 4012 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/31 09:31:54.0140 4012 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/31 09:31:54.0320 4012 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/31 09:31:54.0650 4012 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/03/31 09:31:54.0922 4012 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
2011/03/31 09:31:55.0182 4012 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/03/31 09:31:55.0451 4012 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/31 09:31:55.0574 4012 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/31 09:31:55.0783 4012 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/31 09:31:55.0891 4012 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/31 09:31:56.0017 4012 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/31 09:31:56.0213 4012 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/31 09:31:56.0405 4012 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/31 09:31:56.0511 4012 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/31 09:31:56.0598 4012 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/31 09:31:56.0695 4012 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/31 09:31:56.0802 4012 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/31 09:31:56.0950 4012 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/03/31 09:31:57.0098 4012 lvpopflt (01f0e010acb61472163e9d02d3ff531a) C:\Windows\system32\DRIVERS\lvpopflt.sys
2011/03/31 09:31:57.0249 4012 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/03/31 09:31:57.0384 4012 LVRS (87ecce893d8aec5a9337b917742d339c) C:\Windows\system32\DRIVERS\lvrs.sys
2011/03/31 09:31:58.0317 4012 LVUVC (291f69b3dda0f033d2490c5ba5179f7c) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/03/31 09:31:58.0774 4012 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/31 09:31:58.0885 4012 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/31 09:31:58.0989 4012 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/03/31 09:31:59.0088 4012 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/31 09:31:59.0206 4012 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/31 09:31:59.0345 4012 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/31 09:31:59.0486 4012 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/03/31 09:31:59.0628 4012 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/03/31 09:31:59.0699 4012 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/31 09:31:59.0887 4012 MpKsl171ef24f (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8B890733-D2E5-4428-8A1A-E2404005B8BC}\MpKsl171ef24f.sys
2011/03/31 09:32:00.0057 4012 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/03/31 09:32:00.0149 4012 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/31 09:32:00.0231 4012 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/03/31 09:32:00.0359 4012 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/31 09:32:00.0430 4012 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/31 09:32:00.0542 4012 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/31 09:32:00.0610 4012 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/31 09:32:00.0668 4012 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/31 09:32:00.0768 4012 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/03/31 09:32:00.0832 4012 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/31 09:32:00.0951 4012 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/31 09:32:01.0069 4012 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/31 09:32:01.0194 4012 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/31 09:32:01.0262 4012 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/03/31 09:32:01.0379 4012 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/03/31 09:32:01.0471 4012 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/31 09:32:01.0554 4012 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/03/31 09:32:01.0629 4012 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/31 09:32:01.0704 4012 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/03/31 09:32:01.0839 4012 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/31 09:32:01.0962 4012 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/03/31 09:32:02.0159 4012 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/31 09:32:02.0277 4012 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/31 09:32:02.0363 4012 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/31 09:32:02.0424 4012 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/31 09:32:02.0477 4012 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/03/31 09:32:02.0573 4012 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/31 09:32:02.0686 4012 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/31 09:32:03.0465 4012 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/03/31 09:32:03.0945 4012 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/31 09:32:04.0101 4012 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/03/31 09:32:04.0548 4012 npf (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
2011/03/31 09:32:04.0677 4012 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/03/31 09:32:04.0845 4012 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2011/03/31 09:32:05.0190 4012 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/31 09:32:05.0410 4012 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/03/31 09:32:05.0736 4012 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/03/31 09:32:05.0842 4012 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/31 09:32:05.0951 4012 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/31 09:32:06.0051 4012 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/31 09:32:06.0276 4012 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/31 09:32:06.0432 4012 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/03/31 09:32:06.0580 4012 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/03/31 09:32:06.0823 4012 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/03/31 09:32:06.0968 4012 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/03/31 09:32:07.0133 4012 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/31 09:32:07.0363 4012 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/31 09:32:07.0471 4012 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/03/31 09:32:07.0631 4012 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/03/31 09:32:08.0075 4012 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/31 09:32:08.0261 4012 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/03/31 09:32:08.0560 4012 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/31 09:32:08.0862 4012 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/31 09:32:09.0196 4012 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/31 09:32:09.0386 4012 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/31 09:32:09.0513 4012 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/31 09:32:09.0668 4012 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/31 09:32:09.0743 4012 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/31 