Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundespolizei Trojaner selber entfernt?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.08.2011, 23:01   #1
cody29
 
Bundespolizei Trojaner selber entfernt? - Standard

Bundespolizei Trojaner selber entfernt?



Auch ich hatte plötzlich während des Surfens ein Popup der "Bundespolizei". Ich habe zunächst selbständig über ein zweites Benutzerkonto den fehlerhaften Registry Schlüssel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
der auf die Datei
C:\Users\***\AppData\Local\Temp\0.10280323110239376.exe
zeigte wieder auf
explorer.exe
gesetzt.

Nun bin ich mir nicht sicher, ob ich den Trojaner und evtl. weitere nachgeladene Schadsoftware komplett wieder runter habe.

Ich bin alle Schritte für die Erstellung eines neuen Threads durchgegangen...

defogger gestartet -> ok
Einen benutzerdefinierten Quick Scan mit OTL durchgeführt -> Log Dateien
gmer durchlaufen lassen -> Log Datei

Zusätzlich habe ich einen Full Scan mit Malwarebytes durchgeführt. -> Log Datei

Hier die OTL.txt
Code:
ATTFilter
OTL logfile created on: 11.08.2011 18:16:02 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = E:\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,29% Memory free
2,94 Gb Paging File | 1,84 Gb Available in Paging File | 62,70% Paging File free
Paging file location(s): c:\pagefile.sys 1024 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 0,29 Gb Free Space | 1,21% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 0,15 Gb Free Space | 1,05% Space Free | Partition Type: NTFS
Drive E: | 7,81 Gb Total Space | 1,39 Gb Free Space | 17,79% Space Free | Partition Type: NTFS
Drive F: | 94,68 Gb Total Space | 3,59 Gb Free Space | 3,79% Space Free | Partition Type: FAT32
Drive G: | 234,93 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.11 18:14:05 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\***\Desktop\OTL.exe
PRC - [2011.08.11 18:12:54 | 000,050,477 | ---- | M] () -- E:\Download\Defogger.exe
PRC - [2011.07.06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.30 22:45:24 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.27 21:00:58 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.11.02 22:08:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2006.12.26 17:08:48 | 000,053,248 | ---- | M] () -- C:\Programme\MMEDIA\TV Jukebox 3.1\tvjbMonitor.exe
PRC - [2006.11.08 19:47:14 | 001,066,528 | ---- | M] (Dell Inc) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2006.11.02 01:46:00 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.11 18:14:05 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\***\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.30 22:45:24 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.27 21:00:58 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.03.03 15:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [On_Demand | Stopped] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.18 23:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.18 23:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxion\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.30 22:45:29 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.30 22:45:29 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.03.03 15:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2007.03.20 15:13:38 | 000,300,544 | ---- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2007.01.12 10:52:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006.11.21 04:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.11.15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.08.04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2004.04.27 00:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.60
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.5
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.20 23:44:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.20 23:44:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.02 22:35:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.19 07:52:26 | 000,000,000 | ---D | M]
 
[2008.08.11 20:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.07.27 19:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions
[2010.04.27 23:24:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.28 15:10:41 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2008.10.07 20:39:52 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2009.07.25 20:14:37 | 000,000,000 | ---D | M] (Ask Chrome Search Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions\askopensearch-VTS@ask.com
[2010.11.18 00:19:48 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.09.21 23:43:43 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011.07.13 09:16:48 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions\foxmarks@kei.com
[2011.03.12 12:32:09 | 000,000,000 | ---D | M] (Personas) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions\personas@christopher.beard
[2011.06.21 20:01:24 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions\piclens@cooliris.com
[2008.07.27 23:33:57 | 000,005,310 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\azqgcgkw.default\searchplugins\footiefox.xml
[2011.03.24 21:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.22 21:18:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.22 21:46:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 21:51:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.22 21:02:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- 
[2009.01.09 21:37:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.03.25 00:04:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010.02.08 00:53:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.22 21:18:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.22 21:46:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 21:51:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.22 21:02:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AZQGCGKW.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AZQGCGKW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AZQGCGKW.DEFAULT\EXTENSIONS\EXIF_VIEWER@MOZILLA.DOSLASH.ORG.XPI
[2011.07.02 22:35:08 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.07 23:42:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: () - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\Programme\Star Downloader\SDIEInt.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellSupportCenter]  File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [tvjbmonitor] C:\Programme\MMEDIA\TV Jukebox 3.1\tvjbMonitor.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter]  File not found
O8 - Extra context menu item: Download with Star Downloader - C:\Programme\Star Downloader\sdie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: F:\Bilder\Wallpaper\IMG_6663.JPG
O24 - Desktop BackupWallPaper: F:\Bilder\Wallpaper\IMG_6663.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0a2db21f-9312-11dd-bc1f-00197edc7e35}\Shell\AutoRun\command - "" = H:\Menu.exe
O33 - MountPoints2\{0a672670-27d1-11df-8d36-00197edc7e35}\Shell\AutoRun\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{0a672670-27d1-11df-8d36-00197edc7e35}\Shell\open\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{f6c3aece-eacf-11dd-b5ff-00197edc7e35}\Shell\AutoRun\command - "" = H:\TrueCrypt.exe /q /a /e /m rm /v "tanken_6GB"
O33 - MountPoints2\{f6c3aece-eacf-11dd-b5ff-00197edc7e35}\Shell\mount\command - "" = H:\TrueCrypt.exe /q /a /e /m rm /v "tanken_6GB"
O33 - MountPoints2\{f6c3aece-eacf-11dd-b5ff-00197edc7e35}\Shell\open\command - "" = H:\TrueCrypt.exe /e /m rm /v "tanken_6GB"
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "bootini" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.11 18:14:02 | 000,579,584 | ---- | C] (OldTimer Tools) -- E:\***\Desktop\OTL.exe
[2011.08.11 07:18:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.08.10 23:31:46 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.10 23:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.10 23:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.10 23:31:41 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.10 23:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.29 21:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2008.12.01 23:12:10 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx
[1 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.11 18:14:05 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\***\Desktop\OTL.exe
[2011.08.11 18:13:36 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.08.11 18:12:31 | 000,382,852 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.11 18:12:31 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.11 18:12:31 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.11 18:12:31 | 000,013,514 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.11 17:48:15 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.11 17:04:32 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.11 17:04:32 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.11 13:52:10 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.08.11 07:04:55 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.11 07:04:37 | 000,249,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.08.11 07:04:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.11 07:04:18 | 2137,460,736 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.11 00:10:03 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.08.10 23:31:46 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.10 12:19:27 | 000,158,720 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.03 07:27:39 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Local\{CF0599A2-42A0-48D3-AFFB-A3A226422097}
[2011.07.21 21:43:01 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Local\{1B9E9103-BE81-4198-89F0-112F6173EB10}
[2011.07.14 21:43:00 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Local\{C54367A9-F865-4FD9-93C0-BF500BF9C655}
[1 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.11 18:13:36 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.08.10 23:31:46 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.03 07:27:39 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{CF0599A2-42A0-48D3-AFFB-A3A226422097}
[2011.07.21 21:43:01 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{1B9E9103-BE81-4198-89F0-112F6173EB10}
[2011.07.14 21:43:00 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{C54367A9-F865-4FD9-93C0-BF500BF9C655}
[2011.06.26 22:36:49 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{0FF33413-6670-4052-8659-23CA3B8DB294}
[2011.05.19 22:22:56 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{7B663564-DB46-4B79-B4B3-47D876A906DB}
[2011.05.17 21:37:00 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{75EB25E7-160D-4609-94EA-DD0210880734}
[2011.05.17 11:32:06 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{EF79E007-8E29-42D4-8DCA-757B4FEBF200}
[2011.05.17 11:30:06 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{2115FAF6-6DEA-4171-8623-25F55D9FD6C3}
[2011.03.12 23:14:33 | 000,000,356 | ---- | C] () -- C:\Windows\wiso.ini
[2010.10.25 22:08:29 | 000,000,062 | ---- | C] () -- C:\Windows\wds.ini
[2010.02.20 22:00:37 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.02.20 22:00:37 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.09.14 01:19:41 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.08.10 21:52:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.10 21:52:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.04.27 23:44:57 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2009.03.19 23:49:47 | 000,002,856 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.01.20 12:50:03 | 000,303,616 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2009.01.20 12:50:02 | 000,000,202 | ---- | C] () -- C:\Windows\System32\Ic32.ini
[2008.08.26 14:06:14 | 000,000,071 | ---- | C] () -- C:\Windows\wmpg2.ini
[2008.08.13 19:43:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.02 21:56:30 | 000,000,196 | ---- | C] () -- C:\Windows\System32\af15irtbl.bin
[2007.11.04 17:39:49 | 000,005,632 | ---- | C] () -- C:\Windows\System32\CNMVS47.DLL
[2007.09.06 23:27:44 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.09.05 22:35:16 | 000,158,720 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.09.04 23:08:19 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.09.04 22:57:49 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007.09.04 22:57:48 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2007.09.02 17:36:13 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.09.02 17:31:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.09.02 17:18:30 | 000,796,048 | ---- | C] () -- C:\Windows\System32\libeay32_0.9.6l.dll
[2007.09.02 09:43:34 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.07.01 19:50:16 | 000,064,976 | ---- | C] () -- C:\Windows\System32\PDFreDirectMonNT.dll
[2006.12.12 11:13:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2006.12.12 10:02:50 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006.12.12 10:01:48 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006.11.29 21:08:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 17:33:31 | 000,382,852 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,249,296 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:33:01 | 000,013,514 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.20 23:02:32 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.09.20 23:02:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004.03.26 10:56:40 | 000,017,191 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
 
