| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Habe auch den BKA TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.07.2011, 09:40
| #1 |
 |  Habe auch den BKA Trojaner Hallo liebes Forum, folgendes Problem, ich habe mir von einem Bekannten einen gebrauchten Laptop gekauft. Nach dem 3 Tag hat sich der BKA Trojaner auf mein Laptop geschlichen. Nix ging mehr. Ein Bekannter hat in im abgesicherten Modus wieder hochgefahren,ein paar Autostart einträge gelöscht,irgendwas in der Registry gelöscht, und danach konnte ich ihn wieder benutzen. Der Trojaner ist aber glaube ich noch drauf. So hab mich hier mal ein bissl schlau gemacht, und habe den Lappi erstmal mit "ESET Online Scanner" gescannt. Malwarebytes ist grad am durchlaufen. So hier mal die Logs von ESET ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=46b7f2b7fa3889488d26bbc603c1d28f # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-27 05:22:45 # local_time=2011-07-27 07:22:45 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1797 16775165 100 94 212992 87296096 101893 0 # compatibility_mode=5892 16776573 100 100 71624 149313517 0 0 # compatibility_mode=8192 67108863 100 0 152 152 0 0 # scanned=147354 # found=3 # cleaned=0 # scan_time=6575 C:\Program Files\Paradise8\Loader.exe Win32/RubyRoyal application (unable to clean) 00000000000000000000000000000000 I C:\Users\Kammerzofe\AppData\Local\Temp\jar_cache52817.tmp a variant of Win32/Injector.IEB trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Kammerzofe\AppData\Roaming\jashla.exe a variant of Win32/Injector.IEB trojan (unable to clean) 00000000000000000000000000000000 I Ich hoff man kann mir helfen,liebes Team Geändert von Antoniaa (28.07.2011 um 09:46 Uhr) |
|
28.07.2011, 10:28
| #2 |
| | Habe auch den BKA Trojaner So hier nun auch die Logdatei von Malwarebyte. ich hoff ich habe alles richtig gemacht.
__________________Malwarebytes' Anti-Malware 1.51.1.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 7307 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 28.07.2011 11:23:30 mbam-log-malwarebyte Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 280850 Laufzeit: 1 Stunde(n), 28 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\kammerzofe\AppData\Local\Temp\jar_cache52817.tmp (Backdoor.Bot) -> No action taken. c:\Users\kammerzofe\AppData\Roaming\jashla.exe (Backdoor.Bot) -> No action taken. |
|
28.07.2011, 12:31
| #3 |
| | Habe auch den BKA Trojaner hier nun die logs von "OTL"OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 28.07.2011 12:00:27 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Kammerzofe\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,49 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 57,11% Memory free 3,23 Gb Paging File | 2,40 Gb Available in Paging File | 74,32% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 32,51 Gb Total Space | 5,80 Gb Free Space | 17,84% Space Free | Partition Type: NTFS Drive D: | 32,26 Gb Total Space | 17,06 Gb Free Space | 52,89% Space Free | Partition Type: NTFS Computer Name: KAMMERZOFE-PC | User Name: Kammerzofe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.28 11:58:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Kammerzofe\Downloads\OTL.exe PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010.05.07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.03.02 03:06:52 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\KAMMER~1\AppData\Local\Temp\RtkBtMnt.exe PRC - [2008.01.19 00:38:34 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe PRC - [2007.04.23 09:51:42 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.03.21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.03.21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (SafeList) ========== MOD - [2011.07.28 11:58:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Kammerzofe\Downloads\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010.06.23 10:45:58 | 000,604,488 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2010.06.23 10:45:57 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.05.07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009.11.16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.03.21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () [On_Demand | Stopped] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService) ========== Driver Services (SafeList) ========== DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.05.15 00:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C210(UVC) DRV - [2010.05.15 00:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2010.05.15 00:02:14 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2010.05.07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.12.18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.10.20 18:47:56 | 000,112,640 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.10.06 12:56:34 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2009.10.06 12:56:32 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2009.10.06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.10.06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.10.06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.10.06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.09.10 14:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2007.08.10 09:11:34 | 000,014,336 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxfax.sys -- (HPFXFAX) DRV - [2007.08.10 09:11:34 | 000,011,264 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK) DRV - [2007.04.11 10:40:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2007.04.11 10:40:10 | 000,063,488 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2007.04.11 10:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2007.02.25 16:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.02.07 12:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007.01.30 22:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.12.05 14:26:00 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.08.29 16:56:20 | 000,032,377 | ---- | M] (B-phreaks) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\prodigy.sys -- (PRODIGY) DRV - [2005.12.07 11:45:00 | 000,031,232 | ---- | M] (LITE-ON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbdtv.sys -- (usbdtv) LITE-ON DVB-T (PID=F001) DRV - [2005.12.07 11:13:00 | 000,022,016 | ---- | M] (LITE-ON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dtvfw.sys -- (DTVFW) DRV - [2005.06.13 11:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM) DRV - [2004.07.14 13:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Live Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.7 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=1e6d885e000000000000000000000000&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1483: C:\Program Files\StormII\Codec\Plugins\nprpjplug.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: RealPlayer File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.28 09:37:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.26 11:18:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2010.12.08 21:41:13 | 000,000,000 | ---D | M] [2008.10.14 21:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kammerzofe\AppData\Roaming\mozilla\Extensions [2011.07.27 13:03:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kammerzofe\AppData\Roaming\mozilla\Firefox\Profiles\w7zgb186.default\extensions [2010.12.11 14:21:26 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Kammerzofe\AppData\Roaming\mozilla\Firefox\Profiles\w7zgb186.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.12.09 12:58:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kammerzofe\AppData\Roaming\mozilla\Firefox\Profiles\w7zgb186.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.06 14:54:08 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Kammerzofe\AppData\Roaming\mozilla\Firefox\Profiles\w7zgb186.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.01.10 19:29:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Kammerzofe\AppData\Roaming\mozilla\Firefox\Profiles\w7zgb186.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.11.06 15:47:42 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kammerzofe\AppData\Roaming\mozilla\Firefox\Profiles\w7zgb186.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.08 21:42:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kammerzofe\AppData\Roaming\mozilla\Firefox\Profiles\w7zgb186.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.08.28 01:33:12 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Kammerzofe\AppData\Roaming\mozilla\Firefox\Profiles\w7zgb186.default\extensions\piclens@cooliris.com [2009.02.28 17:39:17 | 000,001,632 | ---- | M] () -- C:\Users\Kammerzofe\AppData\Roaming\Mozilla\Firefox\Profiles\w7zgb186.default\searchplugins\live-search.xml [2011.06.02 14:13:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.06.02 14:13:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.08.27 22:34:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.08.27 22:34:28 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.08.27 22:34:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.08.27 22:34:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.08.27 22:34:29 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.11.01 03:35:36 | 000,000,799 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 200.124.131.116 casinocontroller.com O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Users\Kammerzofe\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kammerzofe\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Kammerzofe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Kammerzofe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{031649af-5ec4-11e0-a91e-001b38221bbf}\Shell - "" = AutoRun O33 - MountPoints2\{031649af-5ec4-11e0-a91e-001b38221bbf}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{13238157-cec1-11df-81dc-001e101fef43}\Shell - "" = AutoRun O33 - MountPoints2\{13238157-cec1-11df-81dc-001e101fef43}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{13238162-cec1-11df-81dc-001e101f50a4}\Shell - "" = AutoRun O33 - MountPoints2\{13238162-cec1-11df-81dc-001e101f50a4}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{1c004684-bcb3-11df-907f-001e101fabdd}\Shell - "" = AutoRun O33 - MountPoints2\{1c004684-bcb3-11df-907f-001e101fabdd}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{1ed2f39d-4b7e-11df-bc27-001e101f82a0}\Shell - "" = AutoRun O33 - MountPoints2\{1ed2f39d-4b7e-11df-bc27-001e101f82a0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{36831a4f-4a9b-11df-bc36-001e101fb4df}\Shell - "" = AutoRun O33 - MountPoints2\{36831a4f-4a9b-11df-bc36-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{4f2c985b-49e1-11df-a9c4-001e101f3315}\Shell - "" = AutoRun O33 - MountPoints2\{4f2c985b-49e1-11df-a9c4-001e101f3315}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{694aa061-664f-11df-8a4b-001e101f21c1}\Shell\AutoRun\command - "" = H:\xjb3.exe O33 - MountPoints2\{694aa061-664f-11df-8a4b-001e101f21c1}\Shell\open\Command - "" = H:\xjb3.exe O33 - MountPoints2\{854ea5fb-487d-11df-a20e-001e101f63cf}\Shell - "" = AutoRun O33 - MountPoints2\{854ea5fb-487d-11df-a20e-001e101f63cf}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{854ea61c-487d-11df-a20e-001e101f82a0}\Shell - "" = AutoRun O33 - MountPoints2\{854ea61c-487d-11df-a20e-001e101f82a0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9dff6255-b364-11e0-8be1-001b38221bbf}\Shell - "" = AutoRun O33 - MountPoints2\{9dff6255-b364-11e0-8be1-001b38221bbf}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9dff625b-b364-11e0-8be1-001e101f8924}\Shell - "" = AutoRun O33 - MountPoints2\{9dff625b-b364-11e0-8be1-001e101f8924}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b365215d-e5ec-11df-864f-001e101f2b52}\Shell - "" = AutoRun O33 - MountPoints2\{b365215d-e5ec-11df-864f-001e101f2b52}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{cf7afef9-90a5-11df-864a-001b38221bbf}\Shell - "" = AutoRun O33 - MountPoints2\{cf7afef9-90a5-11df-864a-001b38221bbf}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{cf7aff06-90a5-11df-864a-001e101f79c9}\Shell - "" = AutoRun O33 - MountPoints2\{cf7aff06-90a5-11df-864a-001e101f79c9}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d45d8cf7-2ac6-11df-ae36-00197ec9d6b0}\Shell - "" = AutoRun O33 - MountPoints2\{d45d8cf7-2ac6-11df-ae36-00197ec9d6b0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{d45d8d47-2ac6-11df-ae36-001e101f50a4}\Shell - "" = AutoRun O33 - MountPoints2\{d45d8d47-2ac6-11df-ae36-001e101f50a4}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{d8dc9059-d46f-11df-bafd-00197ec9d6b0}\Shell - "" = AutoRun O33 - MountPoints2\{d8dc9059-d46f-11df-bafd-00197ec9d6b0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{d8dc906d-d46f-11df-bafd-001e101f21c1}\Shell - "" = AutoRun O33 - MountPoints2\{d8dc906d-d46f-11df-bafd-001e101f21c1}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{dc1759bc-916e-11df-bf68-001e101f1f81}\Shell - "" = AutoRun O33 - MountPoints2\{dc1759bc-916e-11df-bf68-001e101f1f81}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e1c9b3f9-01cb-11e0-85bb-00197ec9d6b0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk /p \??\F:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: dllh_isv - (C:\Windows\system32\autovate.dll) - File not found O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C90C2798-5F91-4372-F2EA-F13CDCDF3A0E} - Browser Customizations ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F66415F7-18CB-48CE-600D-0C39F846E69A} - Java (Sun) ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.07.28 09:36:29 | 000,000,000 | ---D | C] -- C:\Users\Kammerzofe\AppData\Roaming\Malwarebytes [2011.07.28 09:36:21 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.07.28 09:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.07.28 09:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.07.28 09:36:15 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.07.28 09:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.07.27 17:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.07.27 16:28:08 | 000,134,656 | ---- | C] (Galilean Cauchy Aesop Bellamy) -- C:\Users\Kammerzofe\AppData\Roaming\jashla.exe [2011.07.27 10:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2011.07.26 21:37:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2011.07.26 21:37:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2011.07.26 21:36:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2011.07.21 13:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner [2011.07.21 13:38:57 | 000,112,640 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys [2011.07.21 13:38:57 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys [2011.07.21 13:38:57 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys [2011.07.21 13:38:57 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys [2011.07.09 18:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB [2011.07.09 18:49:15 | 000,000,000 | ---D | C] -- C:\Users\Kammerzofe\AppData\Local\PC_Drivers_Headquarters [2011.07.09 18:49:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Easy Driver Pro [2011.07.09 18:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Driver Pro [2011.07.09 18:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Driver Pro [2011.07.09 05:38:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.07.09 02:10:37 | 000,000,000 | ---D | C] -- C:\Users\Kammerzofe\Documents\My Scans [2011.07.09 02:08:49 | 000,000,000 | ---D | C] -- C:\Users\Kammerzofe\AppData\Roaming\HP [2011.07.09 01:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\zvprt50 [2011.07.09 01:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2011.07.09 01:52:58 | 000,188,416 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\hppafx07.dll [2011.07.09 01:52:58 | 000,014,336 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\drivers\hpfxfax.sys [2011.07.09 01:52:49 | 000,011,264 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\drivers\hpfxbulk.sys [2011.07.09 01:52:48 | 000,188,416 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\hppcew07.dll [2011.07.09 01:52:48 | 000,019,456 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\drivers\hpfxgen.sys [2011.07.09 01:52:05 | 000,000,000 | -H-D | C] -- C:\Config.Msi [2011.07.08 15:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP [2011.07.08 15:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard [2011.07.08 15:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [2011.07.08 15:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2011.07.08 14:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2011.07.08 14:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2011.06.30 20:26:51 | 000,000,000 | ---D | C] -- C:\Users\Kammerzofe\Aushang Laden [2007.07.14 18:06:01 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2007.05.20 00:03:06 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll ========== Files - Modified Within 30 Days ========== [2011.07.28 12:00:04 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2011.07.28 11:41:49 | 000,000,000 | ---- | M] () -- C:\Users\Kammerzofe\defogger_reenable [2011.07.28 11:36:56 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.28 11:36:56 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.28 11:35:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.28 09:36:21 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.27 17:08:21 | 002,476,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.27 16:54:43 | 000,000,680 | ---- | M] () -- C:\Users\Kammerzofe\AppData\Local\d3d9caps.dat [2011.07.27 16:28:08 | 000,134,656 | ---- | M] (Galilean Cauchy Aesop Bellamy) -- C:\Users\Kammerzofe\AppData\Roaming\jashla.exe [2011.07.27 10:14:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011.07.27 10:13:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2011.07.26 11:18:11 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2011.07.21 13:39:07 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk [2011.07.18 13:39:32 | 000,002,339 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.07.09 18:48:28 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\Easy Driver Pro.lnk [2011.07.09 05:38:33 | 199,038,315 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.07.09 01:56:38 | 000,170,239 | ---- | M] () -- C:\Windows\hppins07.dat [2011.07.09 01:56:12 | 000,000,608 | -HS- | M] () -- C:\Windows\System32\winzvprt5.sys [2011.07.08 15:18:53 | 000,161,998 | ---- | M] () -- C:\Windows\hppins07.dat.temp [2011.07.08 15:12:28 | 000,000,860 | ---- | M] () -- C:\Windows\hpntwksetup.ini [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2011.07.28 11:41:49 | 000,000,000 | ---- | C] () -- C:\Users\Kammerzofe\defogger_reenable [2011.07.28 09:36:21 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.27 16:54:43 | 000,000,680 | ---- | C] () -- C:\Users\Kammerzofe\AppData\Local\d3d9caps.dat [2011.07.27 10:14:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011.07.27 10:13:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2011.07.26 11:18:11 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2011.07.26 11:18:11 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk [2011.07.26 01:00:53 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2011.07.26 01:00:50 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man [2011.07.26 01:00:41 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf [2011.07.26 01:00:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.07.26 01:00:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.07.26 01:00:36 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf [2011.07.26 01:00:31 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf [2011.07.26 01:00:16 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2011.07.26 01:00:14 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs [2011.07.26 00:58:45 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml [2011.07.26 00:58:34 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml [2011.07.21 13:39:07 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk [2011.07.09 18:48:28 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\Easy Driver Pro.lnk [2011.07.09 01:56:12 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys [2011.07.09 01:52:55 | 000,000,685 | ---- | C] () -- C:\Windows\System32\hppapr07.dat [2011.07.09 01:51:19 | 000,170,239 | ---- | C] () -- C:\Windows\hppins07.dat [2011.07.08 16:13:05 | 000,161,998 | ---- | C] () -- C:\Windows\hppins07.dat.temp [2011.07.08 16:13:05 | 000,000,838 | ---- | C] () -- C:\Windows\hppmdl07.dat.temp [2011.07.08 14:56:36 | 000,000,860 | ---- | C] () -- C:\Windows\hpntwksetup.ini [2010.11.21 14:09:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.11.05 20:34:55 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg [2010.11.05 20:34:54 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe [2010.08.09 22:43:33 | 000,000,054 | ---- | C] () -- C:\Windows\wininit.ini [2010.05.21 23:01:58 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2010.05.14 23:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010.05.14 23:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2010.05.14 23:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010.05.14 23:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.05.07 19:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2010.05.07 19:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2010.02.18 17:31:37 | 000,000,040 | ---- | C] () -- C:\Windows\ujf635.bin [2010.02.03 17:19:48 | 000,000,023 | ---- | C] () -- C:\Windows\sign.ini [2010.01.10 19:01:35 | 000,002,464 | ---- | C] () -- C:\Windows\netdet.ini [2010.01.10 18:55:22 | 000,000,032 | ---- | C] () -- C:\Windows\DVD_Start.INI [2009.12.23 13:26:24 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.10.31 12:32:39 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2009.10.31 12:30:45 | 000,000,248 | ---- | C] () -- C:\Windows\System32\secustat.dat [2009.10.31 12:30:44 | 000,000,305 | ---- | C] () -- C:\Windows\System32\secushr.dat [2009.10.31 12:14:03 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.09.12 04:05:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.07.01 09:09:11 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini [2009.06.23 15:53:13 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.01.16 04:00:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.12.05 16:46:44 | 000,000,887 | ---- | C] () -- C:\Windows\uninst.ini [2008.06.20 11:54:36 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2008.06.20 11:54:36 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2008.06.19 02:03:30 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.06.18 13:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll [2008.04.22 15:53:44 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.03.20 00:07:06 | 000,000,000 | ---- | C] () -- C:\Users\Kammerzofe\AppData\Roaming\wklnhst.dat [2008.03.03 20:29:25 | 000,000,039 | ---- | C] () -- C:\Windows\MB.ini [2008.03.02 17:59:50 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2008.03.02 17:59:50 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2008.03.02 17:59:08 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat [2008.02.11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2008.02.01 22:41:51 | 000,024,227 | ---- | C] () -- C:\Users\Kammerzofe\AppData\Roaming\UserTile.png [2007.08.10 09:11:50 | 000,000,838 | ---- | C] () -- C:\Windows\hppmdl07.dat [2007.07.15 03:08:46 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll [2007.07.15 03:08:37 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2007.07.14 18:06:01 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2007.05.20 02:52:39 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.05.20 00:03:07 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.05.19 15:34:47 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.05.19 15:34:47 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.05.19 15:28:31 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll [2007.04.24 21:31:12 | 000,010,240 | ---- | C] () -- C:\Windows\System32\ucinst32.dll [2006.11.02 17:33:31 | 000,695,722 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,143,930 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 002,476,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,544 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:33:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [2001.07.07 04:00:00 | 000,003,254 | ---- | C] () -- C:\Windows\System32\HPTCPMON.INI ========== LOP Check ========== [2009.10.31 12:34:06 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\BITS [2010.12.27 23:02:38 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\DVDVideoSoft [2010.11.06 15:47:41 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\DVDVideoSoftIEHelpers [2011.03.13 21:40:34 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\elsterformular [2011.03.28 21:49:14 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\FreeFLVConverter [2009.01.16 22:25:34 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\gtk-2.0 [2008.03.13 13:57:12 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\Leadertech [2009.10.31 12:32:10 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\MxBoost [2009.06.30 00:46:16 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\Nseries [2010.11.01 21:38:12 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\Scan2PDF [2008.03.02 01:02:39 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\TuneUp Software [2010.09.22 13:51:58 | 000,000,000 | ---D | M] -- C:\Users\Kammerzofe\AppData\Roaming\VTExtra [2011.07.28 12:00:04 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2011.07.28 11:33:05 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.10.16 21:32:24 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2008.06.19 03:59:26 | 000,000,000 | ---D | M] -- C:\Acer [2009.07.06 19:28:40 | 000,000,000 | R-SD | M] -- C:\assembly [2007.05.19 15:16:04 | 000,000,000 | ---D | M] -- C:\Book [2011.07.26 21:47:16 | 000,000,000 | -HSD | M] -- C:\Boot [2011.07.26 21:43:01 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.03.02 03:01:21 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2007.07.15 03:08:39 | 000,000,000 | ---D | M] -- C:\DRV [2010.12.08 23:25:29 | 000,000,000 | ---D | M] -- C:\inetpub [2007.05.19 15:22:27 | 000,000,000 | ---D | M] -- C:\Intel [2010.09.17 21:56:17 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.07.28 09:36:15 | 000,000,000 | ---D | M] -- C:\Program Files [2011.07.28 09:36:19 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.03.02 03:01:22 | 000,000,000 | -HSD | M] -- C:\Programme [2009.06.05 19:22:54 | 000,000,000 | ---D | M] -- C:\Programs [2010.02.21 18:04:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.12.28 00:26:54 | 000,000,000 | R--D | M] -- C:\Users [2011.07.27 16:31:30 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.03.02 13:30:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.03.02 13:30:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 00:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.19 00:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.19 00:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe [2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-27 08:08:49 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 72 bytes -> C:\Windows:9BE5E7E968552934 < End of report > |
|
28.07.2011, 12:33
| #4 |
| | Habe auch den BKA Trojaner OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.07.2011 12:00:27 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Kammerzofe\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,49 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 57,11% Memory free
3,23 Gb Paging File | 2,40 Gb Available in Paging File | 74,32% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 32,51 Gb Total Space | 5,80 Gb Free Space | 17,84% Space Free | Partition Type: NTFS
Drive D: | 32,26 Gb Total Space | 17,06 Gb Free Space | 52,89% Space Free | Partition Type: NTFS
Computer Name: KAMMERZOFE-PC | User Name: Kammerzofe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3047791-560114429-293112349-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"$INSTDIR\FlvDetector.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E7F6BD83-2DCD-4E65-9BB7-5DAD8FA7B4AF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F41EB903-5DC5-4002-87CF-465E6BBFB392}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16CEBE1B-2B09-464A-8B23-60E7C6182B29}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{25AD7D82-0B6A-46B5-BDF8-0352CC888B3A}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{65F84B02-039F-4BBF-B7D6-410731CA4C12}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{B352EBAE-0C74-4634-B77A-24F3E1D7407D}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{D724BA40-D83D-4B8C-A997-BC4240CB719F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{09C9CAB4-A245-4F93-AB61-8CA89B920DA8}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"TCP Query User{3E349BD8-56EC-4CA6-B696-0CDB1BB93F28}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"TCP Query User{420226E3-0219-42EE-B05F-B9276557FF0C}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{089B86E5-21BB-4D4A-954F-47CC328FB061}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"UDP Query User{8A37B3A4-F2F1-47D6-9908-541FE353A99E}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CDA14BF-6D0A-44E2-A970-ED43CDDCC495}" = hppLJM2727
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{33EFDAD7-1686-465A-AE0A-26F22E380315}" = Product_Min_QFolder
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4CD3D573-2176-44AA-B85C-6E2FFD3F8015}" = hppFaxUtility
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5672A10E-1B21-4C2F-85D3-3542D0BC8246}" = hppscanM2727
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57C0B860-F0D4-4F87-9855-361183AE1F6F}" = hppSendFax
"{5D5D5856-A0DB-4C62-89C4-D3270A38A701}" = hppFaxDrvM2727
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.0
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DC5A033-23DA-4083-B9E2-ED0EC78E2ED9}" = hppManualsM2727
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A964774D-6D5A-4925-AA9A-A45329C90EEA}" = hpzTLBXFX
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B00690AD-B4F5-4730-9110-5C495B89E647}" = Scan
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BF107E4C-C9AC-4B89-847D-900597E0B0B4}" = hppScanTo
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4C5CF89-51BC-4B2B-9057-EA2D24B56148}" = hppIOFiles
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{E51BD3A9-BEF0-40DA-8718-C37AF53EF877}" = hppTLBXFXM2727
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced PDF-to-Word 1.0 Demo" = Advanced PDF-to-Word 1.0 Demo
"Argente - Registry Cleaner_is1" = Argente - Registry Cleaner 1.5.5.2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular für Unternehmer 12.1.1.6214u" = ElsterFormular für Unternehmer
"ESET Online Scanner" = ESET Online Scanner v3
"Free Studio_is1" = Free Studio version 4.9.13
"Freemake Video Converter_is1" = Freemake Video Converter Version 2.1.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP LaserJet M2727" = HP LaserJet M2727 MFP Series 1.0
"JDownloader" = JDownloader
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Mozilla Firefox 4.0b6 (x86 de)" = Mozilla Firefox 4.0b6 (x86 de)
"Scan2PDF_is1" = Scan2PDF 1.6
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.01.2010 21:12:14 | Computer Name = Kammerzofe-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PCSuite.exe, Version 7.1.55.0, Zeitstempel 0x4afa7c7d,
fehlerhaftes Modul ole32.dll, Version 6.0.6001.22247, Zeitstempel 0x48ab8fcc, Ausnahmecode
0xc0000005, Fehleroffset 0x00038962, Prozess-ID 0x142c, Anwendungsstartzeit 01caa1f76d2ba3dd.