09:32:09.0835 4012 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/31 09:32:09.0907 4012 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/31 09:32:09.0980 4012 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/31 09:32:10.0034 4012 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/31 09:32:10.0116 4012 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/31 09:32:10.0194 4012 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/03/31 09:32:10.0285 4012 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/31 09:32:10.0363 4012 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/31 09:32:10.0451 4012 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/03/31 09:32:10.0540 4012 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/03/31 09:32:10.0663 4012 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/03/31 09:32:10.0771 4012 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/31 09:32:11.0024 4012 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/03/31 09:32:11.0119 4012 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/31 09:32:11.0189 4012 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/31 09:32:11.0304 4012 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/31 09:32:11.0414 4012 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/31 09:32:11.0493 4012 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/03/31 09:32:11.0579 4012 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/31 09:32:11.0681 4012 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/31 09:32:11.0749 4012 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/31 09:32:11.0810 4012 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/31 09:32:11.0886 4012 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/31 09:32:11.0998 4012 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/03/31 09:32:12.0108 4012 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/31 09:32:12.0180 4012 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/31 09:32:12.0267 4012 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/03/31 09:32:12.0401 4012 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/03/31 09:32:12.0552 4012 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/31 09:32:12.0662 4012 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/31 09:32:12.0765 4012 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/03/31 09:32:12.0900 4012 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/03/31 09:32:13.0065 4012 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/03/31 09:32:13.0304 4012 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/31 09:32:13.0426 4012 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/31 09:32:13.0514 4012 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/03/31 09:32:13.0576 4012 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/03/31 09:32:13.0668 4012 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/31 09:32:13.0872 4012 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/03/31 09:32:14.0125 4012 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/31 09:32:14.0221 4012 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/31 09:32:14.0336 4012 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/03/31 09:32:14.0410 4012 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/03/31 09:32:14.0478 4012 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/31 09:32:14.0534 4012 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/31 09:32:14.0659 4012 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/31 09:32:14.0776 4012 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/31 09:32:14.0845 4012 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/31 09:32:14.0923 4012 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/31 09:32:15.0052 4012 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/31 09:32:15.0158 4012 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/31 09:32:15.0280 4012 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/31 09:32:15.0413 4012 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/03/31 09:32:15.0500 4012 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/31 09:32:15.0603 4012 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/31 09:32:15.0690 4012 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/31 09:32:15.0828 4012 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/31 09:32:15.0899 4012 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/31 09:32:16.0023 4012 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/31 09:32:16.0091 4012 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/31 09:32:16.0194 4012 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/31 09:32:16.0310 4012 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/31 09:32:16.0393 4012 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/31 09:32:16.0465 4012 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/03/31 09:32:16.0544 4012 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/31 09:32:16.0635 4012 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/03/31 09:32:16.0726 4012 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/03/31 09:32:16.0821 4012 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/31 09:32:16.0912 4012 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/03/31 09:32:17.0026 4012 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/03/31 09:32:17.0092 4012 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/31 09:32:17.0147 4012 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/03/31 09:32:17.0241 4012 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/31 09:32:17.0369 4012 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/31 09:32:17.0439 4012 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/03/31 09:32:17.0533 4012 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/31 09:32:17.0633 4012 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/31 09:32:17.0657 4012 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/31 09:32:17.0755 4012 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/03/31 09:32:17.0882 4012 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/31 09:32:18.0011 4012 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/31 09:32:18.0077 4012 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/03/31 09:32:18.0394 4012 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/03/31 09:32:18.0753 4012 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/31 09:32:19.0019 4012 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/31 09:32:19.0196 4012 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/03/31 09:32:19.0282 4012 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/31 09:32:19.0451 4012 ztemtusbser (20f4f87625edddb97b48da66ace7dc8d) C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
2011/03/31 09:32:19.0598 4012 ================================================================================
2011/03/31 09:32:19.0598 4012 Scan finished
2011/03/31 09:32:19.0599 4012 ================================================================================