========== LOP Check ==========
 
[2009.09.29 00:15:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.kde
[2011.03.13 23:57:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011.03.12 23:16:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2011.03.31 21:44:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2011.08.10 11:13:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2008.12.22 20:09:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CD-LabelPrint
[2011.06.23 01:38:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2007.09.11 23:33:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ID3-TagIT 3
[2010.12.11 22:43:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCDr
[2007.09.25 21:18:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF reDirect
[2009.01.27 00:13:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Picturenaut
[2007.09.05 22:53:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pixmantec
[2007.11.03 11:47:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pokerth
[2011.06.18 08:29:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RavensburgerTipToi
[2011.05.01 09:01:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2011.08.11 00:10:03 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2007.09.02 13:22:52 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2007.11.04 17:40:59 | 000,000,000 | -H-D | M] -- C:\BJPrinter
[2007.09.06 22:42:49 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2011.08.11 07:05:29 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2007.11.26 00:42:47 | 000,000,000 | ---D | M] -- C:\Dell
[2011.02.12 23:28:25 | 000,000,000 | ---D | M] -- C:\divx
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.09.02 09:50:23 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.02.20 21:48:20 | 000,000,000 | ---D | M] -- C:\Intel
[2008.08.11 19:48:41 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.08.10 23:31:41 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.08.10 23:31:44 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007.09.02 09:50:23 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.10 22:52:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2007.09.02 13:22:32 | 000,000,000 | R--D | M] -- C:\Users
[2011.07.13 21:19:21 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.15 00:19:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.15 00:19:31 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-10 18:36:25
 