Error - 30.01.2010 22:16:41 | Computer Name = Kammerzofe-PC | Source = Application Hang | ID = 1002
Description = Programm NokiaOviSuite.exe, Version 2.0.2.42 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 474 Anfangszeit: 01caa21acce5f686 Zeitpunkt
der Beendigung: 47
Error - 30.01.2010 22:54:03 | Computer Name = Kammerzofe-PC | Source = LoadPerf | ID = 3002
Description =
Error - 30.01.2010 22:56:14 | Computer Name = Kammerzofe-PC | Source = LoadPerf | ID = 3002
Description =
Error - 30.01.2010 22:56:36 | Computer Name = Kammerzofe-PC | Source = LoadPerf | ID = 3012
Description =
Error - 30.01.2010 22:56:36 | Computer Name = Kammerzofe-PC | Source = LoadPerf | ID = 3012
Description =
Error - 30.01.2010 22:56:36 | Computer Name = Kammerzofe-PC | Source = LoadPerf | ID = 3011
Description =
Error - 30.01.2010 22:57:32 | Computer Name = Kammerzofe-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =
Error - 30.01.2010 22:57:51 | Computer Name = Kammerzofe-PC | Source = LoadPerf | ID = 3002
Description =
Error - 30.01.2010 23:14:34 | Computer Name = Kammerzofe-PC | Source = LoadPerf | ID = 3002
Description =
[ Media Center Events ]
Error - 08.03.2008 10:05:33 | Computer Name = Kammerzofe-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 0D Prozess: DefaultDomain Objektname: Media Center Guide
Error - 21.06.2008 06:00:36 | Computer Name = Kammerzofe-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 27.09.2010 03:54:45 | Computer Name = Kammerzofe-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 27.07.2011 11:07:53 | Computer Name = Kammerzofe-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27.07.2011 11:07:53 | Computer Name = Kammerzofe-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27.07.2011 11:13:40 | Computer Name = Kammerzofe-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 28.07.2011 03:31:55 | Computer Name = Kammerzofe-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 28.07.2011 um 03:04:14 unerwartet heruntergefahren.
Error - 28.07.2011 03:32:02 | Computer Name = KAMMERZOFE-PC | Source = APPHOSTSVC | ID = 9010
Description =
Error - 28.07.2011 03:32:10 | Computer Name = KAMMERZOFE-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 28.07.2011 03:32:10 | Computer Name = KAMMERZOFE-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 28.07.2011 05:35:41 | Computer Name = Kammerzofe-PC | Source = APPHOSTSVC | ID = 9010
Description =
Error - 28.07.2011 05:35:51 | Computer Name = Kammerzofe-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 28.07.2011 05:35:51 | Computer Name = Kammerzofe-PC | Source = Service Control Manager | ID = 7000
Description =
[ TuneUp Events ]
Error - 26.08.2010 19:07:36 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-27 01:07:36', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','588',0)
Error - 26.08.2010 19:23:24 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-27 01:23:24', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbamgui.exe','2524',0)
Error - 26.08.2010 19:23:34 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-27 01:23:34', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','2808',0)
Error - 26.08.2010 19:24:34 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-27 01:24:34', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','3764',0)
Error - 26.08.2010 19:25:29 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-27 01:25:29', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','2544',0)
Error - 26.08.2010 19:43:11 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-27 01:43:11', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','3428',0)
Error - 28.08.2010 04:21:45 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-28 10:21:45', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','2728',0)
Error - 28.08.2010 10:45:15 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-28 16:45:15', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','2772',0)
Error - 11.09.2010 07:38:44 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-11 13:38:44', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','1260',0)
Error - 12.09.2010 04:32:23 | Computer Name = Kammerzofe-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-12 10:32:22', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\unins000.exe','1140',0)
< End of report >
|
|
28.07.2011, 12:34
| #5 |
| | Habe auch den BKA Trojaner so und von "gmer" GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-28 13:20:52
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL25
Running: wdjcb25o.exe; Driver: C:\Users\KAMMER~1\AppData\Local\Temp\kwldiaod.sys
---- System - GMER 1.0.15 ----
SSDT 8CC3031C ZwCreateThread
SSDT 8CC30308 ZwOpenProcess
SSDT 8CC3030D ZwOpenThread
SSDT 8CC30317 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 221 824E29A4 4 Bytes [1C, 03, C3, 8C]
.text ntkrnlpa.exe!KeSetEvent + 3F1 824E2B74 4 Bytes [08, 03, C3, 8C]
.text ntkrnlpa.exe!KeSetEvent + 40D 824E2B90 4 Bytes [0D, 03, C3, 8C]
.text ntkrnlpa.exe!KeSetEvent + 621 824E2DA4 4 Bytes [17, 03, C3, 8C]
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0x9DA08400, 0x82482, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9DAA8420] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9DAA8420]
.protectÿÿÿÿhardlockunknown last code section [0x9DAA8200, 0x5105, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0x9DAA8200, 0x5105, 0xE0000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
28.07.2011, 14:04
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Habe auch den BKA Trojaner Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. Zitat:
__________________ --> Habe auch den BKA Trojaner |
|
28.07.2011, 14:14
| #7 |
| | Habe auch den BKA Trojaner Hi Cosinus, erstmal danke für deine Hilfe. Bei Malwarebytes gibt es noch eine "Protection Log", meinst du diese Datei mit "weiteren Logs"? Nein ich habe die Funde noch nicht gelöscht,wollte erstmal deine Antwort abwarten. Das heißt, ich muss Malwarebytes nochmal durchlaufen lassen,und dann die Funde entfernen,oder? Genügt dann auch ein "Quickscan" oder muss ich den "vollständigen scan" durchlaufen lassen. Sorry für meine Unwissendheit,aber ich hab echt kein Plan von der Materie. |
|
28.07.2011, 14:18
| #8 |
| | Habe auch den BKA Trojaner Ok hab die Funde jetzt gelöscht. Malwarebytes' Anti-Malware 1.51.1.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 7307 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 28.07.2011 15:16:32 mbam-log-2011-07-28 (15-16-32).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 140743 Laufzeit: 7 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\kammerzofe\AppData\Roaming\jashla.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Users\kammerzofe\AppData\Local\Temp\jar_cache52817.tmp (Backdoor.Bot) -> Quarantined and deleted successfully. |
|
28.07.2011, 14:44
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Habe auch den BKA Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{031649af-5ec4-11e0-a91e-001b38221bbf}\Shell - "" = AutoRun
O33 - MountPoints2\{031649af-5ec4-11e0-a91e-001b38221bbf}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{13238157-cec1-11df-81dc-001e101fef43}\Shell - "" = AutoRun
O33 - MountPoints2\{13238157-cec1-11df-81dc-001e101fef43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{13238162-cec1-11df-81dc-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{13238162-cec1-11df-81dc-001e101f50a4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1c004684-bcb3-11df-907f-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{1c004684-bcb3-11df-907f-001e101fabdd}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1ed2f39d-4b7e-11df-bc27-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{1ed2f39d-4b7e-11df-bc27-001e101f82a0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{36831a4f-4a9b-11df-bc36-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{36831a4f-4a9b-11df-bc36-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4f2c985b-49e1-11df-a9c4-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{4f2c985b-49e1-11df-a9c4-001e101f3315}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{694aa061-664f-11df-8a4b-001e101f21c1}\Shell\AutoRun\command - "" = H:\xjb3.exe
O33 - MountPoints2\{694aa061-664f-11df-8a4b-001e101f21c1}\Shell\open\Command - "" = H:\xjb3.exe
O33 - MountPoints2\{854ea5fb-487d-11df-a20e-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{854ea5fb-487d-11df-a20e-001e101f63cf}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{854ea61c-487d-11df-a20e-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{854ea61c-487d-11df-a20e-001e101f82a0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9dff6255-b364-11e0-8be1-001b38221bbf}\Shell - "" = AutoRun
O33 - MountPoints2\{9dff6255-b364-11e0-8be1-001b38221bbf}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9dff625b-b364-11e0-8be1-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{9dff625b-b364-11e0-8be1-001e101f8924}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b365215d-e5ec-11df-864f-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{b365215d-e5ec-11df-864f-001e101f2b52}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf7afef9-90a5-11df-864a-001b38221bbf}\Shell - "" = AutoRun
O33 - MountPoints2\{cf7afef9-90a5-11df-864a-001b38221bbf}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cf7aff06-90a5-11df-864a-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{cf7aff06-90a5-11df-864a-001e101f79c9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d45d8cf7-2ac6-11df-ae36-00197ec9d6b0}\Shell - "" = AutoRun
O33 - MountPoints2\{d45d8cf7-2ac6-11df-ae36-00197ec9d6b0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d45d8d47-2ac6-11df-ae36-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{d45d8d47-2ac6-11df-ae36-001e101f50a4}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d8dc9059-d46f-11df-bafd-00197ec9d6b0}\Shell - "" = AutoRun
O33 - MountPoints2\{d8dc9059-d46f-11df-bafd-00197ec9d6b0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d8dc906d-d46f-11df-bafd-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{d8dc906d-d46f-11df-bafd-001e101f21c1}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{dc1759bc-916e-11df-bf68-001e101f1f81}\Shell - "" = AutoRun
O33 - MountPoints2\{dc1759bc-916e-11df-bf68-001e101f1f81}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e1c9b3f9-01cb-11e0-85bb-00197ec9d6b0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
@Alternate Data Stream - 72 bytes -> C:\Windows:9BE5E7E968552934
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.07.2011, 15:01
| #10 |