cosinus 31.03.2011 13:32
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

ginguba 07.04.2011 09:52
Hallo,

mit dem OSAM.rar hatte ich einige Probleme, es kam beim runterladen scheinbar immer unvollstaendig an un liess sich dann nicht starten. Heute hat´s aber komischerweise geklappt :-)

Hier also die log Inhalte von allen 3:

------------------------------------------------------------------------------------
GMER Logfile:
Code:
GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-01 10:08:04
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 FUJITSU_MHV2080BH rev.00840028
Running: 5kplmhnf.exe; Driver: C:\Users\janis\AppData\Local\Temp\kgloypod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                  82E89589 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                          82EAE092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          C:\Windows\system32\DRIVERS\atikmdag.sys                                                        section is writeable [0x90C19000, 0x23097E, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                          rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                          rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000076                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                        fltmgr.sys (Gestor de Filtros de Sistema de Ficheiros da Microsoft/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0016ceeb7a91                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind                                ???}??????????????????????????????????????,??}???????????????????????????????????????}?}?}?}?}?}?}?}?}?}????? ???????}???????????i?:??????,?L??? ???????????????????????? ???????}????????????m??&???????????????????}??? R??}??????????t????}??? ???????o?????}?????}????????$?????????M?????N??}?????????e????@%Systemroot%\system32\wsmsvc.dll,-101????????h??}????????h?????%SystemRoot%\System32\svchost.exe -k NetworkService??????}?}?}????N??}?????????n????@%Systemroot%\system32\wsmsvc.dll,-102??????? 8??}??????????????NT AUTHORITY\NetworkService????????}?????}??????????????????????????????????t???ServiceMain????????? ????????????????}???????????e??RPCSS?HTTP????????,??}???????????????????????????????????????}??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege???????? B??}???????????????}???????????????????????????????????????????????}?}?}?}?}?}?}?}?}?}?}?}????? ???????}???????????}????????,?B??? ???????????%SystemRoot%\system32\WsmSv
Reg            HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route                                ????????????????Net??????????j??????????oem16.inf????????????????h???????????????e????N???????????D??????{?{?{?{?{?{?{?{?{?{?s???????????????1?????????????????e5???????{4d36e972-e325-11ce-bfc1-08002be10318}???????????????B????????????????????X?????????????? ??????????????????{4e04cd35-fb92-11de-a6db-0018de2a1a6b}??????????????? ???????s?????????????;??L??????????????}??? ???????????????????n?;????????D???&???????????????????????? D??????1??????e-??Teredo Tunneling Pseudo-Interface????????????C??????06???????t???n??ss??system32\DRIVERS\lvrs.sys?????D????????????e????Logitech RightSound Filter Driver?????????X?????????????? ??????? ?????OS ????????????????????????4???????????h?????????????????????????????????t?????????????????????????6???????????h?????system32\DRIVERS\lvuvc.sys????????2????????????e????Logitech Webcam 200(UVC)????? N??????|???????|??????os??Logitech????????or???e??tunnel?n?????j?k?y?y???????????????????????????s??????????????Z???????????????????????X??????|???t??? ???????5??????}?????N??????|?
Reg            HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                              ???p?|????<??p?????????n??????????????????????????????????????????\??q??????????????????????????????????????????????????_r??????_r???????n????P??p?????????e????%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe?????????????????????????????p??????p?????4???????????h??????????????????????????????????????????????????e??????????????????? ???????p?????????????,???????????? ???????????? ???????o?????p?????p????????$???B????????c????@%SystemRoot%\System32\certprop.dll,-11???????Z??p????????h?????%SystemRoot%\system32\svchost.exe -k netsvcs??????P??p?????????n????@%SystemRoot%\System32\certprop.dll,-12?????? ???p??????????????LocalSystem?????RpcSs???????????????????????????????????????t???????????????t??????? ????????????????p???????????e????,??p???????????????????????????????????????p???????????????????p?p?p?p?p?p?p?p?p?p?p??????????????????????????? ???????p???????????p????????,?F??? ???????????? F??p???????????????????p???????????p??????????????SeCreateGlobalPrivilege?SeTcbPrivilege?SeChangeNotifyPrivil