<           >

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 11.08.2011 18:16:02 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = E:\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,29% Memory free
2,94 Gb Paging File | 1,84 Gb Available in Paging File | 62,70% Paging File free
Paging file location(s): c:\pagefile.sys 1024 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 0,29 Gb Free Space | 1,21% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 0,15 Gb Free Space | 1,05% Space Free | Partition Type: NTFS
Drive E: | 7,81 Gb Total Space | 1,39 Gb Free Space | 17,79% Space Free | Partition Type: NTFS
Drive F: | 94,68 Gb Total Space | 3,59 Gb Free Space | 3,79% Space Free | Partition Type: FAT32
Drive G: | 234,93 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{54EEB489-D34A-49A6-9A4B-D1BB5F51C2DF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{698DE17F-F65E-4E89-AA7E-E0A1E5B2210C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8AEB53E4-DAB0-426C-BAEC-D772BDA2DAB0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9FA2992B-307E-45D8-A028-5E5785CAEDD9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{58138580-A0BB-476B-B672-D9C4B93CCBB6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{6049CA3C-7FA7-4701-B773-EC3AF8536738}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{85E4B62D-819F-4615-925F-ED2D78D6DC41}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{8AA9FD5A-D9A6-47E6-940E-44933A35CE47}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{DCAA29C1-A4A5-45DC-8BBF-E22A736F09B9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{F93CD31A-4BEE-43EC-B7A3-6A1E79B31461}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{1A8B0C28-39DC-4790-B476-EF19A4ADD813}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{249E1F37-76A3-43E7-9B66-0E7130EF60E2}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{2DDE7A56-6280-4B1F-8865-983F1F0B970F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{3D9F0185-E5A5-4D04-91A8-4CAE2A5B0D5F}C:6\backup_app\bilder\rsync.exe" = protocol=6 | dir=in | app=c:6\backup_app\bilder\rsync.exe | 
"TCP Query User{928C9B02-3811-4BF8-AEFB-934446D802DE}E:0\backup_app\benutzer\rsync.exe" = protocol=6 | dir=in | app=e:0\backup_app\benutzer\rsync.exe | 
"TCP Query User{BC5D7E8B-57DE-4515-8A8C-6C7ABF3A1F9A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{CE069B6B-8DB6-4313-A80A-ADD0A6F78149}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{DCDD5D51-EC85-4226-95EA-EDF79BAC12CE}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{FE4BD617-EF7B-4AF9-96FA-3720E42BFD08}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{01656FD9-9D5F-47FA-8DC8-96122C0C7156}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{60E45206-1543-43C9-95B8-78DD85C41D1D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{6A908665-A737-4CA5-A891-4356E87CDF2D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{75A5BE36-BE7F-49F9-BB3D-1BF73D78A49F}C:6\backup_app\bilder\rsync.exe" = protocol=17 | dir=in | app=c:6\backup_app\bilder\rsync.exe | 
"UDP Query User{8EF803C8-56DE-4EC1-B155-4CFD1292502E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{DD398D51-B52F-46B5-BBE0-15BBED7EFE00}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{DE30A99D-30F1-4931-BC83-520B41DB744D}E:0\backup_app\benutzer\rsync.exe" = protocol=17 | dir=in | app=e:0\backup_app\benutzer\rsync.exe | 
"UDP Query User{EB88DD6A-AFB3-42A0-8486-30DF6CD71DEF}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{F34C58F7-EBA0-4540-A8EE-9F9B2EA30ED9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}" = QuickSet
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F3F1D08D-ABEF-4528-8383-54C46369EBB6}" = TV Jukebox 3.1
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Autopano_SIFT_23" = Autopano-SIFT 2.3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung
"Canon RAW Codec" = Canon RAW Codec
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CDex" = CDex extraction audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Deutsch Stratego 1.0" = Deutsch Stratego 1
"Deutsche Geschichte" = Deutsche Geschichte
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Exifer_is1" = Exifer
"Google Updater" = Google Updater
"HappyFish" = HappyFish 1.5.0.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"hotpot_is1" = HotPotatoes v 6.2.5.4
"Hugin_is1" = Hugin 0.7.0 (SVN 3465)
"ID3-TagIT 3_is1" = ID3-TagIT 3
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Ogg Codecs" = Ogg Codecs 0.81.15562
"PDF reDirect" = PDF reDirect (remove only)
"Praxis Geschichte 1998-2002" = Praxis Geschichte 1998-2002
"Ravensburger tiptoi" = Ravensburger tiptoi
"RawShooter essentials 2006" = RawShooter essentials 2006
"Star Downloader Free" = Star Downloader Free
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.4
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.10.2009 12:45:01 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 09.10.2009 12:53:11 | Computer Name = Laptop | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 09.10.2009 12:54:02 | Computer Name = Laptop | Source = Google Update | ID = 20
Description = 
 
Error - 09.10.2009 13:54:06 | Computer Name = Laptop | Source = Google Update | ID = 20
Description = 
 
Error - 09.10.2009 14:54:06 | Computer Name = Laptop | Source = Google Update | ID = 20
Description = 
 
Error - 09.10.2009 16:10:10 | Computer Name = Laptop | Source = Google Update | ID = 20
Description = 
 
Error - 09.10.2009 17:27:17 | Computer Name = Laptop | Source = Google Update | ID = 20
Description = 
 
Error - 09.10.2009 18:27:14 | Computer Name = Laptop | Source = Google Update | ID = 20
Description = 
 
Error - 09.10.2009 18:59:47 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 09.10.2009 18:59:47 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ Broadcom Wireless LAN Events ]
Error - 28.06.2011 16:00:00 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless
 Adapter Manager Container) 
 
Error - 28.06.2011 16:00:00 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Unable to provide access to "Everyone" for container Broadcom
 Wireless Adapter Manager Container Laptop\*** 
 
Error - 06.07.2011 16:28:19 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless
 Adapter Manager Container) 
 
Error - 06.07.2011 16:28:19 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Unable to provide access to "Everyone" for container Broadcom
 Wireless Adapter Manager Container Laptop\*** 
 
Error - 09.07.2011 11:32:36 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless
 Adapter Manager Container) 
 
Error - 09.07.2011 11:32:36 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Unable to provide access to "Everyone" for container Broadcom
 Wireless Adapter Manager Container Laptop\*** 
 
Error - 18.07.2011 16:46:35 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless
 Adapter Manager Container) 
 
Error - 18.07.2011 16:46:35 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Unable to provide access to "Everyone" for container Broadcom
 Wireless Adapter Manager Container Laptop\*** 
 
Error - 09.08.2011 00:16:26 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless
 Adapter Manager Container) 
 
Error - 09.08.2011 00:16:26 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Unable to provide access to "Everyone" for container Broadcom
 Wireless Adapter Manager Container Laptop\*** 
 
[ System Events ]
Error - 10.08.2011 16:03:59 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 10.08.2011 16:03:59 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.08.2011 16:39:00 | Computer Name = Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 10.08.2011 17:08:51 | Computer Name = Laptop | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 10.08.2011 17:09:43 | Computer Name = Laptop | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 10.08.2011 17:10:43 | Computer Name = Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 10.08.2011 um 23:08:08 unerwartet heruntergefahren.
 
Error - 10.08.2011 17:11:15 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.08.2011 01:04:00 | Computer Name = Laptop | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 11.08.2011 01:04:16 | Computer Name = Laptop | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 11.08.2011 01:05:58 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
gmer.log:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-08-11 19:23:15
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHW2160BH rev.0085001C
Running: 4q7eff8b.exe; Driver: C:\Users\Mario\AppData\Local\Temp\uwddapow.sys


---- System - GMER 1.0.15 ----

SSDT            8D02FBE6                                                                                         ZwCreateSection
SSDT            8D02FBEB                                                                                         ZwSetContextThread
SSDT            8D02FB87                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                    82ABD998 4 Bytes  [E6, FB, 02, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                    82ABDCF0 4 Bytes  [EB, FB, 02, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                    82ABDDA4 4 Bytes  [87, FB, 02, 8D]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197edc7e35                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197edc7e35@0021feaccd0c         0x52 0xF2 0xEC 0xFC ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197edc7e35 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197edc7e35@0021feaccd0c             0x52 0xF2 0xEC 0xFC ...