| | Habe auch den BKA Trojaner So hab ich gemacht. ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{031649af-5ec4-11e0-a91e-001b38221bbf}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{031649af-5ec4-11e0-a91e-001b38221bbf}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{031649af-5ec4-11e0-a91e-001b38221bbf}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{031649af-5ec4-11e0-a91e-001b38221bbf}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13238157-cec1-11df-81dc-001e101fef43}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13238157-cec1-11df-81dc-001e101fef43}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13238157-cec1-11df-81dc-001e101fef43}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13238157-cec1-11df-81dc-001e101fef43}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13238162-cec1-11df-81dc-001e101f50a4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13238162-cec1-11df-81dc-001e101f50a4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13238162-cec1-11df-81dc-001e101f50a4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13238162-cec1-11df-81dc-001e101f50a4}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c004684-bcb3-11df-907f-001e101fabdd}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c004684-bcb3-11df-907f-001e101fabdd}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c004684-bcb3-11df-907f-001e101fabdd}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c004684-bcb3-11df-907f-001e101fabdd}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ed2f39d-4b7e-11df-bc27-001e101f82a0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ed2f39d-4b7e-11df-bc27-001e101f82a0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ed2f39d-4b7e-11df-bc27-001e101f82a0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ed2f39d-4b7e-11df-bc27-001e101f82a0}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36831a4f-4a9b-11df-bc36-001e101fb4df}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36831a4f-4a9b-11df-bc36-001e101fb4df}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36831a4f-4a9b-11df-bc36-001e101fb4df}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36831a4f-4a9b-11df-bc36-001e101fb4df}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f2c985b-49e1-11df-a9c4-001e101f3315}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f2c985b-49e1-11df-a9c4-001e101f3315}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f2c985b-49e1-11df-a9c4-001e101f3315}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f2c985b-49e1-11df-a9c4-001e101f3315}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{694aa061-664f-11df-8a4b-001e101f21c1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{694aa061-664f-11df-8a4b-001e101f21c1}\ not found. File H:\xjb3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{694aa061-664f-11df-8a4b-001e101f21c1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{694aa061-664f-11df-8a4b-001e101f21c1}\ not found. File H:\xjb3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{854ea5fb-487d-11df-a20e-001e101f63cf}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{854ea5fb-487d-11df-a20e-001e101f63cf}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{854ea5fb-487d-11df-a20e-001e101f63cf}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{854ea5fb-487d-11df-a20e-001e101f63cf}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{854ea61c-487d-11df-a20e-001e101f82a0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{854ea61c-487d-11df-a20e-001e101f82a0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{854ea61c-487d-11df-a20e-001e101f82a0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{854ea61c-487d-11df-a20e-001e101f82a0}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dff6255-b364-11e0-8be1-001b38221bbf}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9dff6255-b364-11e0-8be1-001b38221bbf}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dff6255-b364-11e0-8be1-001b38221bbf}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9dff6255-b364-11e0-8be1-001b38221bbf}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dff625b-b364-11e0-8be1-001e101f8924}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9dff625b-b364-11e0-8be1-001e101f8924}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dff625b-b364-11e0-8be1-001e101f8924}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9dff625b-b364-11e0-8be1-001e101f8924}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b365215d-e5ec-11df-864f-001e101f2b52}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b365215d-e5ec-11df-864f-001e101f2b52}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b365215d-e5ec-11df-864f-001e101f2b52}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b365215d-e5ec-11df-864f-001e101f2b52}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf7afef9-90a5-11df-864a-001b38221bbf}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf7afef9-90a5-11df-864a-001b38221bbf}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf7afef9-90a5-11df-864a-001b38221bbf}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf7afef9-90a5-11df-864a-001b38221bbf}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf7aff06-90a5-11df-864a-001e101f79c9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf7aff06-90a5-11df-864a-001e101f79c9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf7aff06-90a5-11df-864a-001e101f79c9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf7aff06-90a5-11df-864a-001e101f79c9}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d45d8cf7-2ac6-11df-ae36-00197ec9d6b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d45d8cf7-2ac6-11df-ae36-00197ec9d6b0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d45d8cf7-2ac6-11df-ae36-00197ec9d6b0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d45d8cf7-2ac6-11df-ae36-00197ec9d6b0}\ not found. File F:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d45d8d47-2ac6-11df-ae36-001e101f50a4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d45d8d47-2ac6-11df-ae36-001e101f50a4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d45d8d47-2ac6-11df-ae36-001e101f50a4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d45d8d47-2ac6-11df-ae36-001e101f50a4}\ not found. File F:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8dc9059-d46f-11df-bafd-00197ec9d6b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8dc9059-d46f-11df-bafd-00197ec9d6b0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8dc9059-d46f-11df-bafd-00197ec9d6b0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8dc9059-d46f-11df-bafd-00197ec9d6b0}\ not found. File F:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8dc906d-d46f-11df-bafd-001e101f21c1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8dc906d-d46f-11df-bafd-001e101f21c1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8dc906d-d46f-11df-bafd-001e101f21c1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8dc906d-d46f-11df-bafd-001e101f21c1}\ not found. File F:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc1759bc-916e-11df-bf68-001e101f1f81}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc1759bc-916e-11df-bf68-001e101f1f81}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc1759bc-916e-11df-bf68-001e101f1f81}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc1759bc-916e-11df-bf68-001e101f1f81}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1c9b3f9-01cb-11e0-85bb-00197ec9d6b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1c9b3f9-01cb-11e0-85bb-00197ec9d6b0}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. File F:\AutoRun.exe not found. ADS C:\Windows:9BE5E7E968552934 deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.26.1 log created on 07282011_155307 |
|
28.07.2011, 15:18
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Habe auch den BKA Trojaner Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.07.2011, 15:36
| #12 |
| | Habe auch den BKA Trojaner Ok hab ich so gemacht wie beschrieben. Hier der report: 2011/07/28 16:32:15.0635 3456 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56 2011/07/28 16:32:17.0218 3456 ================================================================================ 2011/07/28 16:32:17.0218 3456 SystemInfo: 2011/07/28 16:32:17.0218 3456 2011/07/28 16:32:17.0218 3456 OS Version: 6.0.6002 ServicePack: 2.0 2011/07/28 16:32:17.0218 3456 Product type: Workstation 2011/07/28 16:32:17.0219 3456 ComputerName: *********-PC 2011/07/28 16:32:17.0219 3456 UserName: ********** 2011/07/28 16:32:17.0219 3456 Windows directory: C:\Windows 2011/07/28 16:32:17.0219 3456 System windows directory: C:\Windows 2011/07/28 16:32:17.0219 3456 Processor architecture: Intel x86 2011/07/28 16:32:17.0219 3456 Number of processors: 1 2011/07/28 16:32:17.0219 3456 Page size: 0x1000 2011/07/28 16:32:17.0219 3456 Boot type: Normal boot 2011/07/28 16:32:17.0219 3456 ================================================================================ 2011/07/28 16:32:18.0468 3456 Initialize success 2011/07/28 16:32:40.0096 1820 ================================================================================ 2011/07/28 16:32:40.0096 1820 Scan started 2011/07/28 16:32:40.0096 1820 Mode: Manual; 2011/07/28 16:32:40.0096 1820 ================================================================================ 2011/07/28 16:32:41.0913 1820 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/07/28 16:32:42.0572 1820 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/07/28 16:32:42.0999 1820 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/07/28 16:32:43.0467 1820 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/07/28 16:32:43.0684 1820 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/07/28 16:32:44.0004 1820 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 2011/07/28 16:32:44.0460 1820 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/07/28 16:32:44.0681 1820 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/07/28 16:32:44.0844 1820 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/07/28 16:32:45.0139 1820 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/07/28 16:32:45.0590 1820 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/07/28 16:32:46.0003 1820 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/07/28 16:32:46.0334 1820 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/07/28 16:32:46.0719 1820 ApfiltrService (18bff317bdb10c64a35e1ca85f1ec051) C:\Windows\system32\DRIVERS\Apfiltr.sys 2011/07/28 16:32:47.0178 1820 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/07/28 16:32:47.0453 1820 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/07/28 16:32:47.0996 1820 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/07/28 16:32:48.0300 1820 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/07/28 16:32:48.0607 1820 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/07/28 16:32:48.0976 1820 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/07/28 16:32:49.0419 1820 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys 2011/07/28 16:32:49.0747 1820 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/07/28 