Reg            HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind                            ???}????????ba???z??11???????????????z??????????????????????{C4BA0EB2-85C7-4CD7-B250-833E3A113FF3}??-8??????6B???????????????????????????????z??.NT?????.NTx86??????usb.inf?????????????????????????? ???e???v??????????????????input.inf???11??????6-21-2006??????????????????????s????????????????????.NT??????????????????????????h??6-21-2006????????????z???????????z???????z???_???h??????????????????SS??????_{???????????????????????????????????????e??????????USB?????? :??|???5???????2??????????tf???????z??USB\VID_19D2&PID_FFF1&MI_00\6&36d16a50&0&0000????z???????A??????????????????.NT??????z???????z??6.1.7600.16385??????? ???d???e?????;Ge???z??*6to4mp??????? ??z???????????????????z??Microsoft???hdaudio\func_01?????AT&F<cr>?B??Microsoft???6-21-2006???Microsoft????????z????????????????*??????@?????@?@???????????????????????z????\??z??????????????????????Microsoft????????A???????z??????????????????????.NT?????v_mscdsc.inf?6???????????a???h???????????????????????????????????_???9??? ??Microsoft????????z??? P?????? ?????
Reg            HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route                          ?????8??????????????????????????192.168.1.254???????????C4???????????v??????PROCEXP113???????d??????????????s???MpKsl124e2d67???????0A???????????|??????????????????????????ROOT\*6TO4MP\0024??????????????? ????????????6??58??Composite.Dev?????z?????????$???????????????????????????????l???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E58B9B43-933F-484E-8B3E-71EC80717420}] SEQPACKET 22????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????????????????-??"?????l?????????????????????????r??????????????r???h???????????u??????????? l??????{??????????? ??????? ????????????X?????????????6-21-2006????????????4??26??0.0.0.0?2.41???|?????????????????????????????????????&??oem18.inf???? ?????????????????????-??"?????l???????71??? ?????????
Reg            HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                          ???v?????|????????????????2??v????????h??????????~??????????????????????????????_tcp????????????????t???C:\ProgramData\Microsoft\MF??????????????|???????u???????z???????????????????????????????????????d??? ???????n????????????????????6????????????8?????????????????????????n??? ???????n?????n???????-????????????????????????????? l????????????/????Modem????????n???D?????????gnt??????s???????????????r????n???????????????&???n????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????@FirewallAPI.dll,-23505???????@FirewallAPI.dll,-23506???????????????????????????????????:??????????????????????????????&???o???????????????????????????????????&???o???????????????????????????&???o???????????????????????????&???o????????????????????????????????????????????????????????????????????????????????????@FirewallAPI.dll,-23501???????@FirewallAPI.dll,-23502???????mpssvc??????????????????????????????????????????????????????????????????@Firewall
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0016ceeb7a91 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind                                    ???s?q???????s????????????4??s????????h??????????????????????????????s???????????????????s??328000???????????s?????????e????????????????????umb\umbus????????t??????0.0.0.0????????????????????????????????s????45000???Protocolo IrDA???????????3???????????????????+??????????? ???????s?????s?????s????????????????????s??????????s???????????e??? ???????s???????????s???????????????????????????s???????????s??????????????s????s?s???????s????? ???????o?????s?????s??????????h?q???????e???????h??s?????????e????@%SystemRoot%\system32\drivers\filetrace.sys,-10001???????4??s??????p???FSFilter Activity Monitor??????s??????>??s????????h?????system32\drivers\filetrace.sys????????h??s?????????n????@%SystemRoot%\system32\drivers\filetrace.sys,-10000?????FltMgr??????????????????????????????????????t????????s?????????????????????g?????????????????????s?s?s?s?s?s?s?s?s???????s???????????e??? ???????s?????s?????s?,??0?????2?????????s???????2??s???????????e??FileTrace - Top Instance????? ???????s???????????s?,???????????????????????
Reg            HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route                                    ???s?s???????e????????????????????????????????????????????T??s??????????????????SeChangeNotifyPrivilege?SeAuditPrivilege??????,??????????????????????????|???s?s?s?s?s?s?s????R??s?????????e???????? ???????????? F??s??????????????@%systemroot%\system32\FntCache.dll,-100?????????s????????h?????%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation?????? ???????s???????????s????????,?F??? ????????????????@???????????????????????@??????????????????????????????????????????????????????????????????%SystemRoot%\system32\FntCache.dll???????????????????????????????s???s??? ???????s???????????s???????????????????????????s??????????????????0????????????????????????????????????? ?????????????????????????????????????????????????????????? ???????o?????s?????s????????????v???????????????d??s?????????e????@%SystemRoot%\system32\PresentationHost.exe,-3309????????????????????????????s????????h?????%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe?????????????????t??????s?????s?????????????????