---- EOF - GMER 1.0.15 ----
         
mbam.log
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7435

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

11.08.2011 21:02:08
mbam-log-2011-08-11 (21-02-08).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 423689
Time elapsed: 1 hour(s), 33 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
         

Alt 12.08.2011, 12:34   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner selber entfernt? - Standard

Bundespolizei Trojaner selber entfernt?



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 12.08.2011, 14:39   #3
cody29
 
Bundespolizei Trojaner selber entfernt? - Standard

Bundespolizei Trojaner selber entfernt?



Ich hatte Malwarebyte insgesamt 3x laufen, jedoch nur einmal vollständig.

Hier alle logs:

Flash Scan

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7430

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

11.08.2011 07:20:24
mbam-log-2011-08-11 (07-20-24).txt

Scan type: Flash scan
Objects scanned: 135736
Time elapsed: 1 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
         
Full Scan auf C:\

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7430

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

11.08.2011 08:24:01
mbam-log-2011-08-11 (08-24-01).txt

Scan type: Full scan (C:\|)
Objects scanned: 290980
Time elapsed: 1 hour(s), 2 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
         
Full Scan auf alle lokalen Festplatten

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7435

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

11.08.2011 21:02:08
mbam-log-2011-08-11 (21-02-08).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 423689
Time elapsed: 1 hour(s), 33 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
         
Dann noch die Protection Logs:

10.08.11
Code:
ATTFilter
23:34:08	***	MESSAGE	Protection started successfully
23:34:14	***	MESSAGE	IP Protection started successfully
         
11.08.11
Code:
ATTFilter
07:07:13	***	MESSAGE	Protection started successfully
07:07:19	***	MESSAGE	IP Protection started successfully
19:28:07	***	MESSAGE	Protection started successfully
19:28:12	***	MESSAGE	IP Protection started successfully
23:53:36	***	MESSAGE	Scheduled update executed successfully
23:53:37	***	MESSAGE	IP Protection stopped
23:53:47	***	MESSAGE	Database updated successfully
23:53:50	***	MESSAGE	IP Protection started successfully
         
und vom 12.08.11

Code:
ATTFilter
08:10:06	***	MESSAGE	Protection started successfully
08:10:12	***	MESSAGE	IP Protection started successfully
         
__________________

Alt 12.08.2011, 14:44   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner selber entfernt? - Standard

Bundespolizei Trojaner selber entfernt?



Führe auch bitte ESET aus, danach sehen wir weiter.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

n.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.08.2011, 06:45   #5
cody29
 
Bundespolizei Trojaner selber entfernt? - Standard

Bundespolizei Trojaner selber entfernt?



Habe den Scan durchgeführt...

Die JRE (Java 6) hatte ich vor dem Scan über die Systemsteuerung bereits deinstalliert. Die "Reste", die durch den Scan gefunden wurden, sind aber immer noch da.
Auf D:\ (parallel installiertes Windows) wurde HotSPotShield von mir mal instaliiert.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=0e0c1f9599e982428545a8677e9ff642
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-12 11:28:31
# local_time=2011-08-13 01:28:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 571 88079051 0 0
# compatibility_mode=5892 16776573 100 100 52801 150715215 0 0
# compatibility_mode=8192 67108863 100 0 11555 11555 0 0
# compatibility_mode=9217 16777214 75 66 107236163 108636595 0 0
# scanned=276515
# found=4
# cleaned=0
# scan_time=9223
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-37eb1ea6	probably a variant of Win32/Agent.DYXWUMY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\556445eb-681b57ab	probably a variant of Win32/Agent.DYXWUMY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\fa8f07a-6afcb2cf		probably a variant of Win32/Agent.DYXWUMY trojan (unable to clean)	00000000000000000000000000000000	I
D:\Program Files\Hotspot Shield\bin\openvpnas.exe	a variant of Win32/HotSpotShield application (unable to clean)	00000000000000000000000000000000	I
         


Alt 15.08.2011, 08:57   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner selber entfernt? - Standard

Bundespolizei Trojaner selber entfernt?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0a2db21f-9312-11dd-bc1f-00197edc7e35}\Shell\AutoRun\command - "" = H:\Menu.exe
O33 - MountPoints2\{0a672670-27d1-11df-8d36-00197edc7e35}\Shell\AutoRun\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{0a672670-27d1-11df-8d36-00197edc7e35}\Shell\open\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
--> Bundespolizei Trojaner selber entfernt?

Alt 15.08.2011, 16:57   #7
cody29
 
Bundespolizei Trojaner selber entfernt? - Standard

Bundespolizei Trojaner selber entfernt?



Fix ist durchgelaufen, hier das log:

Code:
ATTFilter
========== OTL ==========
Prefs.js: "localhost" removed from network.proxy.http
Prefs.js: 9666 removed from network.proxy.http_port
Prefs.js: "localhost" removed from network.proxy.socks
Prefs.js: 9050 removed from network.proxy.socks_port
Prefs.js: true removed from network.proxy.socks_remote_dns
Prefs.js: "localhost" removed from network.proxy.ssl
Prefs.js: 9666 removed from network.proxy.ssl_port
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2db21f-9312-11dd-bc1f-00197edc7e35}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2db21f-9312-11dd-bc1f-00197edc7e35}\ not found.
File H:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a672670-27d1-11df-8d36-00197edc7e35}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a672670-27d1-11df-8d36-00197edc7e35}\ not found.
File H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a672670-27d1-11df-8d36-00197edc7e35}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a672670-27d1-11df-8d36-00197edc7e35}\ not found.
File H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.26.1 log created on 08152011_175413
         

Alt 15.08.2011, 18:40   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner selber entfernt? - Standard

Bundespolizei Trojaner selber entfernt?



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.08.2011, 23:37   #9
cody29
 
Bundespolizei Trojaner selber entfernt? - Standard

Bundespolizei Trojaner selber entfernt?