16:32:50.0174 1820 BCM43XX (1c29299baf836f213ae5ee6eb9014a9a) C:\Windows\system32\DRIVERS\bcmwl6.sys 2011/07/28 16:32:50.0460 1820 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/07/28 16:32:50.0918 1820 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/07/28 16:32:51.0231 1820 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/07/28 16:32:51.0672 1820 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/07/28 16:32:51.0990 1820 Bridge (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys 2011/07/28 16:32:52.0011 1820 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys 2011/07/28 16:32:52.0442 1820 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/07/28 16:32:52.0906 1820 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/07/28 16:32:53.0227 1820 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/07/28 16:32:53.0541 1820 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/07/28 16:32:53.0887 1820 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/07/28 16:32:54.0435 1820 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/07/28 16:32:54.0803 1820 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/07/28 16:32:55.0156 1820 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/07/28 16:32:55.0474 1820 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/07/28 16:32:55.0971 1820 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/07/28 16:32:56.0418 1820 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/07/28 16:32:56.0953 1820 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/07/28 16:32:57.0154 1820 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys 2011/07/28 16:32:57.0504 1820 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/07/28 16:32:57.0969 1820 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/07/28 16:32:58.0201 1820 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 2011/07/28 16:32:58.0400 1820 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/07/28 16:32:59.0022 1820 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 2011/07/28 16:32:59.0331 1820 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 2011/07/28 16:32:59.0939 1820 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/07/28 16:33:00.0680 1820 DTVFW (2b76bb072234efcc4c495a05e384af49) C:\Windows\system32\DRIVERS\dtvfw.sys 2011/07/28 16:33:01.0148 1820 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/07/28 16:33:01.0618 1820 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/07/28 16:33:02.0022 1820 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/07/28 16:33:02.0539 1820 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/07/28 16:33:02.0757 1820 EMSCR (fc37a2212b56663bbabef748266a58c7) C:\Windows\system32\DRIVERS\EMS7SK.sys 2011/07/28 16:33:02.0815 1820 ESDCR (a498240d0e1f0b27702e3df77b0c6e56) C:\Windows\system32\DRIVERS\ESD7SK.sys 2011/07/28 16:33:03.0059 1820 ESMCR (ce6e1032802ee415955721a208a86718) C:\Windows\system32\DRIVERS\ESM7SK.sys 2011/07/28 16:33:03.0502 1820 ewusbnet (1fc8c55255d197aa3a423624786d090c) C:\Windows\system32\DRIVERS\ewusbnet.sys 2011/07/28 16:33:03.0719 1820 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/07/28 16:33:04.0117 1820 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/07/28 16:33:04.0484 1820 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/07/28 16:33:04.0849 1820 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/07/28 16:33:05.0138 1820 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/07/28 16:33:05.0368 1820 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/07/28 16:33:05.0469 1820 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/07/28 16:33:05.0725 1820 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/07/28 16:33:05.0983 1820 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/07/28 16:33:06.0281 1820 Hardlock (ed32d389f8b0e74e400932e020bcfbdf) C:\Windows\system32\drivers\hardlock.sys 2011/07/28 16:33:06.0739 1820 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/07/28 16:33:07.0056 1820 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/07/28 16:33:07.0485 1820 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/07/28 16:33:08.0201 1820 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/07/28 16:33:08.0623 1820 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/07/28 16:33:08.0955 1820 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/07/28 16:33:09.0225 1820 HPFXBULK (d63b7f6b2b992c0b566f44efde620b5d) C:\Windows\system32\drivers\hpfxbulk.sys 2011/07/28 16:33:09.0442 1820 HPFXFAX (2bdff04d7d9a3cf07d9417cd366756e1) C:\Windows\system32\drivers\hpfxfax.sys 2011/07/28 16:33:10.0102 1820 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/07/28 16:33:10.0332 1820 HSF_DPV (347385d69c15e3d045aa1cb46e4cb86d) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2011/07/28 16:33:10.0535 1820 HSXHWAZL (919337d853703267da203e79a0ac1f2b) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2011/07/28 16:33:10.0810 1820 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/07/28 16:33:13.0264 1820 hwdatacard (0515065a3c7e8869dd01253e987c5bd1) C:\Windows\system32\DRIVERS\ewusbmdm.sys 2011/07/28 16:33:13.0409 1820 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys 2011/07/28 16:33:14.0228 1820 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/07/28 16:33:14.0351 1820 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/07/28 16:33:15.0329 1820 ialm (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/07/28 16:33:17.0306 1820 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys 2011/07/28 16:33:17.0623 1820 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/07/28 16:33:18.0729 1820 igfx (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/07/28 16:33:18.0939 1820 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/07/28 16:33:19.0061 1820 IntcAzAudAddService (389f5d4859f4300d52ead838f1a17131) C:\Windows\system32\drivers\RTKVHDA.sys 2011/07/28 16:33:19.0251 1820 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/07/28 16:33:19.0291 1820 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/07/28 16:33:19.0350 1820 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/07/28 16:33:20.0000 1820 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/07/28 16:33:20.0441 1820 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/07/28 16:33:20.0777 1820 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/07/28 16:33:21.0093 1820 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/07/28 16:33:21.0428 1820 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/07/28 16:33:21.0691 1820 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/07/28 16:33:21.0937 1820 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/07/28 16:33:22.0306 1820 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/07/28 16:33:22.0988 1820 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 2011/07/28 16:33:23.0374 1820 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/07/28 16:33:23.0703 1820 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/07/28 16:33:23.0923 1820 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/07/28 16:33:24.0299 1820 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/07/28 16:33:24.0703 1820 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/07/28 16:33:25.0013 1820 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/07/28 16:33:25.0260 1820 lvpopflt (af280405c10f0d20f37670b7432e5c2f) C:\Windows\system32\DRIVERS\lvpopflt.sys 2011/07/28 16:33:25.0411 1820 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys 2011/07/28 16:33:25.0691 1820 LVRS (e52f5a2cadcf08d07f559962f807a0a2) C:\Windows\system32\DRIVERS\lvrs.sys 2011/07/28 16:33:27.0749 1820 LVUVC (c3d02260beb2b48dea1efdfca91e4b69) C:\Windows\system32\DRIVERS\lvuvc.sys 2011/07/28 16:33:28.0515 1820 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys 2011/07/28 16:33:29.0012 1820 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys 2011/07/28 16:33:29.0249 1820 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/07/28 16:33:29.0394 1820 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/07/28 16:33:29.0623 1820 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/07/28 16:33:30.0302 1820 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/07/28 16:33:30.0650 1820 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/07/28 16:33:30.0959 1820 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/07/28 16:33:31.0114 1820 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/07/28 16:33:31.0269 1820 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/07/28 16:33:31.0652 1820 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/07/28 16:33:32.0002 1820 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/07/28 16:33:32.0245 1820 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/07/28 16:33:32.0433 1820 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/07/28 16:33:32.0552 1820 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/07/28 16:33:32.0820 1820 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/07/28 16:33:32.0920 1820 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2011/07/28 16:33:33.0189 1820 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/07/28 16:33:33.0430 1820 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/07/28 16:33:33.0696 1820 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/07/28 16:33:34.0070 1820 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/07/28 16:33:34.0554 1820 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/07/28 16:33:34.0835 1820 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/07/28 16:33:34.0961 1820 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/07/28 16:33:35.0641 1820 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/07/28 16:33:35.0796 1820 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/07/28 16:33:35.0918 1820 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/07/28 16:33:36.0285 1820 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/07/28 16:33:36.0696 1820 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/07/28 16:33:37.0005 1820 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/07/28 16:33:37.0191 1820 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/07/28 16:33:37.0307 1820 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/07/28 16:33:37.0777 1820 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/07/28 16:33:38.0142 1820 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/07/28 16:33:38.0527 1820 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/07/28 16:33:39.0035 1820 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys 2011/07/28 16:33:39.0964 1820 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys 2011/07/28 16:33:40.0360 1820 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/07/28 16:33:40.0768 