Reg            HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                  ???ss???????????????Keyboard Class??????System Bus Extender?????????????????????????*6to4mp??|???????d???????????B???????????s?????????????????????????s???????????????g ?????8??s????????h?????????????????t???@%systemroot%\system32\drivers\hwpolicy.sys,-101?????????????????????????????5???????????k?k???k?????????s??? ???????o?????s?????s??????????x?|???????????????????????????????????????????????T??s????????h?????\SystemRoot\system32\DRIVERS\gagp30kx.sys?????x??s?????????e????Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms??????????s??????p???PnP Filter???????s?s?s?s?s?s?s????J??s???????????d??agp.inf_x86_neutral_a61b8b06718e8352????? ???????s???????????s?????????????? ????????????????s??????????? ???????o?????s?????s?0??????$???}?????c???????? ???????????????????? ??s?????????e????@gpapi.dll,-112??????????s???????s??????p???ProfSvc_Group?????Z??s????????h?????%systemroot%\system32\svchost.exe -k netsvcs?????????????&???? ??s?????????n????@gpapi.dll,-113??????s???s??????????????? ???s?????????????
Reg            HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind                                ???k?t???k??? ???????k?????k?????k?-???????????? ???????R???????????????????????? ???????k???????????l?-????????P??????????????k?&??? ???????k?????k?????k?-??????????g??????????0??Volume?:\W???l?l?l??? ???????k???????????l?-????????P???????????USBSTOR??????????????????????l?l?l?????k?&??USBSTOR?NN??Microsoft???Volume???????i?k?k?k?????????l??????????Ndi-Mp-Bh????????????,???????????????????????????????????????t???????????????2?????????????????s???????????????????????|?o??.NT??????k?l?????l??? ???????k?????k?????k?-??????????h??????????0????N?xl????????D?????? ???????k???????????|?-????????P????????????????k??????s????????????e?????s? ?????k?&??rdbss???????LegacyDriver????????????????????? ???????k?????k?????k?-??????????y? ????????????????????????????????? l?&???l??????????????? ???????k???????????k?-????????N???????????{8ECC055D-047F-11D1-A537-0000F8753ED1}???????????l??????????????????????????.NTx86??????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? V??????????????????????????:??????08?????????????????????
Reg            HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route                              ???o?q????<??q????????h??????????s???????|??????????????????MS_RFCOMM????o?o?o???o??????????????t???????5???????????????????????t???????t????q???????q????????????????????????6??t??????????????MS_BTHBRB???? ???????o???????????o????????,?F??? ???????????%SystemRoot%\System32\appidsvc.dll???????????????????????o????????????????????????????????????????P??o????????h?????\SystemRoot\system32\DRIVERS\amdagp.sys???????4??o?????????e????AMD AGP Bus Filter Driver????????o??????p???PnP Filter???????o?o?o?o?o?o?o????R??o???????????d??machine.inf_x86_neutral_65848c2d7375a720????? ???????o???????????o?????????????? ????????????????o???????????????o???????????????o?????????????????????o????? ???????o???????????o??????????P????????????????????????????o??MS_BTHPAN??????o?????????????????????&???o??????????????????????????? ?????????????????????????o?????o??????????????.?????????????????????????????????????????????????????????:??????????????????&???o??????????????????????????? ???????o???????????o??????????N???????8??????????
Reg            HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                              ???q?q??protimus?{??????????????? ???????o?????q????Pq?2??????$?h?Z???????????N??p?????????e????@%SystemRoot%\System32\dnsapi.dll,-101???????????p??????p?????h??p????????h?????%SystemRoot%\system32\svchost.exe -k NetworkService???????N??p?????????n????@%SystemRoot%\System32\dnsapi.dll,-102?????????q0????p??? 8??p??????????????NT AUTHORITY\NetworkService????????????????????????????q????TDI?????????????????t??????? ?????????????,? q???????????????????p???????????e??????????????????????? F??q???????????????q????b??p??????????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege??????????q???????????q???????????????????????????????????????p?p?p?p?p?p?p?p?p?p?p?p????? ???????p?????p?????p?2??????,?F??? ???????????%SystemRoot%\System32\dnsrslvr.dll????????????????????????????????B??q????????n?????%SystemRoot%\System32\dnsext.dll????? ???????q???????????p?2??????????????????????8??s????????h?????? ???????p???????????p?2????????????????????????????0??????????????????????????? ??????????? ??????????????????????????

