| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Bundespolizei..."auf dem Notebook und der Book ist gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.08.2011, 10:46
| #1 |
 |  "Bundespolizei..."auf dem Notebook und der Book ist gesperrt Hallo! Auf dem Notebook kommt nach Anmeldung eine bunte Seite mit "Bundespolizei hat festgestellt ... blablabla... 100,- Euro bezahlen um zu entsperren... Ich bin hier im Forum mit Hilfe der Tante Guugle gelandet und alle betreffende Threads durchgelesen. Vorab habe ich die Notebook-Platte an einem Rechner getestet und durch verschiedene AV-Programme durchsucht - nur Eset hat diese jshle.exe gefunden und gelöscht, aber sobald der Book gestartet ist war das Bild wieder da - und die Datei auch. Also wie beschrieben OTL-CD erstellt, gestartet und so sieht der Ergebnis aus : (es wurde nur die eine Datei erstellt - keine "Extras-Datei") Code:
ATTFilter
OTL logfile created on: 8/3/2011 1:26:29 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
894.00 Mb Total Physical Memory | 687.00 Mb Available Physical Memory | 77.00% Memory free
806.00 Mb Paging File | 718.00 Mb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 90.25 Gb Total Space | 52.01 Gb Free Space | 57.63% Space Free | Partition Type: NTFS
Drive D: | 3.72 Gb Total Space | 3.72 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive E: | 45.12 Gb Total Space | 45.04 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (CLTNetCnService)
SRV - [2009/01/12 16:59:58 | 000,164,097 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe -- (AntiVirMailService)
SRV - [2008/10/15 08:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\Avira Premium Security Suite\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 08:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe -- (AntiVirService)
SRV - [2008/06/12 08:59:46 | 000,258,305 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE -- (antivirwebservice)
SRV - [2008/05/16 04:19:16 | 000,344,321 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2008/05/09 07:22:40 | 000,041,217 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe -- (AVEService)
SRV - [2007/09/26 05:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/26 05:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007/06/28 20:25:03 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 13:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/08 04:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006/11/17 14:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | System] -- -- (mailKmd)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2009/06/04 15:19:57 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/06/04 15:18:03 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand] -- C:\Program Files\Avira\Avira Premium Security Suite\avgntflt.sys -- (avgntflt)
DRV - [2009/06/04 15:17:58 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\Avira Premium Security Suite\avgio.sys -- (avgio)
DRV - [2008/05/07 08:20:00 | 000,071,592 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2008/05/07 04:51:05 | 000,071,464 | ---- | M] (Avira GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2007/11/08 13:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/02/21 08:33:54 | 000,080,232 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System] -- C:\Windows\System32\drivers\sleen15.sys -- (SLEE_15_DRIVER)
DRV - [2007/02/01 05:55:10 | 000,690,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/01/08 07:16:50 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 03:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/07/14 08:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2003/04/28 05:27:06 | 000,009,867 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\tillmanns_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\tillmanns_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\tillmanns_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\tillmanns_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\tillmanns_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CtrlVol] File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SAFEHOME HotKeys] C:\Program Files\Steganos Safe Home\SteganosHotKeyService.exe ()
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O4 - HKLM..\Run: [WinampAgent] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\tillmanns_ON_C..\Run: [] File not found
O4 - HKU\tillmanns_ON_C..\Run: [avupdate] C:\Users\tillmanns\AppData\Roaming\jashla.exe (Legion)
O4 - HKU\tillmanns_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\tillmanns_ON_C..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers)
O4 - HKU\tillmanns_ON_C..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\tillmanns_ON_C..\Run: [WeatherBugAlert] C:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe (AWS Convergence Technologies)
O4 - HKU\tillmanns_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O7 - HKU\tillmanns_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/08/01 17:57:08 | 000,192,000 | ---- | C] (Legion) -- C:\Users\tillmanns\AppData\Roaming\jashla.exe
[2010/02/03 18:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
[2 C:\Users\tillmanns\AppData\Local\*.tmp files -> C:\Users\tillmanns\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/08/03 04:44:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/03 04:41:04 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/08/03 04:41:04 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/03 04:41:04 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/08/03 04:41:04 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/03 04:40:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3AA20BDA-7881-4C8E-B1B6-4835E47BC8C9}.job
[2011/08/03 04:36:16 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 04:36:16 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 04:36:06 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/03 04:35:41 | 937,672,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/02 02:34:17 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2011/08/02 01:34:02 | 000,000,000 | ---- | M] () -- C:\Users\tillmanns\AppData\Local\{0C69701B-E732-4175-9003-8EE4BE8C3C58}
[2011/08/02 00:49:51 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/08/02 00:09:44 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 17:57:08 | 000,192,000 | ---- | M] (Legion) -- C:\Users\tillmanns\AppData\Roaming\jashla.exe
[2011/07/23 03:48:54 | 000,015,872 | ---- | M] () -- C:\Users\tillmanns\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\Users\tillmanns\AppData\Local\*.tmp files -> C:\Users\tillmanns\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/08/03 04:35:41 | 937,672,704 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/02 01:34:02 | 000,000,000 | ---- | C] () -- C:\Users\tillmanns\AppData\Local\{0C69701B-E732-4175-9003-8EE4BE8C3C58}
[2011/08/02 00:49:41 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/04/27 05:21:38 | 003,268,096 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2011/04/26 18:08:34 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/03/19 05:06:02 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/19 05:04:28 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/03/14 23:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/03/30 08:28:46 | 000,000,680 | ---- | C] () -- C:\Users\tillmanns\AppData\Local\d3d9caps.dat
[2007/11/07 11:34:33 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007/11/07 11:27:22 | 000,021,762 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/10/02 12:19:17 | 000,015,872 | ---- | C] () -- C:\Users\tillmanns\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/02 11:12:23 | 000,000,122 | ---- | C] () -- C:\Users\tillmanns\AppData\Roaming\wklnhst.dat
[2007/10/02 10:12:16 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/10/02 10:12:16 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/06/29 06:05:51 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll
[2007/06/28 20:50:21 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007/06/28 20:43:32 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/06/28 20:43:32 | 000,145,112 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/02/05 14:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 11:33:31 | 000,641,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,116,706 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,368,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/08/11 03:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2010/09/09 02:12:08 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\EurekaLog
[2007/10/02 10:00:56 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\InterVideo
[2007/10/02 11:32:29 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\Template
[2011/05/27 10:07:28 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\VistaCodecs
[2007/10/02 09:27:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2007/10/02 09:27:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2007/10/02 09:27:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2007/10/02 09:35:41 | 000,000,000 | ---D | M] -- C:\ProgramData\fsc-reg
[2007/10/02 10:17:39 | 000,000,000 | ---D | M] -- C:\ProgramData\SBT
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2007/10/02 09:27:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/05/27 10:07:27 | 000,000,000 | ---D | M] -- C:\ProgramData\VistaCodecs
[2007/10/02 09:27:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/08/02 02:34:17 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job
[2008/08/21 09:37:21 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\RegCure.job
[2011/08/03 04:43:55 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/03 04:40:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3AA20BDA-7881-4C8E-B1B6-4835E47BC8C9}.job
========== Purity Check ==========
< End of report >
Grüße Pirxis |
|
03.08.2011, 12:29
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | "Bundespolizei..."auf dem Notebook und der Book ist gesperrt Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\tillmanns_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKU\tillmanns_ON_C..\Run: [] File not found
O4 - HKU\tillmanns_ON_C..\Run: [avupdate] C:\Users\tillmanns\AppData\Roaming\jashla.exe (Legion)
[2011/08/01 17:57:08 | 000,192,000 | ---- | C] (Legion) -- C:\Users\tillmanns\AppData\Roaming\jashla.exe
[2011/08/02 02:34:17 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2011/08/02 01:34:02 | 000,000,000 | ---- | M] () -- C:\Users\tillmanns\AppData\Local\{0C69701B-E732-4175-9003-8EE4BE8C3C58}
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ |
|
03.08.2011, 13:12
| #3 |
| | "Bundespolizei..."auf dem Notebook und der Book ist gesperrt Vielen, Vielen Dank!
__________________Das Notebook startet jetzt normal und ich kan Windows bedienen. Lade gleich den Ordner _OTL hoch, und scanne die Platte nach Malware wie in anderen Threads beschrieben und gebe dann Bescheid. Das war gute Arbeit! Grüße Pirxis |
|
03.08.2011, 13:36
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Bundespolizei..."auf dem Notebook und der Book ist gesperrt Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.08.2011, 15:14
| #5 |
| | "Bundespolizei..."auf dem Notebook und der Book ist gesperrt Hallo! So - Malwarebytes und OTL sind durch: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7364
Windows 6.0.6000
Internet Explorer 8.0.6001.18904
03.08.2011 17:14:07
mbam-log-2011-08-03 (17-14-07).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 245125
Laufzeit: 49 Minute(n), 26 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\_OTL\movedfiles\08032011_155457\C_Users\***username***\AppData\Roaming\jashla.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.08.2011 17:41:26 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\tillmanns\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 893,63 Mb Total Physical Memory | 260,54 Mb Available Physical Memory | 29,16% Memory free 2,00 Gb Paging File | 0,95 Gb Available in Paging File | 47,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 90,25 Gb Total Space | 63,69 Gb Free Space | 70,57% Space Free | Partition Type: NTFS Drive D: | 45,12 Gb Total Space | 45,03 Gb Free Space | 99,80% Space Free | Partition Type: NTFS Drive F: | 3,72 Gb Total Space | 3,71 Gb Free Space | 99,69% Space Free | Partition Type: FAT32 Computer Name: TILLMANNS-PC | User Name: tillmanns | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.03 16:47:06 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\tillmanns\Desktop\OTL.exe PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2010.02.22 15:38:12 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- C:\Programme\AWS\WeatherBug Alert\WeatherBugAlert.exe PRC - [2009.01.12 22:59:58 | 000,164,097 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.15 14:31:50 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\Avira Premium Security Suite\sched.exe PRC - [2008.10.15 14:29:58 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\Avira Premium Security Suite\avguard.exe PRC - [2008.06.12 14:59:46 | 000,258,305 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\Avira Premium Security Suite\avwebgrd.exe PRC - [2008.06.12 14:28:40 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\Avira Premium Security Suite\avgnt.exe PRC - [2008.05.16 10:19:16 | 000,344,321 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe PRC - [2008.05.09 13:22:40 | 000,041,217 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe PRC - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.06.29 02:25:03 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.03.21 18:59:58 | 000,025,088 | ---- | M] () -- C:\Programme\Steganos Safe Home\SteganosHotKeyService.exe PRC - [2007.03.06 09:01:36 | 000,497,152 | ---- | M] () -- C:\Users\tillmanns\BLS_Erinnerung.exe PRC - [2007.02.26 19:16:36 | 000,910,896 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007.02.26 19:15:24 | 000,149,040 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.12.29 12:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe PRC - [2006.12.14 16:53:28 | 000,192,512 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe PRC - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe PRC - [2006.11.17 20:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe PRC - [2006.11.09 14:37:52 | 000,086,016 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe PRC - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2006.11.02 14:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2006.08.29 09:26:32 | 000,241,664 | ---- | M] () -- C:\Programme\Launch Manager\OSDCtrl.exe PRC - [2005.07.25 13:36:40 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe ========== Modules (SafeList) ========== MOD - [2011.08.03 16:47:06 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\tillmanns\Desktop\OTL.exe MOD - [2010.03.05 16:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll MOD - [2009.03.03 06:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll MOD - [2007.11.15 09:08:53 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemcomn.dll MOD - [2006.11.02 11:46:14 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll MOD - [2006.11.02 11:46:13 | 000,377,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll MOD - [2006.11.02 11:46:13 | 000,188,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll MOD - [2006.11.02 11:46:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll MOD - [2006.11.02 11:46:13 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll MOD - [2006.11.02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2009.01.12 22:59:58 | 000,164,097 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe -- (AntiVirMailService) SRV - [2008.10.15 14:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\Avira Premium Security Suite\sched.exe -- (AntiVirScheduler) SRV - [2008.10.15 14:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe -- (AntiVirService) SRV - [2008.06.12 14:59:46 | 000,258,305 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE -- (antivirwebservice) SRV - [2008.05.16 10:19:16 | 000,344,321 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2008.05.09 13:22:40 | 000,041,217 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe -- (AVEService) SRV - [2007.09.26 11:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.06.29 02:25:03 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2006.11.17 20:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) ========== Driver Services (SafeList) ========== DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2009.06.04 21:19:57 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.06.04 21:18:03 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\Avira Premium Security Suite\avgntflt.sys -- (avgntflt) DRV - [2009.06.04 21:17:58 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\Avira Premium Security Suite\avgio.sys -- (avgio) DRV - [2008.05.07 14:20:00 | 000,071,592 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot) DRV - [2008.05.07 10:51:05 | 000,071,464 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim) DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.02.21 14:33:54 | 000,080,232 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\sleen15.sys -- (SLEE_15_DRIVER) DRV - [2007.02.01 11:55:10 | 000,690,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.01.08 13:16:50 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.11.02 09:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006.07.14 14:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvatabus.sys -- (nvatabus) DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) O1 HOSTS File: ([2011.08.03 21:55:06 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CtrlVol] File not found O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSDCtrl.exe () O4 - HKLM..\Run: [LMgrVolOSD] C:\Programme\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SAFEHOME HotKeys] C:\Program Files\Steganos Safe Home\SteganosHotKeyService.exe () O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe () O4 - HKLM..\Run: [WinampAgent] File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers) O4 - HKCU..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKCU..\Run: [WeatherBugAlert] C:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe (AWS Convergence Technologies) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - C:\Programme\Microsoft Office\Office\1031\PHDINTL.DLL (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.168.3 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0d1d215f-6710-11de-8dbe-0016d38ef3ac}\Shell\Auto\command - "" = RavMon.exe O33 - MountPoints2\{0d1d215f-6710-11de-8dbe-0016d38ef3ac}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe O33 - MountPoints2\{238d686d-804d-11de-b31f-0016d38ef3ac}\Shell\Auto\command - "" = F:\RavMon.exe O33 - MountPoints2\{238d686d-804d-11de-b31f-0016d38ef3ac}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\RavMon.exe O33 - MountPoints2\{238d6872-804d-11de-b31f-0016d38ef3ac}\Shell - "" = AutoRun O33 - MountPoints2\{238d6872-804d-11de-b31f-0016d38ef3ac}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{eb1567bd-8e5d-11de-8415-0016d38ef3ac}\Shell\Auto\command - "" = F:\RavMon.exe O33 - MountPoints2\{eb1567bd-8e5d-11de-8415-0016d38ef3ac}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\RavMon.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: ccc-core-static - msiexec /fums {019749A1-F9BC-476C-2614-58D9ED0A6F40} /qb Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm () Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm () Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () Drivers32: vidc.x264 - C:\Windows\System32\x264vfw.dll () Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.08.03 21:54:57 | 000,000,000 | ---D | C] -- C:\_OTL [2011.08.03 16:47:01 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\tillmanns\Desktop\OTL.exe [2011.08.03 16:18:07 | 000,000,000 | ---D | C] -- C:\Users\tillmanns\AppData\Roaming\Malwarebytes [2011.08.03 16:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.03 16:17:53 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.08.03 16:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.03 16:17:47 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.08.03 16:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.02.04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll [2 C:\Users\tillmanns\AppData\Local\*.tmp files -> C:\Users\tillmanns\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.03 17:40:19 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3AA20BDA-7881-4C8E-B1B6-4835E47BC8C9}.job [2011.08.03 17:23:35 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.03 17:23:35 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.03 17:23:35 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.03 17:23:35 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.03 17:21:20 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.08.03 17:17:12 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.03 17:17:12 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.03 17:17:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.03 17:17:00 | 937,672,704 | -HS- | M] () -- C:\hiberfil.sys [2011.08.03 17:09:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.08.03 16:47:06 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\tillmanns\Desktop\OTL.exe [2011.08.03 16:17:54 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.02 06:49:51 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.07.23 09:48:54 | 000,015,872 | ---- | M] () -- C:\Users\tillmanns\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2 C:\Users\tillmanns\AppData\Local\*.tmp files -> C:\Users\tillmanns\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.03 16:17:54 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.03 10:35:41 | 937,672,704 | -HS- | C] () -- C:\hiberfil.sys [2011.08.02 06:49:41 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.04.27 11:21:38 | 003,268,096 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2011.04.27 00:08:34 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.03.19 11:06:02 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.03.19 11:04:28 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.03.15 05:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2008.03.30 14:28:46 | 000,000,680 | ---- | C] () -- C:\Users\tillmanns\AppData\Local\d3d9caps.dat [2007.11.07 17:34:33 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.11.07 17:27:22 | 000,021,762 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2007.10.02 18:19:17 | 000,015,872 | ---- | C] () -- C:\Users\tillmanns\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.10.02 17:12:23 | 000,000,122 | ---- | C] () -- C:\Users\tillmanns\AppData\Roaming\wklnhst.dat [2007.10.02 16:12:16 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI [2007.10.02 16:12:16 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.06.29 12:05:51 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll [2007.06.29 02:50:21 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys [2007.06.29 02:43:32 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.06.29 02:43:32 | 000,145,112 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 17:33:31 | 000,641,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,116,706 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,368,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [1999.01.22 20:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== LOP Check ========== [2010.09.09 08:12:08 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\EurekaLog [2007.10.02 16:00:56 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\InterVideo [2007.10.02 17:32:29 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\Template [2011.05.27 16:07:28 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\VistaCodecs [2008.08.21 15:37:21 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\RegCure.job [2011.08.03 17:15:42 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.08.03 17:40:19 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3AA20BDA-7881-4C8E-B1B6-4835E47BC8C9}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.01.21 20:33:11 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\Adobe [2007.10.02 15:47:31 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\Ahead [2007.10.02 15:32:51 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\ATI [2010.01.04 11:03:55 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\Avira [2010.09.09 08:12:08 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\EurekaLog [2008.01.21 