Hier das Log:

Code:
ATTFilter
2011/08/16 00:32:31.0182 2636	TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/16 00:32:31.0431 2636	================================================================================
2011/08/16 00:32:31.0431 2636	SystemInfo:
2011/08/16 00:32:31.0431 2636	
2011/08/16 00:32:31.0431 2636	OS Version: 6.0.6002 ServicePack: 2.0
2011/08/16 00:32:31.0431 2636	Product type: Workstation
2011/08/16 00:32:31.0431 2636	ComputerName: LAPTOP
2011/08/16 00:32:31.0431 2636	UserName: Mario
2011/08/16 00:32:31.0431 2636	Windows directory: C:\Windows
2011/08/16 00:32:31.0431 2636	System windows directory: C:\Windows
2011/08/16 00:32:31.0431 2636	Processor architecture: Intel x86
2011/08/16 00:32:31.0431 2636	Number of processors: 2
2011/08/16 00:32:31.0431 2636	Page size: 0x1000
2011/08/16 00:32:31.0431 2636	Boot type: Normal boot
2011/08/16 00:32:31.0431 2636	================================================================================
2011/08/16 00:32:33.0522 2636	Initialize success
2011/08/16 00:32:48.0498 3872	================================================================================
2011/08/16 00:32:48.0498 3872	Scan started
2011/08/16 00:32:48.0498 3872	Mode: Manual; 
2011/08/16 00:32:48.0498 3872	================================================================================
2011/08/16 00:32:50.0401 3872	61883           (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
2011/08/16 00:32:50.0479 3872	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/16 00:32:50.0635 3872	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/08/16 00:32:50.0744 3872	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/08/16 00:32:50.0822 3872	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/08/16 00:32:50.0978 3872	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/08/16 00:32:51.0181 3872	AF15BDA         (25e12313338e476293178bcae4d6f4e2) C:\Windows\system32\DRIVERS\AF15BDA.sys
2011/08/16 00:32:51.0477 3872	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/16 00:32:51.0602 3872	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/08/16 00:32:51.0680 3872	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/16 00:32:51.0852 3872	aliide          (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2011/08/16 00:32:51.0945 3872	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/08/16 00:32:52.0023 3872	amdide          (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2011/08/16 00:32:52.0164 3872	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/08/16 00:32:52.0257 3872	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/08/16 00:32:52.0382 3872	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/08/16 00:32:52.0523 3872	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/08/16 00:32:52.0632 3872	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/16 00:32:52.0725 3872	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/16 00:32:52.0866 3872	Avc             (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
2011/08/16 00:32:52.0944 3872	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/08/16 00:32:53.0084 3872	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/08/16 00:32:53.0193 3872	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/08/16 00:32:53.0287 3872	BCM43XV         (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/08/16 00:32:53.0365 3872	BCM43XX         (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/08/16 00:32:53.0505 3872	bcm4sbxp        (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/08/16 00:32:53.0615 3872	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/16 00:32:53.0849 3872	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/16 00:32:53.0927 3872	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/16 00:32:54.0005 3872	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/16 00:32:54.0161 3872	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/16 00:32:54.0239 3872	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/16 00:32:54.0317 3872	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/16 00:32:54.0379 3872	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/16 00:32:54.0535 3872	BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/08/16 00:32:54.0644 3872	BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/16 00:32:54.0738 3872	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/16 00:32:54.0909 3872	BTHPORT         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/08/16 00:32:55.0034 3872	BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/08/16 00:32:55.0175 3872	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/16 00:32:55.0284 3872	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/16 00:32:55.0377 3872	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/08/16 00:32:55.0533 3872	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/16 00:32:55.0658 3872	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/16 00:32:55.0736 3872	cmdide          (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2011/08/16 00:32:55.0861 3872	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/16 00:32:55.0939 3872	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/16 00:32:56.0001 3872	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/08/16 00:32:56.0126 3872	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/16 00:32:56.0282 3872	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/16 00:32:56.0391 3872	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/16 00:32:56.0516 3872	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/16 00:32:56.0672 3872	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/16 00:32:56.0797 3872	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/16 00:32:56.0891 3872	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/08/16 00:32:57.0078 3872	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/16 00:32:57.0187 3872	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/16 00:32:57.0265 3872	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/16 00:32:57.0421 3872	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/16 00:32:57.0468 3872	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/16 00:32:57.0561 3872	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/16 00:32:57.0702 3872	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/16 00:32:57.0780 3872	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/16 00:32:57.0873 3872	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/16 00:32:58.0061 3872	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/08/16 00:32:58.0185 3872	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/16 00:32:58.0248 3872	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/16 00:32:58.0326 3872	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/16 00:32:58.0435 3872	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/16 00:32:58.0544 3872	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/08/16 00:32:58.0669 3872	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/08/16 00:32:58.0825 3872	HSF_DPV         (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/08/16 00:32:58.0981 3872	HSXHWAZL        (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/08/16 00:32:59.0121 3872	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/16 00:32:59.0231 3872	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/08/16 00:32:59.0340 3872	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/16 00:32:59.0527 3872	ialm            (5f43e40c46d98e5e1e7d8a77d7bbf738) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/08/16 00:32:59.0636 3872	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/08/16 00:32:59.0792 3872	igfx            (5f43e40c46d98e5e1e7d8a77d7bbf738) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/08/16 00:32:59.0933 3872	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/16 00:33:00.0057 3872	intelide        (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
2011/08/16 00:33:00.0151 3872	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/16 00:33:00.0291 3872	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/16 00:33:00.0447 3872	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/16 00:33:00.0525 3872	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/16 00:33:00.0681 3872	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/16 00:33:00.0775 3872	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/08/16 00:33:00.0931 3872	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/16 00:33:01.0056 3872	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/16 00:33:01.0149 3872	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/16 00:33:01.0243 3872	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/16 00:33:01.0461 3872	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/16 00:33:01.0571 3872	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/16 00:33:01.0680 3872	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/16 00:33:01.0789 3872	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/16 00:33:01.0945 3872	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/16 00:33:02.0023 3872	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/16 00:33:02.0117 3872	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/16 00:33:02.0226 3872	MBAMProtector   (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/08/16 00:33:02.0351 3872	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/08/16 00:33:02.0444 3872	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/08/16 00:33:02.0553 3872	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/16 00:33:02.0678 3872	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/16 00:33:02.0725 3872	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/16 00:33:02.0803 3872	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/16 00:33:02.0912 3872	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/16 00:33:03.0006 3872	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/08/16 00:33:03.0099 3872	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/16 00:33:03.0209 3872	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/16 00:33:03.0333 3872	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/16 00:33:03.0411 3872	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/16 00:33:03.0489 3872	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/16 00:33:03.0552 3872	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/16 00:33:03.0614 3872	msahci          (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2011/08/16 00:33:03.0739 3872	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/08/16 00:33:03.0879 3872	MSDV            (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