1820 nmwcd (357ddb51e03cae598c096d95497373d0) C:\Windows\system32\drivers\ccdcmb.sys 2011/07/28 16:33:41.0034 1820 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\Windows\system32\drivers\ccdcmbo.sys 2011/07/28 16:33:41.0581 1820 nmwcdnsu (02120406f27f5895dfce4c640e6ee237) C:\Windows\system32\drivers\nmwcdnsu.sys 2011/07/28 16:33:41.0899 1820 nmwcdnsuc (9c5de8b7cf5680307bbdf512c9258ecc) C:\Windows\system32\drivers\nmwcdnsuc.sys 2011/07/28 16:33:42.0111 1820 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/07/28 16:33:42.0505 1820 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/07/28 16:33:43.0191 1820 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/07/28 16:33:43.0608 1820 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys 2011/07/28 16:33:44.0024 1820 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/07/28 16:33:44.0411 1820 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/07/28 16:33:44.0796 1820 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/07/28 16:33:45.0049 1820 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/07/28 16:33:45.0425 1820 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/07/28 16:33:45.0760 1820 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 2011/07/28 16:33:46.0076 1820 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/07/28 16:33:46.0389 1820 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/07/28 16:33:46.0805 1820 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/07/28 16:33:47.0025 1820 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/07/28 16:33:47.0337 1820 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 2011/07/28 16:33:47.0826 1820 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/07/28 16:33:48.0541 1820 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/07/28 16:33:48.0916 1820 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/07/28 16:33:48.0972 1820 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/07/28 16:33:49.0218 1820 PRODIGY (65937a34c9a5741e3030a86905400d91) C:\Windows\system32\Drivers\PRODIGY.SYS 2011/07/28 16:33:49.0537 1820 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/07/28 16:33:50.0029 1820 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/07/28 16:33:50.0260 1820 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/07/28 16:33:50.0472 1820 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/07/28 16:33:50.0589 1820 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/07/28 16:33:50.0858 1820 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/07/28 16:33:51.0070 1820 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/07/28 16:33:51.0214 1820 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/07/28 16:33:51.0589 1820 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/07/28 16:33:51.0896 1820 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/07/28 16:33:52.0211 1820 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/07/28 16:33:52.0529 1820 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/07/28 16:33:52.0868 1820 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/07/28 16:33:53.0145 1820 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/07/28 16:33:53.0213 1820 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/07/28 16:33:53.0561 1820 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 2011/07/28 16:33:53.0795 1820 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/07/28 16:33:54.0300 1820 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/07/28 16:33:54.0539 1820 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/07/28 16:33:54.0789 1820 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/07/28 16:33:55.0182 1820 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 2011/07/28 16:33:55.0584 1820 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/07/28 16:33:55.0843 1820 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 2011/07/28 16:33:55.0889 1820 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/07/28 16:33:56.0089 1820 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/07/28 16:33:56.0387 1820 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/07/28 16:33:56.0597 1820 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/07/28 16:33:56.0757 1820 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/07/28 16:33:57.0104 1820 SNP2UVC (53d1e2ecbf26b313ffdd2b8ba3d2f66e) C:\Windows\system32\DRIVERS\snp2uvc.sys 2011/07/28 16:33:57.0359 1820 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/07/28 16:33:57.0775 1820 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/07/28 16:33:58.0141 1820 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 2011/07/28 16:33:58.0369 1820 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 2011/07/28 16:33:58.0437 1820 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/07/28 16:33:58.0638 1820 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/07/28 16:33:58.0709 1820 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/07/28 16:33:58.0897 1820 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/07/28 16:33:58.0952 1820 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/07/28 16:33:59.0284 1820 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/07/28 16:33:59.0802 1820 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/07/28 16:34:00.0194 1820 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/07/28 16:34:00.0594 1820 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/07/28 16:34:00.0983 1820 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/07/28 16:34:01.0320 1820 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/07/28 16:34:01.0670 1820 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/07/28 16:34:02.0034 1820 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/07/28 16:34:02.0483 1820 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/07/28 16:34:02.0872 1820 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys 2011/07/28 16:34:03.0180 1820 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/07/28 16:34:03.0348 1820 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/07/28 16:34:03.0451 1820 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/07/28 16:34:03.0570 1820 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/07/28 16:34:03.0621 1820 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/07/28 16:34:03.0708 1820 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/07/28 16:34:03.0845 1820 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/07/28 16:34:03.0949 1820 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 2011/07/28 16:34:04.0107 1820 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 2011/07/28 16:34:04.0212 1820 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/07/28 16:34:04.0351 1820 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/07/28 16:34:04.0445 1820 usbdtv (b74f53feda52ccab5394f5ee9903eba5) C:\Windows\system32\Drivers\usbdtv.sys 2011/07/28 16:34:04.0577 1820 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/07/28 16:34:04.0664 1820 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/07/28 16:34:04.0768 1820 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/07/28 16:34:04.0928 1820 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/07/28 16:34:05.0045 1820 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/07/28 16:34:05.0183 1820 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys 2011/07/28 16:34:05.0258 1820 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 2011/07/28 16:34:05.0385 1820 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/07/28 16:34:05.0463 1820 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/07/28 16:34:05.0522 1820 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2011/07/28 16:34:05.0704 1820 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/07/28 16:34:05.0768 1820 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/07/28 16:34:05.0925 1820 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/07/28 16:34:05.0968 1820 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/07/28 16:34:06.0006 1820 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2011/07/28 16:34:06.0166 1820 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/07/28 16:34:06.0222 1820 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/07/28 16:34:06.0360 1820 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/07/28 16:34:06.0443 1820 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/07/28 16:34:06.0633 1820 w800bus (b8c182df79ac8938311ac8e193d52762) C:\Windows\system32\DRIVERS\w800bus.sys 2011/07/28 16:34:06.0781 1820 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/07/28 16:34:06.0934 1820 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/28 16:34:06.0951 1820 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/28 16:34:07.0046 1820 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/07/28 16:34:07.0186 1820 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/07/28 16:34:07.0344 1820 winachsf (3344b5c3209e538291398ff12f895155) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/07/28 16:34:07.0523 1820 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/07/28 16:34:07.0667 1820 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/07/28 16:34:07.0775 1820 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/07/28 16:34:07.0932 1820 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/07/28 16:34:08.0041 1820 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys 2011/07/28 16:34:08.0448 1820 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0 2011/07/28 16:34:08.0571 1820 Boot (0x1200) (2854e8da9015565f54ca635123957dae) \Device\Harddisk0\DR0\Partition0 2011/07/28 16:34:08.0604 1820 Boot (0x1200) (31261da0ccb078e0412b3fd6298f5e9e) \Device\Harddisk0\DR0\Partition1 2011/07/28 16:34:08.0617 1820 ================================================================================ 2011/07/28 16:34:08.0617 1820 Scan finished 2011/07/28 16:34:08.0617 1820 ================================================================================ 2011/07/28 16:34:08.0626 1608 Detected object count: 0 2011/07/28 16:34:08.0626 1608 Actual detected object count: 0 |
|
28.07.2011, 15:40
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Habe auch den BKA Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.07.2011, 16:12
| #14 |
| | Habe auch den BKA Trojaner Hab jetzt Combofix ausgeführt. Ich hoff, ich hab bis jetzt alles richtig gemacht? Combofix Logfile: Code:
ATTFilter ComboFix 11-07-28.02 - *********** 28.07.2011 16:45:46.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1525.910 [GMT 2:00]
ausgeführt von:: c:\users\***********\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
c:\windows\system32\Temp
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-28 bis 2011-07-28 ))))))))))))))))))))))))))))))
.
.
