Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 13.08.2011, 10:20   #1
mattan75
 
Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? - Standard

Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?



Hallo zusammen,

auch bei mir hat der Bundespolizei Trojaner zugeschlagen. Konnte mit Taskmanager einen Win7 Neustart im abgesicherten Modus erzwingen und mit Malwarebytes entfernen. Logs im Anhang.

OTL und GMER habe ich ausgeführt, Logs siehe unten. Leider hat OTL mir trotz mehrmaligem Versuch keine Extra.txt erstellt - mach ich etwas falsch?

Wäre sehr dankbar, falls mir jemand von euch helfen könnte, mein System auf weitere bestehende Infizierung zu prüfen - oder ist wirklich bereits alles sauber?


Vielen Dank im Voraus für eure Hilfe!!!

Sämtliche Malwarebytes Logs, die ich bestitze befinden sich im Anhang.

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 13.08.2011 09:44:05 - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\*******\Desktop\Systembereinigung
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890,41 Gb Total Space | 778,31 Gb Free Space | 87,41% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 29,12 Gb Free Space | 72,81% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOP | User Name: ******* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.06.28 19:58:46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.28 09:59:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2011.04.27 18:01:13 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.22 14:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.04.22 09:24:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Desktop\Systembereinigung\OTL.exe
PRC - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.06 17:17:27 | 000,234,784 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPrint\airprint.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.14 13:37:58 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.04.01 23:57:15 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.08 15:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) -- C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe
PRC - [2009.12.09 19:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
PRC - [2009.07.01 19:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009.07.01 19:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.22 09:24:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Desktop\Systembereinigung\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009.07.01 19:03:26 | 000,226,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.28 19:58:46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.28 13:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.05.26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.04.27 18:01:13 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.02.06 17:17:27 | 000,234,784 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\AirPrint\Airprint.exe -- (AirPrint)
SRV - [2010.01.08 15:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) [Auto | Running] -- C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe -- (RemoteKeySrv)
SRV - [2009.12.09 19:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.28 19:58:46 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 19:58:46 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.04.19 02:00:29 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011.04.19 02:00:28 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011.03.14 17:15:58 | 001,115,240 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010.12.04 12:33:03 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.01 18:20:05 | 000,013,824 | ---- | M] (LoteSoft Co.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\splitcam.sys -- (SPLITCAM)
DRV - [2010.03.29 20:20:26 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.01.07 10:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.12.22 14:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2009.12.03 12:26:22 | 009,941,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.10.29 12:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\hidkmdf.sys -- (hidkmdf)
DRV - [2009.10.29 12:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\NW1950.sys -- (NW1950)
DRV - [2009.10.13 14:03:28 | 000,067,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009.07.01 13:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009.05.13 13:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 13:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10hid.sys -- (X10Hid)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2005.12.08 15:33:40 | 000,004,096 | ---- | M] (Wistron) [Kernel | On_Demand | Running] -- C:\Program Files\RemoteKeySrv\GENPORT.sys -- (genport)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://webmail.*******.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - prefs.js..extensions.enabledItems: {338B4DFE-2E2C-4338-9E41-E176D497299E}:1.0.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.12 23:33:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.12 23:33:54 | 000,000,000 | ---D | M]
 