2011/08/16 00:33:03.0989 3872	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/16 00:33:04.0098 3872	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/16 00:33:04.0191 3872	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/16 00:33:04.0301 3872	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/16 00:33:04.0347 3872	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/16 00:33:04.0488 3872	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/16 00:33:04.0550 3872	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/16 00:33:04.0628 3872	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/16 00:33:04.0706 3872	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/16 00:33:04.0831 3872	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/16 00:33:04.0956 3872	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/16 00:33:05.0065 3872	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/16 00:33:05.0174 3872	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/16 00:33:05.0283 3872	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/16 00:33:05.0377 3872	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/16 00:33:05.0502 3872	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/16 00:33:05.0580 3872	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/16 00:33:05.0705 3872	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/16 00:33:05.0861 3872	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/16 00:33:05.0939 3872	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/16 00:33:06.0063 3872	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/16 00:33:06.0204 3872	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/16 00:33:06.0297 3872	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/16 00:33:06.0391 3872	nvraid          (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
2011/08/16 00:33:06.0500 3872	nvstor          (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/08/16 00:33:06.0578 3872	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/08/16 00:33:06.0812 3872	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/16 00:33:06.0937 3872	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/16 00:33:07.0062 3872	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/16 00:33:07.0109 3872	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/16 00:33:07.0249 3872	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/16 00:33:07.0358 3872	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/16 00:33:07.0452 3872	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/16 00:33:07.0577 3872	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/16 00:33:07.0826 3872	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/16 00:33:07.0935 3872	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/08/16 00:33:08.0076 3872	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/16 00:33:08.0169 3872	PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/08/16 00:33:08.0279 3872	QCDonner        (b1ad87b4c97b6b59fcd075001e76865f) C:\Windows\system32\DRIVERS\LVCD.sys
2011/08/16 00:33:08.0497 3872	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/08/16 00:33:08.0637 3872	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/16 00:33:08.0793 3872	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/16 00:33:08.0903 3872	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/16 00:33:08.0981 3872	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/16 00:33:09.0121 3872	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/16 00:33:09.0215 3872	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/16 00:33:09.0308 3872	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/16 00:33:09.0386 3872	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/16 00:33:09.0527 3872	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/08/16 00:33:09.0605 3872	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/16 00:33:09.0714 3872	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/16 00:33:09.0870 3872	RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/16 00:33:09.0995 3872	rimmptsk        (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/08/16 00:33:10.0073 3872	rimsptsk        (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/08/16 00:33:10.0151 3872	rismxdp         (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/08/16 00:33:10.0260 3872	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/16 00:33:10.0385 3872	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/16 00:33:10.0541 3872	sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/16 00:33:10.0603 3872	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/16 00:33:10.0712 3872	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/16 00:33:10.0837 3872	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/16 00:33:10.0946 3872	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/16 00:33:11.0071 3872	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/16 00:33:11.0180 3872	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/16 00:33:11.0305 3872	sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/16 00:33:11.0367 3872	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/16 00:33:11.0445 3872	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/08/16 00:33:11.0570 3872	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/08/16 00:33:11.0679 3872	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/08/16 00:33:11.0789 3872	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/16 00:33:11.0898 3872	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/16 00:33:12.0038 3872	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/16 00:33:12.0132 3872	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/16 00:33:12.0179 3872	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/16 00:33:12.0257 3872	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/08/16 00:33:12.0413 3872	STHDA           (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys
2011/08/16 00:33:12.0569 3872	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/16 00:33:12.0647 3872	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/16 00:33:12.0756 3872	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/16 00:33:12.0849 3872	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/16 00:33:12.0959 3872	SynTP           (1f5192248a364d4ab68db063d18a2139) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/16 00:33:13.0146 3872	Tcpip           (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/08/16 00:33:13.0255 3872	Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/16 00:33:13.0349 3872	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/16 00:33:13.0427 3872	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/16 00:33:13.0583 3872	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/16 00:33:13.0692 3872	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/16 00:33:13.0785 3872	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/16 00:33:13.0988 3872	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/16 00:33:14.0082 3872	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/16 00:33:14.0175 3872	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/08/16 00:33:14.0300 3872	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/16 00:33:14.0425 3872	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/16 00:33:14.0503 3872	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/08/16 00:33:14.0643 3872	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/16 00:33:14.0753 3872	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/16 00:33:14.0831 3872	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/16 00:33:15.0033 3872	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/08/16 00:33:15.0189 3872	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/16 00:33:15.0267 3872	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/16 00:33:15.0423 3872	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/16 00:33:15.0501 3872	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/16 00:33:15.0564 3872	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/08/16 00:33:15.0673 3872	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/16 00:33:15.0923 3872	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/16 00:33:16.0016 3872	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/16 00:33:16.0094 3872	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/16 00:33:16.0188 3872	usb_rndisx      (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/08/16 00:33:16.0313 3872	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/16 00:33:16.0422 3872	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/16 00:33:16.0484 3872	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/08/16 00:33:16.0578 3872	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/08/16 00:33:16.0671 3872	viaide          (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2011/08/16 00:33:16.0781 3872	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/16 00:33:16.0843 3872	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/16 00:33:16.0983 3872	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/16 00:33:17.0077 3872	Vsdatant        (c8f5455f43977580d489ce31178f4166) C:\Windows\system32\DRIVERS\vsdatant.sys
2011/08/16 00:33:17.0186 3872	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/08/16 00:33:17.0342 3872	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/16 00:33:17.0420 3872	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/16 00:33:17.0451 3872	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/16 00:33:17.0545 3872	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/08/16 00:33:17.0732 3872	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/16 00:33:17.0873 3872	winachsf        (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/08/16 00:33:18.0153 3872	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/16 00:33:18.0247 3872	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/16 00:33:18.0356 3872	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/16 00:33:18.0465 3872	XAudio          (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/08/16 00:33:18.0637 3872	MBR (0x1B8)     (d83f94e05deced58921d4d8b25a861b7) \Device\Harddisk0\DR0
2011/08/16 00:33:18.0653 3872	Boot (0x1200)   (9d2fe628ac3e2911a2365fe75c792049) \Device\Harddisk0\DR0\Partition0
2011/08/16 00:33:18.0684 3872	Boot (0x1200)   (5e813d982fdabc23b031b99ccbd26941) \Device\Harddisk0\DR0\Partition1
2011/08/16 00:33:18.0715 3872	Boot (0x1200)   (d4b485e8076e4be2ae997fe66b3ee5a9) \Device\Harddisk0\DR0\Partition2
2011/08/16 00:33:18.0793 3872	Boot (0x1200)   (d82bc7e3ad0b26aa578d49408ca31e3f) \Device\Harddisk0\DR0\Partition3
2011/08/16 00:33:18.0824 3872	================================================================================
2011/08/16 00:33:18.0824 3872	Scan finished
2011/08/16 00:33:18.0824 3872	================================================================================
2011/08/16 00:33:18.0840 3688	Detected object count: 0
2011/08/16 00:33:18.0840 3688	Actual detected object count: 0
         

Alt 16.08.2011, 06:21   #10
cody29
 
Bundespolizei Trojaner selber entfernt? - Standard

Bundespolizei Trojaner selber entfernt?