---- EOF - GMER 1.0.15 ----
--- --- ---

------------------------------------------------------------------------------------
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 09:33:30 on 07.04.2011

OS: Windows 7  (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl
"styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\janis\AppData\Local\Temp\catchme.sys  (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"MpKsl84c01e34" (MpKsl84c01e34) - "Microsoft Corporation" - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE34627A-8189-43F4-8EF9-F1D3724527BD}\MpKsl84c01e34.sys
"NetGroup Packet Filter Driver" (npf) - "CACE Technologies, Inc." - C:\Windows\System32\drivers\npf.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{4B392032-A759-43ED-9469-377C80A4472D} "AcDgnImageExtractor" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM18.dll
{5800AD5B-72C1-477B-9A08-CA112DF06D97} "AcInfoTipHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
{36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk, Inc." - C:\Windows\system32\AcSignIcon.dll
{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI8079~1\shellext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR shell extension" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
<binary data> "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "VDownloader Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
{00000000-6E41-4FD3-8538-502F5495E5FC} "UrlSearchHook Class" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
<binary data> "VDownloader Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "VDownloader Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Logitech Vid" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MSC" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"UDisk Monitor" (UDisk Monitor) - ? - C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe  (File found, but it contains no detailed information)
"Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Microsoft Corporation" - C:\Windows\WLXPGSS.SCR

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Computer, Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

------------------------------------------------------------------------------------