20:32:48 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\Google [2007.10.02 15:32:20 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\Identities [2007.10.02 16:00:56 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\InterVideo [2007.11.07 17:23:30 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\Macromedia [2011.08.03 16:18:07 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\Media Center Programs [2011.05.27 16:08:46 | 000,000,000 | --SD | M] -- C:\Users\tillmanns\AppData\Roaming\Microsoft [2007.10.02 16:08:07 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\Microsoft Web Folders [2007.10.02 17:32:29 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\Template [2010.09.05 17:07:55 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\U3 [2011.05.27 16:07:28 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\VistaCodecs < %APPDATA%\*.exe /s > [2011.05.27 16:08:46 | 000,009,216 | R--- | M] () -- C:\Users\tillmanns\AppData\Roaming\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.20 18:34:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys [2008.02.20 18:34:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.20 18:34:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.20 18:34:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2006.05.11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\drivers\iaStor.sys [2006.05.11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_6c3369af\iaStor.sys [2006.05.11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_0d20ce62\iaStor.sys < MD5 for: IASTORV.SYS > [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll < MD5 for: NVATABUS.SYS > [2006.07.14 14:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=7D960340BE5B0E008BB94E4C3B991339 -- C:\Windows\System32\drivers\nvatabus.sys [2006.07.14 14:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=7D960340BE5B0E008BB94E4C3B991339 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_27229839\nvatabus.sys < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys < MD5 for: SCECLI.DLL > [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll < MD5 for: USER32.DLL > [2007.06.29 02:17:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2007.06.29 02:17:15 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2007.06.29 02:17:15 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll < MD5 for: USERINIT.EXE > [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: VIAMRAID.SYS > [2006.03.31 02:18:30 | 000,100,992 | ---- | M] (VIA Technologies inc,.ltd) MD5=9F3F276C7300ED211129757A411B605F -- C:\Windows\System32\drivers\viamraid.sys [2006.03.31 02:18:30 | 000,100,992 | ---- | M] (VIA Technologies inc,.ltd) MD5=9F3F276C7300ED211129757A411B605F -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_2d6a7e3a\viamraid.sys < MD5 for: WININIT.EXE > [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2007.06.29 12:06:10 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007.06.29 12:06:08 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007.06.29 12:06:11 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007.06.29 12:06:21 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007.06.29 12:06:23 | 006,017,024 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > [/CODE] Grüße Pirxis |
|
03.08.2011, 15:33
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Bundespolizei..."auf dem Notebook und der Book ist gesperrt Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> "Bundespolizei..."auf dem Notebook und der Book ist gesperrt |
|
03.08.2011, 15:42
| #7 |
| | "Bundespolizei..."auf dem Notebook und der Book ist gesperrt Hallo! Kaspersky hat nichts gefunden, auf Eigene Dateien kann ich zugreifen ohne Probleme. Code:
ATTFilter 2011/08/03 16:38:21.0914 3544 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/03 16:38:23.0946 3544 ================================================================================
2011/08/03 16:38:23.0946 3544 SystemInfo:
2011/08/03 16:38:23.0946 3544
2011/08/03 16:38:23.0946 3544 OS Version: 6.0.6000 ServicePack: 0.0
2011/08/03 16:38:23.0946 3544 Product type: Workstation
2011/08/03 16:38:23.0946 3544 ComputerName: TILLMANNS-PC
2011/08/03 16:38:23.0977 3544 UserName: tillmanns
2011/08/03 16:38:23.0977 3544 Windows directory: C:\Windows
2011/08/03 16:38:23.0977 3544 System windows directory: C:\Windows
2011/08/03 16:38:23.0977 3544 Processor architecture: Intel x86
2011/08/03 16:38:23.0977 3544 Number of processors: 2
2011/08/03 16:38:23.0977 3544 Page size: 0x1000
2011/08/03 16:38:23.0977 3544 Boot type: Normal boot
2011/08/03 16:38:23.0977 3544 ================================================================================
2011/08/03 16:38:25.0446 3544 Initialize success
2011/08/03 16:38:32.0180 1160 ================================================================================
2011/08/03 16:38:32.0180 1160 Scan started
2011/08/03 16:38:32.0180 1160 Mode: Manual;
2011/08/03 16:38:32.0180 1160 ================================================================================
2011/08/03 16:38:33.0414 1160 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/08/03 16:38:33.0555 1160 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/08/03 16:38:33.0633 1160 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/08/03 16:38:33.0711 1160 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/08/03 16:38:33.0789 1160 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/08/03 16:38:33.0946 1160 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/08/03 16:38:34.0039 1160 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/08/03 16:38:34.0102 1160 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/03 16:38:34.0196 1160 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/08/03 16:38:34.0242 1160 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/08/03 16:38:34.0305 1160 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/08/03 16:38:34.0352 1160 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/08/03 16:38:34.0399 1160 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/08/03 16:38:34.0539 1160 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/08/03 16:38:34.0602 1160 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/08/03 16:38:34.0664 1160 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/03 16:38:34.0742 1160 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/08/03 16:38:34.0821 1160 athr (dfa77e7f9e625406f388c8eb09d9d1b4) C:\Windows\system32\DRIVERS\athr.sys
2011/08/03 16:38:35.0024 1160 avfwim (d0402e3a487cedc06967f17514804aac) C:\Windows\system32\DRIVERS\avfwim.sys
2011/08/03 16:38:35.0102 1160 avfwot (e18ff3b73bd5531efc71a2f5c9e10ec5) C:\Windows\system32\DRIVERS\avfwot.sys
2011/08/03 16:38:35.0227 1160 avgio (87828ecd657f81503465ac705e845076) C:\Program Files\Avira\Avira Premium Security Suite\avgio.sys
2011/08/03 16:38:35.0274 1160 avgntflt (fcb30820bed1d3feb55e3dd55a3f947f) C:\Program Files\Avira\Avira Premium Security Suite\avgntflt.sys
2011/08/03 16:38:35.0336 1160 avipbb (0b09df022250fb7ba91fb932eac6ea9b) C:\Windows\system32\DRIVERS\avipbb.sys