Ich habe nach dem Kaspersky auch noch einmal malwarebyte laufen lassen, ich hoffe, das war ok...:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7474

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

16.08.2011 02:49:26
mbam-log-2011-08-16 (02-49-26).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 422956
Time elapsed: 2 hour(s), 10 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
         

Alt 16.08.2011, 10:10   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner selber entfernt? - Standard

Bundespolizei Trojaner selber entfernt?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.08.2011, 17:06   #12
cody29
 
Bundespolizei Trojaner selber entfernt? - Standard

Bundespolizei Trojaner selber entfernt?



Combofix ausgeführt, hier das Ergebnis:

das txt File ist für das Board zu groß, deshalb gezippt im Anhang:

(Ich habe die Benutzernamen noch mit * ersetzt)

Alt 17.08.2011, 09:20   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner selber entfernt? - Standard

Bundespolizei Trojaner selber entfernt?



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.08.2011, 21:54   #14
cody29
 
Bundespolizei Trojaner selber entfernt? - Standard

Bundespolizei Trojaner selber entfernt?



Hier die 3 Logs:

gmer

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-08-17 22:10:26
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHW2160BH rev.0085001C
Running: occ2fw3p.exe; Driver: C:\Users\Mario\AppData\Local\Temp\uwddapow.sys


---- System - GMER 1.0.15 ----

SSDT            8AF4C076                                                                                                                ZwCreateSection
SSDT            8AF4C07B                                                                                                                ZwSetContextThread
SSDT            8AF4C017                                                                                                                ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                                           82AB2998 4 Bytes  [76, C0, F4, 8A]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                                           82AB2CF0 4 Bytes  [7B, C0, F4, 8A]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                           82AB2DA4 4 Bytes  [17, C0, F4, 8A] {POP SS; SAL AH, 0x8a}

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[924] ntdll.dll!LdrLoadDll                                                  77C993A8 5 Bytes  JMP 008F1410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2840] USER32.dll!SetWindowLongA                                   76CDE7CD 5 Bytes  JMP 67E4EDA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2840] USER32.dll!SetWindowLongW                                   76CE13B4 5 Bytes  JMP 67E4ED38 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2840] USER32.dll!GetWindowInfo                                    76CE428E 5 Bytes  JMP 67C65451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2840] USER32.dll!TrackPopupMenu                                   76CF14F3 5 Bytes  JMP 67C65A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197edc7e35                                             
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197edc7e35@0021feaccd0c                                0x52 0xF2 0xEC 0xFC ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{3b4839a9-43ff-41da-9454-481170359c78}@Dhcpv6Iaid   268441982
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{3b4839a9-43ff-41da-9454-481170359c78}@Dhcpv6State  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{57814f84-816f-4e6a-8b38-9ccca407685a}@Dhcpv6Iaid   201333177
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{57814f84-816f-4e6a-8b38-9ccca407685a}@Dhcpv6State  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid   117445666
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{bde49094-46d9-4ab6-b28f-0b41d91ce411}@Dhcpv6Iaid   151001470
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{bde49094-46d9-4ab6-b28f-0b41d91ce411}@Dhcpv6State  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid   100668450
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State  0
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197edc7e35 (not active ControlSet)                         
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197edc7e35@0021feaccd0c                                    0x52 0xF2 0xEC 0xFC ...
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{3b4839a9-43ff-41da-9454-481170359c78}@Dhcpv6Iaid       268441982
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{3b4839a9-43ff-41da-9454-481170359c78}@Dhcpv6State      0
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{57814f84-816f-4e6a-8b38-9ccca407685a}@Dhcpv6Iaid       201333177
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{57814f84-816f-4e6a-8b38-9ccca407685a}@Dhcpv6State      0
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid       117445666
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State      0
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{bde49094-46d9-4ab6-b28f-0b41d91ce411}@Dhcpv6Iaid       151001470
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{bde49094-46d9-4ab6-b28f-0b41d91ce411}@Dhcpv6State      0
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid       100668450
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State      0

---- EOF - GMER 1.0.15 ----
         

osam:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:27:37 on 17.08.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 5.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BCMWLCPL.CPL" - "Dell Inc." - C:\Windows\system32\BCMWLCPL.CPL
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl
"PLWMidiMap.cpl" - "Putzlowitsch" - C:\Windows\system32\PLWMidiMap.cpl
"stacgui.cpl" - "SigmaTel, Inc." - C:\Windows\system32\stacgui.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"bcmwlcpl.cpl" - "Dell Inc." - C:\Windows\System32\bcmwlcpl.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"zlportio" (zlportio) - ? - E:\Download\ultrastardx-101a-full\zlportio.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{FCF608CF-5716-47C3-A1A8-991D873AF72B} "Delphi Context Menu Shell Extension Example" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - ? - C:\Program Files\Java\jre6\bin\jp2ssv.dll  (File not found)
{7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? -   (File not found | COM-object registry key not found)
{FFFFFEF0-5B30-21D4-945D-000000000000} "{FFFFFEF0-5B30-21D4-945D-000000000000}" - ? - C:\PROGRA~1\STARDO~1\SDIEInt.dll  (File found, but it contains no detailed information)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\OSA9.EXE  (Shortcut exists | File exists)
"QuickSet.lnk" - "Dell Inc" - C:\Program Files\Dell\QuickSet\quickset.exe  (Shortcut exists | File exists)
"WISO Mein Steuer-Sparbuch heute.lnk" - "Buhl Tax Service, Hannover" - E:\WISO\mshaktuell.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Broadcom Wireless Manager UI" - "Dell Inc." - C:\Windows\system32\WLTRAY.exe
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"ISUSPM Startup" - "Macrovision Corporation" - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"tvjbmonitor" - ? - C:\Program Files\MMEDIA\TV Jukebox 3.1\tvjbMonitor.exe  (File found, but it contains no detailed information)