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 2007FRG
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 180):
0x82E40000 \SystemRoot\system32\ntkrnlpa.exe
0x82E09000 \SystemRoot\system32\halmacpi.dll
0x80BCD000 \SystemRoot\system32\kdcom.dll
0x8AE3A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8AEB2000 \SystemRoot\system32\PSHED.dll
0x8AEC3000 \SystemRoot\system32\BOOTVID.dll
0x8AECB000 \SystemRoot\system32\CLFS.SYS
0x8AF0D000 \SystemRoot\system32\CI.dll
0x8B010000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B081000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B08F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B0D7000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8B0E0000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B0E8000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B112000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B11D000 \SystemRoot\System32\drivers\partmgr.sys
0x8B12E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B136000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B141000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B151000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B19C000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8B1A3000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B1B1000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x8B1DF000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B1F5000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8AFB8000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8B000000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8AFDB000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8AE00000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AFE4000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B20C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B33B000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B366000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B379000 \SystemRoot\System32\Drivers\cng.sys
0x8B3D6000 \SystemRoot\System32\drivers\pcw.sys
0x8B3E4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B420000 \SystemRoot\system32\drivers\ndis.sys
0x8B4D7000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B515000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B628000 \SystemRoot\System32\drivers\tcpip.sys
0x8B771000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B7A2000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8B7AB000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B7EA000 \SystemRoot\System32\Drivers\spldr.sys
0x8B53A000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B600000 \SystemRoot\System32\Drivers\mup.sys
0x8B610000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B567000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B599000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B5AA000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B400000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90232000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x90259000 \SystemRoot\System32\Drivers\Null.SYS
0x90260000 \SystemRoot\System32\Drivers\Beep.SYS
0x90267000 \SystemRoot\System32\drivers\vga.sys
0x90273000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90294000 \SystemRoot\System32\drivers\watchdog.sys
0x902A1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x902A9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x902B1000 \SystemRoot\system32\drivers\rdprefmp.sys
0x902B9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x902C4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x902D2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x902E9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x902F4000 \SystemRoot\system32\drivers\afd.sys
0x9034E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90380000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90387000 \SystemRoot\system32\DRIVERS\pacer.sys
0x903A6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x903B4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x903C7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FA00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FA41000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FA4B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FA55000 \SystemRoot\System32\drivers\discache.sys
0x8FA61000 \SystemRoot\system32\drivers\csc.sys
0x8FAC5000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FADD000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8FAEB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8FB0C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90809000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8FB1E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x95412000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9544B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x95C10000 \SystemRoot\system32\DRIVERS\netw5v32.sys
0x96023000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9602E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x96079000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x96088000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x960A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x960AD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x960BA000 \SystemRoot\system32\DRIVERS\nscirda.sys
0x960C2000 \SystemRoot\system32\drivers\irenum.sys
0x960CB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x960CF000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x960D3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x960E0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x960F2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9610A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x96115000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x96137000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9614F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x96166000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9617D000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x96187000 \SystemRoot\system32\DRIVERS\swenum.sys
0x96189000 \SystemRoot\system32\DRIVERS\ks.sys
0x961BD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9546A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x961CB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x954AE000 \SystemRoot\system32\drivers\HdAudio.sys
0x954FE000 \SystemRoot\system32\drivers\portcls.sys
0x961DC000 \SystemRoot\system32\drivers\drmk.sys
0x9552D000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
0x95823000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
0x95925000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
0x959DA000 \SystemRoot\system32\drivers\modem.sys
0x959E7000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x95800000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9580D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x95818000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x9556A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x82770000 \SystemRoot\System32\win32k.sys
0x961F5000 \SystemRoot\System32\drivers\Dxapi.sys
0x9557B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x959FD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x95C00000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x95592000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x95599000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x955A4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x955B7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x955C3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x955CE000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8C424000 \SystemRoot\System32\Drivers\bthport.sys
0x8C4B2000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8C4D6000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8C4E3000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x8C4FE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x829D0000 \SystemRoot\System32\TSDDD.dll
0x82600000 \SystemRoot\System32\cdd.dll
0x82620000 \SystemRoot\System32\ATMFD.DLL
0x8C509000 \SystemRoot\system32\drivers\luafv.sys
0x8C524000 \SystemRoot\system32\drivers\WudfPf.sys
0x8C53E000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x8C547000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x8C568000 \SystemRoot\system32\DRIVERS\irda.sys
0x8C586000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8C596000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8C5DC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8C5EC000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x98A06000 \SystemRoot\system32\drivers\HTTP.sys
0x98A8B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x98AA4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x98AB6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x98AD9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x98B14000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x98B47000 \SystemRoot\system32\drivers\npf.sys
0x98B56000 \SystemRoot\system32\drivers\peauth.sys
0x98BED000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8C400000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x98B2F000 \SystemRoot\System32\drivers\tcpipreg.sys
0x98B3C000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x9AA22000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9AA71000 \SystemRoot\System32\DRIVERS\srv.sys
0x9AAC2000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x9AACE000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0x9AAD3000 \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE34627A-8189-43F4-8EF9-F1D3724527BD}\MpKsl84c01e34.sys
0x9AAD9000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9AB6D000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x76FE0000 \Windows\System32\ntdll.dll
0x48470000 \Windows\System32\smss.exe
0x77220000 \Windows\System32\apisetschema.dll
0x00480000 \Windows\System32\autochk.exe
0x77170000 \Windows\System32\usp10.dll
0x76E80000 \Windows\System32\ole32.dll
0x76D40000 \Windows\System32\urlmon.dll
0x76C40000 \Windows\System32\wininet.dll
0x76B70000 \Windows\System32\msctf.dll
0x77140000 \Windows\System32\imagehlp.dll
0x76B20000 \Windows\System32\gdi32.dll
0x76AE0000 \Windows\System32\ws2_32.dll