2011/08/03 16:38:35.0414 1160 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/08/03 16:38:35.0524 1160 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/03 16:38:35.0586 1160 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/03 16:38:35.0649 1160 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/03 16:38:35.0696 1160 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/03 16:38:35.0742 1160 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/03 16:38:35.0805 1160 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/03 16:38:35.0852 1160 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/03 16:38:35.0914 1160 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/03 16:38:35.0977 1160 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/03 16:38:36.0039 1160 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/03 16:38:36.0102 1160 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/08/03 16:38:36.0180 1160 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/08/03 16:38:36.0289 1160 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/03 16:38:36.0336 1160 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/08/03 16:38:36.0383 1160 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/03 16:38:36.0461 1160 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/03 16:38:36.0539 1160 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/08/03 16:38:36.0649 1160 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/03 16:38:36.0758 1160 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/08/03 16:38:36.0914 1160 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/08/03 16:38:37.0024 1160 DXGKrnl (a2b160c1bb13ee3303c342e551373c59) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/03 16:38:37.0133 1160 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/03 16:38:37.0211 1160 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/08/03 16:38:37.0321 1160 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/08/03 16:38:37.0477 1160 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/08/03 16:38:37.0524 1160 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/03 16:38:37.0617 1160 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/08/03 16:38:37.0696 1160 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/08/03 16:38:37.0758 1160 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/03 16:38:37.0821 1160 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/08/03 16:38:37.0899 1160 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/03 16:38:37.0977 1160 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/03 16:38:38.0102 1160 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/08/03 16:38:38.0196 1160 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/03 16:38:38.0242 1160 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/03 16:38:38.0305 1160 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/03 16:38:38.0383 1160 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/03 16:38:38.0477 1160 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
2011/08/03 16:38:38.0555 1160 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/08/03 16:38:38.0633 1160 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/08/03 16:38:38.0711 1160 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/08/03 16:38:38.0805 1160 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/03 16:38:38.0914 1160 iaStor (294110966cedd127629c5be48367c8cf) C:\Windows\system32\drivers\iastor.sys
2011/08/03 16:38:39.0008 1160 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/08/03 16:38:39.0086 1160 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/03 16:38:39.0274 1160 IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/03 16:38:39.0430 1160 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/08/03 16:38:39.0492 1160 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/03 16:38:39.0571 1160 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/03 16:38:39.0680 1160 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/03 16:38:39.0742 1160 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/03 16:38:39.0805 1160 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/08/03 16:38:39.0867 1160 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/08/03 16:38:39.0914 1160 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/03 16:38:39.0977 1160 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/03 16:38:40.0055 1160 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/03 16:38:40.0149 1160 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/03 16:38:40.0211 1160 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/08/03 16:38:40.0305 1160 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/03 16:38:40.0430 1160 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/03 16:38:40.0508 1160 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/03 16:38:40.0571 1160 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/03 16:38:40.0617 1160 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/03 16:38:40.0680 1160 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/08/03 16:38:40.0836 1160 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/08/03 16:38:40.0899 1160 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/08/03 16:38:40.0977 1160 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/03 16:38:41.0055 1160 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/03 16:38:41.0102 1160 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/03 16:38:41.0149 1160 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/08/03 16:38:41.0227 1160 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/08/03 16:38:41.0289 1160 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/03 16:38:41.0383 1160 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/03 16:38:41.0477 1160 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/08/03 16:38:41.0555 1160 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/03 16:38:41.0649 1160 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/03 16:38:41.0711 1160 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/03 16:38:41.0758 1160 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/08/03 16:38:41.0821 1160 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/08/03 16:38:41.0914 1160 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/08/03 16:38:41.0977 1160 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/08/03 16:38:42.0055 1160 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/03 16:38:42.0102 1160 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/03 16:38:42.0133 1160 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/08/03 16:38:42.0180 1160 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/08/03 16:38:42.0227 1160 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/03 16:38:42.0274 1160 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/08/03 16:38:42.0321 1160 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/08/03 16:38:42.0414 1160 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/03 16:38:42.0508 1160 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/08/03 16:38:42.0617 1160 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/03 16:38:42.0664 1160 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/03 16:38:42.0711 1160 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/03 16:38:42.0805 1160 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/08/03 16:38:42.0852 1160 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/03 16:38:42.0914 1160 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/03 16:38:43.0008 1160 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/03 16:38:43.0086 1160 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/08/03 16:38:43.0133 1160 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/03 16:38:43.0242 1160 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/08/03 16:38:43.0352 1160 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/03 16:38:43.0414 1160 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/08/03 16:38:43.0477 1160 nvatabus (7d960340be5b0e008bb94e4c3b991339) C:\Windows\system32\drivers\nvatabus.sys
2011/08/03 16:38:43.0524 1160 nvraid (52f54c59a0ec7920c23638313e99e43c) C:\Windows\system32\drivers\nvraid.sys
2011/08/03 16:38:43.0586 1160 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/08/03 16:38:43.0617 1160 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/08/03 16:38:43.0742 1160 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/08/03 16:38:43.0789 1160 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/03 16:38:43.0836 1160 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/08/03 16:38:43.0883 1160 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/03 16:38:43.0961 1160 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/08/03 16:38:44.0039 1160 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