2011-07-28 14:55 . 2011-07-28 14:56 -------- d-----w- c:\users\********\AppData\Local\temp
2011-07-28 14:43 . 2011-07-28 14:43 -------- d-----w- C:\32788R22FWJFW
2011-07-28 13:53 . 2011-07-28 13:53 -------- d-----w- C:\_OTL
2011-07-28 07:36 . 2011-07-28 07:36 -------- d-----w- c:\users\*********\AppData\Roaming\Malwarebytes
2011-07-28 07:36 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-28 07:36 . 2011-07-28 07:36 -------- d-----w- c:\programdata\Malwarebytes
2011-07-28 07:36 . 2011-07-28 07:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-28 07:36 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 15:30 . 2011-07-27 15:30 -------- d-----w- c:\program files\ESET
2011-07-27 08:15 . 2011-07-27 08:15 -------- d-----w- c:\program files\Windows Portable Devices
2011-07-27 08:06 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-07-27 08:06 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-07-27 08:06 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-07-27 08:05 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-07-27 08:05 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-07-27 08:05 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-07-27 08:05 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-07-27 08:05 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-07-27 08:05 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-07-27 08:05 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-07-27 08:03 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2011-07-27 08:03 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2011-07-27 08:03 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2011-07-27 07:58 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-07-27 07:58 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-07-27 07:58 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-07-27 07:39 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-07-27 07:39 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-07-27 07:39 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-07-27 07:39 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-07-27 07:39 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-07-27 07:39 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-07-27 07:39 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-07-27 07:39 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-07-27 07:39 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-07-27 07:39 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-07-27 07:39 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-07-27 07:39 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-07-27 07:36 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-07-26 19:37 . 2011-07-26 19:38 -------- d-----w- c:\windows\system32\ca-ES
2011-07-26 19:37 . 2011-07-26 19:38 -------- d-----w- c:\windows\system32\eu-ES
2011-07-26 19:36 . 2011-07-26 19:38 -------- d-----w- c:\windows\system32\vi-VN
2011-07-26 08:13 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90D38BB2-A4B0-47FA-938C-970A11A99865}\mpengine.dll
2011-07-25 23:00 . 2009-04-11 06:28 1589248 ----a-w- c:\windows\system32\msjet40.dll
2011-07-25 22:59 . 2009-04-11 06:32 161752 ----a-w- c:\windows\system32\drivers\msrpc.sys
2011-07-25 22:58 . 2009-04-11 06:28 140288 ----a-w- c:\windows\system32\wpcsvc.dll
2011-07-25 22:57 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2011-07-25 22:57 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2011-07-25 22:57 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2011-07-25 22:57 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-07-25 22:54 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-07-25 22:54 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-07-21 11:38 . 2009-10-20 16:47 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-07-21 11:38 . 2009-10-12 13:22 101120 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2011-07-21 11:38 . 2009-09-10 12:55 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-07-21 11:38 . 2007-08-09 02:06 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-07-16 08:30 . 2011-05-02 12:00 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-07-16 08:29 . 2011-05-02 17:19 766464 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-07-16 08:29 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-16 08:29 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-16 08:29 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-16 08:27 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 08:27 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-16 08:25 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-16 08:24 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-07-09 16:49 . 2011-07-09 16:49 -------- d-----w- c:\programdata\UAB
2011-07-09 16:49 . 2011-07-09 16:49 -------- d-----w- c:\users\**********\AppData\Local\PC_Drivers_Headquarters
2011-07-09 16:49 . 2011-07-09 16:49 -------- d-----w- c:\programdata\Easy Driver Pro
2011-07-09 16:48 . 2011-07-09 16:48 -------- d-----w- c:\program files\Easy Driver Pro
2011-07-09 16:34 . 2008-01-18 22:34 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2011-07-09 00:08 . 2011-07-09 00:08 -------- d-----w- c:\users\***********\AppData\Roaming\HP
2011-07-08 23:56 . 2011-07-08 23:56 -------- d-----w- c:\programdata\zvprt50
2011-07-08 23:56 . 2011-07-08 23:56 608 --sha-w- c:\windows\system32\winzvprt5.sys
2011-07-08 23:56 . 2007-04-02 06:19 9451 ------w- c:\windows\system32\hppfaxprintermonui5.dll
2011-07-08 23:56 . 2007-04-02 06:19 13385 ------w- c:\windows\system32\hppfaxprintermon5.dll
2011-07-08 23:54 . 2007-05-17 19:31 241664 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp072.DLL
2011-07-08 23:52 . 2007-08-10 07:11 188416 ----a-w- c:\windows\system32\hppafx07.dll
2011-07-08 23:52 . 2007-08-10 07:11 14336 ----a-w- c:\windows\system32\drivers\hpfxfax.sys
2011-07-08 23:52 . 2007-08-10 07:11 876544 ----a-w- c:\windows\system32\hpxp2727.dll
2011-07-08 23:52 . 2007-08-10 07:11 767488 ----a-w- c:\windows\system32\hpptsp02.dll
2011-07-08 23:52 . 2007-08-10 07:11 450560 ----a-w- c:\windows\system32\hppasc07.dll
2011-07-08 23:52 . 2007-08-10 07:11 327680 ----a-w- c:\windows\system32\hppcpr07.dll
2011-07-08 23:52 . 2007-08-10 07:11 11264 ----a-w- c:\windows\system32\drivers\hpfxbulk.sys
2011-07-08 23:52 . 2007-08-10 07:11 188416 ----a-w- c:\windows\system32\hppcew07.dll
2011-07-08 23:52 . 2007-08-10 07:11 19456 ----a-w- c:\windows\system32\drivers\hpfxgen.sys
2011-07-08 13:18 . 2011-07-08 13:18 -------- d-----w- c:\program files\Common Files\HP
2011-07-08 13:18 . 2011-07-08 13:18 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-07-08 13:18 . 2011-07-08 13:18 -------- d-----w- c:\program files\Hewlett-Packard
2011-07-08 13:10 . 2011-07-09 00:08 -------- d-----w- c:\programdata\Hewlett-Packard
2011-07-08 13:10 . 2008-03-03 17:18 241664 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mg.DLL
2011-07-08 12:56 . 2007-07-17 03:29 59928 ----a-w- c:\windows\system32\fxcompchannel.dll
2011-07-08 12:56 . 2011-07-08 23:56 -------- d-----w- c:\program files\HP
2011-07-08 12:53 . 2011-07-08 13:18 -------- d-----w- c:\programdata\HP
2011-07-08 12:53 . 2007-07-16 21:29 59928 ----a-w- c:\windows\system32\fxfaxchannel.dll
2011-06-30 18:26 . 2011-06-30 18:27 -------- d-----w- c:\users\**********\Aushang Laden
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2009-10-03 10:08 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-20 05:30 . 2011-05-20 05:30 1138440 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-11-07 159744]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2010-12-14 15:44 216456 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" -bootmode
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Persistence"=c:\windows\system32\igfxpers.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"LWS"=c:\program files\Logitech\LWS\Webcam Software\LWS.exe -hide
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3047791-560114429-293112349-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 DTVFW;LITE-ON DVB-T USB adapter firmware;c:\windows\system32\DRIVERS\dtvfw.sys [2005-12-07 22016]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-20 112640]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2007-08-10 14336]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-10-06 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-10-06 8320]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 usbdtv;LITE-ON DVB-T (PID=F001) receiver;c:\windows\system32\Drivers\usbdtv.sys [2005-12-07 31232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 39589983
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - 39589983
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-28 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 12:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Kammerzofe\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\**********\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\w7zgb186.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=1e6d885e000000000000000000000000&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 6\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-28 16:56
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-07-28 17:01:19
ComboFix-quarantined-files.txt 2011-07-28 15:01
.
Vor Suchlauf: 7.074.684.928 Bytes frei
Nach Suchlauf: 7.493.857.280 Bytes frei
.
- - End Of File - - 8C7DB7F981C696A25AB024667C95530B
|
|
28.07.2011, 18:12
| #15 |
| | Habe auch den BKA Trojaner Hab mein system jetzt nochmal mit Malwarebytes gescannt,und ich glaube es ist alles wieder gut,meines erachtens nach. Ich hoffs zumindestens Ich danke dir schonmal für deine super kompetente, schnelle und unkomplizierte Hilfe. Jetzt noch die Logdatei von malwarebyte Malwarebytes' Anti-Malware 1.51.1.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 7310 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 28.07.2011 19:05:34 mbam-log-2011-07-28 (19-05-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 282775 Laufzeit: 1 Stunde(n), 11 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
| Themen zu Habe auch den BKA Trojaner |
| abgesicherten, autostart, downloader, einträge, eset, forum, found, gebrauchte, gelöscht, installer, jar_cache, konnte, laptop, malwarebytes, modus, online, onlinescan, problem, registry, remove, scan, scanner, service, sommerzeit, trojane, trojaner, version |
Linear-Darstellung