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\Windows\System32\BCMLogon.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJ Language Monitor i320" - "CANON INC." - C:\Windows\system32\CNMLM47.DLL
"Canon BJ Language Monitor iP4300" - "CANON INC." - C:\Windows\system32\CNMLM86.DLL
"PDF reDirect Monitor" - ? - C:\Windows\system32\PDFreDirectMonNT.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\Windows\System32\WLTRYSVC.EXE  (File found, but it contains no detailed information)
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c99216d0de5fa0)" (gupdate1c99216d0de5fa0) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Roxion\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"SupportSoft Sprocket Service (dellsupportcenter)" (sprtsvc_dellsupportcenter) - ? - C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter  (File not found)
"TrueVector Internet Monitor" (vsmon) - "Check Point Software Technologies LTD" - C:\Windows\System32\ZoneLabs\vsmon.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
aswMBR:

Code:
ATTFilter
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-17 22:33:22
-----------------------------
22:33:22.814    OS Version: Windows 6.0.6002 Service Pack 2
22:33:22.814    Number of processors: 2 586 0xE0C
22:33:22.814    ComputerName: LAPTOP  UserName: ***
22:33:55.246    Initialize success
22:35:23.302    AVAST engine defs: 11081701
22:35:36.936    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:35:36.936    Disk 0 Vendor: FUJITSU_MHW2160BH 0085001C Size: 152627MB BusType: 3
22:35:38.964    Disk 0 MBR read successfully
22:35:38.964    Disk 0 MBR scan
22:35:38.980    Disk 0 unknown MBR code
22:35:38.980    Disk 0 scanning sectors +312576705
22:35:39.151    Disk 0 scanning C:\Windows\system32\drivers
22:35:56.187    Service scanning
22:35:57.825    Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32
22:35:58.371    Modules scanning
22:36:05.859    Disk 0 trace - called modules:
22:36:05.874    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys ndis.sys USBPORT.SYS usbuhci.sys tcpip.sys NETIO.SYS intelppm.sys bcmwl6.sys dxgkrnl.sys igdkmd32.sys 
22:36:05.890    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855ee838]
22:36:05.890    3 CLASSPNP.SYS[889a98b3] -> nt!IofCallDriver -> [0x84a7f918]
22:36:05.905    5 acpi.sys[882956bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85408b98]
22:36:06.451    AVAST engine scan C:\Windows
22:36:13.939    AVAST engine scan C:\Windows\system32
22:39:16.194    AVAST engine scan C:\Windows\system32\drivers
22:39:30.109    AVAST engine scan C:\Users\***
22:45:44.481    AVAST engine scan C:\ProgramData
22:47:28.986    Scan finished successfully
22:49:05.032    Disk 0 MBR has been saved successfully to "E:\***\Desktop\MBR.dat"
22:49:05.032    The log file has been saved successfully to "E:\***\Desktop\aswMBR.txt"
         

Alt 17.08.2011, 22:02   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner selber entfernt? - Standard

Bundespolizei Trojaner selber entfernt?



Zitat:
22:35:38.980 Disk 0 unknown MBR code
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.
Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Bundespolizei Trojaner selber entfernt?
0x00000001, adobe, antivir, autorun, avira, benutzerregistrierung, bho, c:\windows\system32\rundll32.exe, defender, downloader, entfernt?, firefox, format, google earth, helper, home, install.exe, logfile, msiinstaller, nicht sicher, popup, registry, rundll, scan, security, software, start menu, svchost.exe, temp, trojaner, udp, ukash bundespolizei trojaner bka popup, vista, windows, wlan



Ähnliche Themen: Bundespolizei Trojaner selber entfernt?


  1. Bundespolizei Hinweiss entfernt aber wirklich?
    Plagegeister aller Art und deren Bekämpfung - 14.05.2015 (1)
  2. GVU Trojaner, selber versucht zu löschen
    Plagegeister aller Art und deren Bekämpfung - 03.03.2013 (24)
  3. Bundespolizei Virus entfernt jetzt nurnoch datenmüll
    Plagegeister aller Art und deren Bekämpfung - 25.01.2013 (3)
  4. Bundespolizei Virus / Trojaner vom 11.8. wirklich durch Systemwiederherstellung entfernt?
    Log-Analyse und Auswertung - 22.08.2012 (19)
  5. Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbar
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (31)
  6. Bundespolizei-Trojaner Ukash richtig entfernt?
    Log-Analyse und Auswertung - 25.04.2012 (2)
  7. Bundespolizei-Trojaner entfernt(?) trotzdem Probleme auf dem Desktop/Firefox
    Plagegeister aller Art und deren Bekämpfung - 25.02.2012 (9)
  8. Vermeidlicher Virus der Bundespolizei entfernt. PC jetzt sauber?
    Log-Analyse und Auswertung - 11.12.2011 (13)
  9. BundesPolizei Trojaner zum teil entfernt?
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (5)
  10. BundesPolizei Trojaner zum teil entfernt
    Log-Analyse und Auswertung - 03.12.2011 (4)
  11. "Bundespolizei Trojaner" komplett entfernt?
    Log-Analyse und Auswertung - 01.12.2011 (36)
  12. Bundespolizei/ukash-Trojaner entfernt, mag jemand die Logs prüfen?
    Log-Analyse und Auswertung - 05.09.2011 (23)
  13. Bundespolizei/ukash Trojaner entfernt? Bitte um Logfile-Prüfung
    Log-Analyse und Auswertung - 04.09.2011 (26)
  14. Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?
    Log-Analyse und Auswertung - 28.08.2011 (43)
  15. Habe den Virus mit der Bundespolizei erfolgreich entfernt..... Aber bin ich sicher?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  16. Bundespolizei-Virus erfolgreich entfernt
    Plagegeister aller Art und deren Bekämpfung - 07.08.2011 (2)
  17. Trojaner selber schreiben
    Mülltonne - 08.11.2009 (2)

Zum Thema Bundespolizei Trojaner selber entfernt? - Auch ich hatte plötzlich während des Surfens ein Popup der "Bundespolizei". Ich habe zunächst selbständig über ein zweites Benutzerkonto den fehlerhaften Registry Schlüssel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell der auf die Datei C:\Users\***\AppData\Local\Temp\0.10280323110239376.exe - Bundespolizei Trojaner selber entfernt?...
Archiv
Du betrachtest: Bundespolizei Trojaner selber entfernt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.