2011/08/03 16:38:44.0086 1160 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/03 16:38:44.0180 1160 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/03 16:38:44.0477 1160 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/03 16:38:44.0524 1160 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/08/03 16:38:44.0617 1160 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/03 16:38:44.0711 1160 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/08/03 16:38:44.0836 1160 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/03 16:38:44.0899 1160 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/03 16:38:45.0039 1160 R300 (e52b7a5010011c29063684cac1a6bbf0) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/03 16:38:45.0196 1160 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/03 16:38:45.0258 1160 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/03 16:38:45.0305 1160 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/03 16:38:45.0367 1160 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/03 16:38:45.0414 1160 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/03 16:38:45.0492 1160 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/08/03 16:38:45.0539 1160 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/03 16:38:45.0586 1160 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/08/03 16:38:45.0680 1160 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/03 16:38:45.0727 1160 RTL8023xp (959ef612d2ccfdb6d9e443f8e3655013) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/08/03 16:38:45.0805 1160 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/03 16:38:45.0867 1160 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/03 16:38:45.0946 1160 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/03 16:38:45.0992 1160 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/03 16:38:46.0071 1160 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/08/03 16:38:46.0149 1160 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/08/03 16:38:46.0211 1160 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/03 16:38:46.0242 1160 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/03 16:38:46.0289 1160 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/03 16:38:46.0383 1160 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/08/03 16:38:46.0461 1160 SiSRaid2 (b8a2f8dcdc75f19962d975727f393920) C:\Windows\system32\drivers\sisraid2.sys
2011/08/03 16:38:46.0524 1160 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/08/03 16:38:46.0602 1160 SLEE_15_DRIVER (40c0e715e1ebb2d1990c7d79cc0d79e3) C:\Windows\system32\drivers\Sleen15.sys
2011/08/03 16:38:46.0680 1160 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/08/03 16:38:46.0774 1160 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
2011/08/03 16:38:46.0930 1160 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/08/03 16:38:47.0086 1160 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/08/03 16:38:47.0196 1160 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/03 16:38:47.0289 1160 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/03 16:38:47.0383 1160 ssmdrv (71d609c5dff067906d930bde031c4cfe) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/08/03 16:38:47.0461 1160 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/03 16:38:47.0524 1160 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/03 16:38:47.0586 1160 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/03 16:38:47.0649 1160 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/03 16:38:47.0789 1160 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/08/03 16:38:47.0883 1160 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/03 16:38:47.0930 1160 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/03 16:38:47.0977 1160 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/08/03 16:38:48.0008 1160 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/08/03 16:38:48.0055 1160 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/03 16:38:48.0117 1160 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/03 16:38:48.0227 1160 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/03 16:38:48.0305 1160 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/03 16:38:48.0336 1160 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/03 16:38:48.0383 1160 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/08/03 16:38:48.0430 1160 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/03 16:38:48.0508 1160 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/03 16:38:48.0571 1160 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/08/03 16:38:48.0633 1160 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/03 16:38:48.0696 1160 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/03 16:38:48.0742 1160 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/03 16:38:48.0821 1160 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
2011/08/03 16:38:48.0883 1160 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/03 16:38:48.0961 1160 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/03 16:38:49.0039 1160 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/03 16:38:49.0102 1160 usbohci (51dc36722172d45f2f935ce5cc18a812) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/03 16:38:49.0133 1160 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/08/03 16:38:49.0211 1160 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/03 16:38:49.0258 1160 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/03 16:38:49.0367 1160 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/03 16:38:49.0414 1160 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/08/03 16:38:49.0477 1160 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/08/03 16:38:49.0539 1160 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/08/03 16:38:49.0586 1160 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/08/03 16:38:49.0664 1160 viamraid (9f3f276c7300ed211129757a411b605f) C:\Windows\system32\drivers\viamraid.sys
2011/08/03 16:38:49.0742 1160 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/08/03 16:38:49.0805 1160 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/08/03 16:38:49.0899 1160 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/08/03 16:38:49.0977 1160 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/08/03 16:38:50.0071 1160 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/03 16:38:50.0133 1160 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/03 16:38:50.0164 1160 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/03 16:38:50.0242 1160 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/08/03 16:38:50.0321 1160 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/03 16:38:50.0649 1160 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/03 16:38:50.0742 1160 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/03 16:38:50.0805 1160 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/03 16:38:50.0883 1160 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/03 16:38:50.0977 1160 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/08/03 16:38:51.0008 1160 Boot (0x1200) (62df0ca7b4d2326f149104f64eebc7ab) \Device\Harddisk0\DR0\Partition0
2011/08/03 16:38:51.0055 1160 Boot (0x1200) (203d9634ba80db53be727c133f229ded) \Device\Harddisk0\DR0\Partition1
2011/08/03 16:38:51.0055 1160 ================================================================================
2011/08/03 16:38:51.0055 1160 Scan finished
2011/08/03 16:38:51.0055 1160 ================================================================================
2011/08/03 16:38:51.0086 4136 Detected object count: 0
2011/08/03 16:38:51.0086 4136 Actual detected object count: 0
Ich glaube - wir haben fertig  Danke noch mal Grüße Pirxis |
|
03.08.2011, 15:56
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Bundespolizei..."auf dem Notebook und der Book ist gesperrt Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.08.2011, 16:20
| #9 |
| | "Bundespolizei..."auf dem Notebook und der Book ist gesperrt Hallo Das CF ist durch: Combofix Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 11-08-03.02 - tillmanns 03.08.2011 17:06:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.894.244 [GMT 2:00]
ausgeführt von:: c:\users\tillmanns\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\tillmanns\AppData\Roaming\EurekaLog
c:\users\tillmanns\AppData\Roaming\EurekaLog\EurekaLog.ini
c:\users\tillmanns\AppData\Roaming\Microsoft\Windows\Recent\weblink.url
c:\users\tillmanns\BLS.exe
c:\users\tillmanns\BLS_Erinnerung.exe
c:\windows\system32\msconfig.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-07-03 bis 2011-08-03 ))))))))))))))))))))))))))))))
.