Processes (total 57):
0 System Idle Process
4 System
264 C:\Windows\System32\smss.exe
352 csrss.exe
428 C:\Windows\System32\wininit.exe
440 csrss.exe
476 C:\Windows\System32\services.exe
492 C:\Windows\System32\lsass.exe
500 C:\Windows\System32\lsm.exe
540 C:\Windows\System32\winlogon.exe
652 C:\Windows\System32\svchost.exe
716 C:\Windows\System32\ibmpmsvc.exe
768 C:\Windows\System32\svchost.exe
820 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
920 C:\Windows\System32\Ati2evxx.exe
952 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\audiodg.exe
1180 C:\Windows\System32\svchost.exe
1320 WUDFHost.exe
1428 C:\Windows\System32\svchost.exe
1472 C:\Windows\System32\Ati2evxx.exe
1684 C:\Windows\System32\spoolsv.exe
1720 C:\Windows\System32\svchost.exe
1788 C:\Program Files\Bonjour\mDNSResponder.exe
1856 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1916 C:\Windows\System32\svchost.exe
1980 C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe
2028 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
1296 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2324 C:\Windows\System32\taskhost.exe
2668 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2788 C:\Windows\System32\svchost.exe
2896 C:\Windows\System32\svchost.exe
3104 C:\Windows\System32\rundll32.exe
3228 C:\Windows\System32\dwm.exe
3256 C:\Windows\explorer.exe
3296 C:\Program Files\Panda USB Vaccine\USBVaccine.exe
3400 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
3424 C:\Program Files\Microsoft Security Client\msseces.exe
3440 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3524 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
3544 C:\Program Files\Logitech\Logitech Vid\Vid.exe
3592 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3692 C:\Program Files\OpenOffice.org 3\program\soffice.exe
3708 C:\Program Files\OpenOffice.org 3\program\soffice.bin
3744 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
3900 C:\Windows\System32\SearchIndexer.exe
4032 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
2576 C:\Windows\System32\svchost.exe
4076 C:\Windows\servicing\TrustedInstaller.exe
2532 C:\Windows\System32\SearchProtocolHost.exe
2432 C:\Windows\System32\SearchFilterHost.exe
1732 C:\Users\janis\Desktop\MBRCheck.exe
788 C:\Windows\System32\conhost.exe
1692 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2080BH, Rev: 00840028

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

------------------------------------------------------------------------------------

Gruss, :crazy:

cosinus 07.04.2011 10:15
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

ginguba 19.04.2011 18:51
Hallo,

ich hab momentan nicht immer Internet, daher erst jetzt wieder... Habe die scans gemacht. Bei SuperAntiSpyware sind ne Menge Cookies gefunden worden...

Hier die Logs:

-------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6389

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

19.04.2011 00:15:28
mbam-log-2011-04-19 (00-15-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 291815
Laufzeit: 55 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

--------------------------------------------------------------------

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/19/2011 at 10:17 AM

Application Version : 4.50.1002

Core Rules Database Version : 6623
Trace Rules Database Version: 4672

Scan type : Complete Scan
Total Scan Time : 00:53:18

Memory items scanned : 446
Memory threats detected : 0
Registry items scanned : 9086
Registry threats detected : 0
File items scanned : 36964
File threats detected : 90

Adware.Tracking Cookie
www.unmultimedia.org [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GYP9JLQV ]
ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.adinterax.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.adinterax.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.yadro.ru [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.apmebf.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.photobox.112.2o7.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
ad.zanox.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
www.etracker.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.zanox.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
urbia.wwe-media.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
track.adform.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
track.adform.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.adform.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.atdmt.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.atdmt.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
ad2.adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.statcounter.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.advertising.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.advertising.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
tracking.publicidees.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.xiti.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.revsci.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.revsci.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.revsci.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.revsci.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.2o7.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.rambler.ru [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.adtech.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.adtech.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.adtech.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
ww251.smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.zanox-affiliate.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.estat.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.specificclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.toplist.cz [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
www.etracker.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.247realmedia.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.advertstream.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.weborama.fr [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.boursoramabanque.solution.weborama.fr [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.boursoramabanque.solution.weborama.fr [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.boursoramabanque.solution.weborama.fr [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.boursoramabanque.solution.weborama.fr [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.clubmed.solution.weborama.fr [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.clubmed.solution.weborama.fr [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.clubmed.solution.weborama.fr [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.clubmed.solution.weborama.fr [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.horyzon-media.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.horyzon-media.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.adbrite.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.adbrite.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.adbrite.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.mediabrandsww.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
m1.webstats.motigo.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ]

------------------------------------------------------------
:pfeiff::Boogie:

cosinus 19.04.2011 20:15
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:50 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131