.
2011-08-03 19:54 . 2011-08-03 19:54 -------- d-----w- C:\_OTL
2011-08-03 14:19 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5A0DE533-D43A-4BC4-B475-25514BE43AC4}\mpengine.dll
2011-08-03 14:18 . 2011-08-03 14:18 -------- d-----w- c:\users\tillmanns\AppData\Roaming\Malwarebytes
2011-08-03 14:17 . 2011-08-03 14:17 -------- d-----w- c:\programdata\Malwarebytes
2011-08-03 14:17 . 2011-08-03 14:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-02 05:34 . 2011-08-02 05:34 0 ---ha-w- c:\users\tillmanns\AppData\Local\BIT640E.tmp
2011-07-31 14:56 . 2011-07-31 14:56 0 ---ha-w- c:\users\tillmanns\AppData\Local\BIT5253.tmp
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-27 14:08 . 2011-05-27 14:08 9216 ----a-r- c:\users\tillmanns\AppData\Roaming\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe
2011-05-24 17:14 . 2009-10-03 13:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-20 09:39 . 2011-05-20 09:39 1138440 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-06-13 280592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-02-26 149040]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"WeatherBugAlert"="c:\program files\AWS\WeatherBug Alert\WeatherBugAlert.exe" [2010-02-22 442368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2006-08-29 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"SAFEHOME HotKeys"="c:\program files\Steganos Safe Home\SteganosHotKeyService.exe" [2007-03-21 25088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 266497]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Erinnerung fr Beurteilungen in der Schule.lnk - c:\users\tillmanns\BLS_Erinnerung.exe [N/A]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 mailKmd;mailKmd; [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 135664]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2008-05-07 71592]
S1 SLEE_15_DRIVER;Steganos Live Encryption Engine 15 [Driver];c:\windows\system32\drivers\Sleen15.sys [2007-02-21 12:33 80232]
S2 AntiVirFirewallService;Avira Premium Security Suite Firewall;c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe [2008-05-16 344321]
S2 AntiVirMailService;Avira Premium Security Suite MailGuard;c:\program files\Avira\Avira Premium Security Suite\avmailc.exe [2009-01-12 164097]
S2 antivirwebservice;Avira Premium Security Suite WebGuard;c:\program files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [2008-06-12 258305]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
S2 AVEService;Avira Premium Security Suite MailGuard Hilfsdienst;c:\program files\Avira\Avira Premium Security Suite\avesvc.exe [2008-05-09 41217]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2008-05-07 71464]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-17 118784]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 87149656
*Deregistered* - 87149656
.
Inhalt des "geplante Tasks" Ordners
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 16:32]
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 16:32]
.
2008-08-21 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
.
2011-08-03 c:\windows\Tasks\User_Feed_Synchronization-{3AA20BDA-7881-4C8E-B1B6-4835E47BC8C9}.job
- c:\windows\system32\msfeedssync.exe [2010-04-03 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Bild in &Microsoft PhotoDraw öffnen - c:\progra~1\MICROS~3\Office\1031\phdintl.dll/phdContext.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
LSP: avsda.dll
TCP: DhcpNameServer = 192.168.168.3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM_ActiveSetup-ccc-core-static - msiexec
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-08-03 17:16
Windows 6.0.6000 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????H?(???????(?X3(???aw????????????0???<???????|?????[w?e_w????3 aw!?aw??????(???(?=?Qw????L???~z\v??(???????(?????? A???(?????? A?2_??=?Qw?????????a@?`??????????? ?A???I?????? A???@???(??x@???(??_????@???(????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2011-08-03 17:19:31
ComboFix-quarantined-files.txt 2011-08-03 15:19
.
Vor Suchlauf: 16 Verzeichnis(se), 68.294.127.616 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 68.553.637.888 Bytes frei
.
- - End Of File - - 8108282BA449063CD1A09007711FE981
--- --- --- --- --- --- Grüße Pirxis |
|
03.08.2011, 16:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Bundespolizei..."auf dem Notebook und der Book ist gesperrt Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.08.2011, 16:42
| #11 |
| | "Bundespolizei..."auf dem Notebook und der Book ist gesperrt Huh - GMER killt mir Windows total mit Neustart.... Wie war das mit Windows-Definition? Der einzige Virus mit grafischer Oberfläche.....  |
|
03.08.2011, 17:01
| #12 |
| | "Bundespolizei..."auf dem Notebook und der Book ist gesperrt OSAM im grünen Bereich: [CODE] OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:58:59 on 03.08.2011 OS: Windows Vista Home Premium Edition (Build 6000), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "RegCure.job" - ? - C:\Program Files\RegCure\RegCure.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira Premium Security Suite " - "Avira GmbH" - C:\PROGRA~1\Avira\AVIRAP~1\avconfig.cpl "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avfwot" (avfwot) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avfwot.sys "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\Avira Premium Security Suite\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Program Files\Avira\Avira Premium Security Suite\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\TILLMA~1\AppData\Local\Temp\catchmegnuc.sys (File not found) "Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "mailKmd" (mailKmd) - ? - C:\Windows\system32\drivers\mailKmd.sys (File not found) "MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\Windows\system32\drivers\mbamswissarmy.sys (File not found) "ssmdrv" (ssmdrv) - "AVIRA GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "Steganos Live Encryption Engine 15 [Driver]" (SLEE_15_DRIVER) - "Softwareentwicklung Remus - ArchiCrypt " - C:\Windows\system32\drivers\Sleen15.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {0561EC90-CE54-4f0c-9C55-E226110A740C} "{0561EC90-CE54-4f0c-9C55-E226110A740C}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Protocols\Handler )----- {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Exctractor" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\MLSHEXT.DLL {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\Avira Premium Security Suite\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {FAE0A3E0-3010-41BA-9DDC-A631394F047F} "SteganosShellExtension" - ? - C:\Program Files\Steganos Safe Home\ShellExtension.dll (File found, but it contains no detailed information) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\tillmanns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Erinnerung für Beurteilungen in der Schule.lnk" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Erinnerung für Beurteilungen in der Schule.lnk (Shortcut exists | File not found) "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\OSA9.EXE (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" "fsc-reg" - "Fujitsu Siemens Computers" - C:\ProgramData\fsc-reg\fscreg.exe 20110714 "StartCCC" - ? - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (File found, but it contains no detailed information) "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "WeatherBugAlert" - "AWS Convergence Technologies" - "C:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe" /st -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "ApnUpdater" - "Ask" - "C:\Program Files\Ask.com\Updater\Updater.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min "HotkeyApp" - "Wistron" - C:\Program Files\Launch Manager\HotkeyApp.exe "LaunchAp" - ? - C:\Program Files\Launch Manager\LaunchAp.exe "LMgrOSD" - ? - C:\Program Files\Launch Manager\OSDCtrl.exe "LMgrVolOSD" - "Wistron Corp." - C:\Program Files\Launch Manager\OSD.exe "NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SAFEHOME HotKeys" - ? - "C:\Program Files\Steganos Safe Home\SteganosHotKeyService.exe" "Wbutton" - ? - "C:\Program Files\Launch Manager\Wbutton.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Automatisches LiveUpdate - Scheduler" (Automatisches LiveUpdate - Scheduler) - "Symantec Corporation" - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe "Avira Premium Security Suite Firewall" (AntiVirFirewallService) - "Avira GmbH" - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe "Avira Premium Security Suite Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe "Avira Premium Security Suite MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe "Avira Premium Security Suite MailGuard Hilfsdienst" (AVEService) - "Avira GmbH" - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe "Avira Premium Security Suite Planer" (AntiVirScheduler) - "Avira GmbH" - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe "Avira Premium Security Suite WebGuard" (antivirwebservice) - "Avira GmbH" - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe "Symantec Lic NetConnect service" (CLTNetCnService) - ? - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found) "WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - "Fujitsu Siemens Computers" - c:\windows\system32\Fujits~1.scr [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira GmbH" - C:\Windows\system32\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== |
|
03.08.2011, 17:15
| #13 |
| | "Bundespolizei..."auf dem Notebook und der Book ist gesperrt ... und das aswMBR Code:
ATTFilter aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-03 18:01:06
-----------------------------
18:01:06.045 OS Version: Windows 6.0.6000
18:01:06.045 Number of processors: 2 586 0xE0C
18:01:06.045 ComputerName: TILLMANNS-PC UserName: tillmanns
18:01:26.185 Initialize success
18:02:26.416 AVAST engine defs: 11080300
18:04:41.151 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:04:41.151 Disk 0 Vendor: WDC_WD1600BEVS-07RST0 04.01G04 Size: 152627MB BusType: 3
18:04:43.167 Disk 0 MBR read successfully
18:04:43.167 Disk 0 MBR scan
18:04:43.292 Disk 0 Windows VISTA default MBR code
18:04:43.307 Disk 0 scanning sectors +308482048
18:04:43.401 Disk 0 scanning C:\Windows\system32\drivers
18:05:00.307 Service scanning
18:05:02.104 Modules scanning
18:05:11.026 Disk 0 trace - called modules:
18:05:11.057 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
18:05:11.057 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84194ad8]
18:05:11.073 3 ntoskrnl.exe[81ca80af] -> nt!IofCallDriver -> [0x83b2af18]
18:05:11.088 5 acpi.sys[8047632a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83b2ebb0]
18:05:12.120 AVAST engine scan C:\Windows
18:05:21.276 AVAST engine scan C:\Windows\system32
18:08:27.588 AVAST engine scan C:\Windows\system32\drivers
18:08:41.323 AVAST engine scan C:\Users\tillmanns
18:13:17.292 AVAST engine scan C:\ProgramData
18:14:10.088 Scan finished successfully
18:14:45.707 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
18:14:45.722 The log file has been saved successfully to "F:\aswMBR.txt"
Pirxis |
|
04.08.2011, 08:44
| #15 |
| | "Bundespolizei..."auf dem Notebook und der Book ist gesperrt Moin! "MailKmd" aus der Registry gelöscht. Vielen Dank und bis zum nächsten Mal  Grüße Pirxis |
|
| Themen zu "Bundespolizei..."auf dem Notebook und der Book ist gesperrt |
| adobe, avira, bho, defender, error, euro, explorer, format, gesperrt, home, hotkey.sys, hotkeys, jashla.exe, launch, logfile, microsoft, notebook, nvidia, object, pdf, realtek, reatogo, registry, scan, sched.exe, security, symantec, tan, vista, winlogon |
Textbox.
.
Linear-Darstellung