[2010.03.31 16:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Extensions
[2010.03.31 16:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.08.05 22:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions
[2010.04.01 18:19:15 | 000,000,000 | ---D | M] (SplitCam Toolbar) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions\{338B4DFE-2E2C-4338-9E41-E176D497299E}
[2011.07.16 19:41:56 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2011.08.01 21:36:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.16 19:19:04 | 000,002,101 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\lmsewdbk.default\searchplugins\googlede.xml
[2011.06.23 12:41:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.07.16 19:41:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.07.16 19:41:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.07.16 19:41:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.07.16 19:41:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.07.16 19:41:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.17 12:51:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\*******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LMSEWDBK.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\*******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LMSEWDBK.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2011.06.21 20:14:31 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011.07.17 12:51:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.22 21:23:29 | 000,004,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.22 21:23:29 | 000,004,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011.03.22 21:23:30 | 000,004,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.22 21:23:30 | 000,008,192 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.22 21:23:30 | 000,004,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.22 21:23:30 | 000,004,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.26 21:22:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\SplitCam Toolbar\tbcore3.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\ccleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.12 23:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\QuickTime
[2011.08.12 23:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.07.27 18:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011.07.27 18:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Yahoo! Messenger
[2011.07.25 21:33:51 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Apple Computer
[2011.07.25 21:33:51 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Local\Apple Computer
[2011.07.25 21:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\iTunes
[2011.07.25 21:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011.07.25 21:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.07.25 21:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.07.25 20:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.07.24 23:16:08 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\VLC
[2011.07.24 15:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Google Earth
[2011.07.22 20:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011.07.22 20:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011.07.17 12:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2011.07.17 12:25:20 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Sasa
[2011.07.17 12:25:20 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Gyyqo
[2011.07.17 09:24:52 | 000,000,000 | ---D | C] -- C:\AULOGS
[2011.07.16 19:31:13 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011.07.16 19:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.13 09:41:51 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.13 09:41:45 | 000,678,404 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_13_09_41_45_00004816.dmp
[2011.08.13 09:41:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.13 09:41:42 | 2414,432,256 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.13 09:06:57 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.13 09:06:57 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.13 08:59:33 | 000,672,591 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_13_08_59_33_000045c6.dmp
[2011.08.13 08:58:32 | 000,000,020 | ---- | M] () -- C:\Users\*******\defogger_reenable
[2011.08.13 08:55:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.13 08:51:38 | 000,678,312 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_13_08_51_38_000052d0.dmp
[2011.08.12 23:56:03 | 000,673,046 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_12_23_56_03_00005abc.dmp
[2011.08.12 23:51:15 | 000,670,709 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_12_23_51_15_00006a56.dmp
[2011.08.12 23:48:09 | 000,679,345 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_12_23_48_09_00006a75.dmp
[2011.08.12 23:33:41 | 000,001,779 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.08.12 23:22:03 | 000,677,756 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_12_23_22_02_00009a99.dmp
[2011.08.11 22:36:59 | 000,655,284 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.11 22:36:59 | 000,616,866 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.11 22:36:59 | 000,129,824 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.11 22:36:59 | 000,106,048 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.11 22:22:36 | 000,678,388 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_11_22_22_36_0000a42a.dmp
[2011.08.11 19:52:51 | 000,670,848 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_11_19_52_51_000052ff.dmp
[2011.08.10 21:41:35 | 000,671,050 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_10_21_41_35_0000694c.dmp
[2011.08.10 20:25:16 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.10 19:27:34 | 000,675,328 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_10_19_27_34_000052d0.dmp
[2011.08.09 20:06:11 | 000,676,814 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_09_20_06_11_00005530.dmp
[2011.08.08 18:32:00 | 000,669,928 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_08_18_32_00_00006a65.dmp
[2011.08.07 09:08:49 | 000,679,827 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_07_09_08_49_000051e6.dmp
[2011.08.06 15:11:44 | 000,672,947 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_06_15_11_44_0000557e.dmp
[2011.08.05 17:47:02 | 000,672,604 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_05_17_47_02_00005169.dmp
[2011.08.04 22:22:49 | 000,675,979 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_04_22_22_49_000053aa.dmp
[2011.08.03 19:01:30 | 000,680,193 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_03_19_01_30_00005263.dmp
[2011.08.02 22:12:16 | 000,671,730 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_02_22_12_15_000054e2.dmp
[2011.08.01 21:35:13 | 000,682,147 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_01_21_35_13_000053e9.dmp
[2011.08.01 19:59:14 | 000,671,965 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_01_19_59_14_00005263.dmp
[2011.07.31 11:36:18 | 000,682,378 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_31_11_36_18_0000563a.dmp
[2011.07.30 11:15:48 | 000,680,304 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_30_11_15_48_00005234.dmp
[2011.07.29 20:10:13 | 000,673,301 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_29_20_10_12_00005494.dmp
[2011.07.28 20:39:26 | 000,673,562 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_28_20_39_26_0000531e.dmp
[2011.07.27 21:10:30 | 000,672,909 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_27_21_10_30_0000558e.dmp
[2011.07.27 17:37:42 | 000,673,967 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_27_17_37_42_0000555f.dmp
[2011.07.26 20:45:11 | 000,677,017 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_26_20_45_10_000058b9.dmp
[2011.07.26 18:23:42 | 000,671,601 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_26_18_23_42_000063ff.dmp
[2011.07.25 21:42:32 | 000,169,048 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011.07.25 21:33:47 | 000,001,717 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.07.25 21:29:07 | 000,678,790 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_25_21_29_06_0000643e.dmp
[2011.07.25 21:01:39 | 000,673,612 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_25_21_01_39_0000618f.dmp
[2011.07.25 20:46:29 | 000,675,776 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_25_20_46_29_00006e9a.dmp
[2011.07.25 19:54:18 | 000,675,876 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_25_19_54_18_00005772.dmp
[2011.07.24 22:42:38 | 000,672,705 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_24_22_42_38_000071b5.dmp
[2011.07.24 15:51:37 | 000,002,134 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.07.24 10:35:58 | 000,674,540 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_24_10_35_58_00005446.dmp
[2011.07.23 13:02:46 | 000,678,464 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_23_13_02_46_00005f2f.dmp
[2011.07.23 09:38:42 | 000,682,507 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_23_09_38_42_00006640.dmp
[2011.07.22 20:23:26 | 000,674,625 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_22_20_23_25_0000a4d6.dmp
[2011.07.22 20:23:15 | 000,471,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.22 19:58:50 | 000,677,347 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_22_19_58_50_000056e5.dmp
[2011.07.21 18:10:19 | 000,674,093 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_21_18_10_19_000056f5.dmp
[2011.07.19 07:54:18 | 000,682,673 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_19_07_54_18_00005456.dmp
[2011.07.18 21:41:14 | 000,675,385 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_18_21_41_14_00005d8a.dmp
[2011.07.18 20:58:26 | 000,682,116 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_18_20_58_26_00005965.dmp
[2011.07.18 18:27:07 | 000,673,122 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_18_18_27_07_00005704.dmp
[2011.07.17 18:56:42 | 000,679,637 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_17_18_56_42_00009c2f.dmp
[2011.07.17 09:42:54 | 000,676,376 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_17_09_42_54_00009bf0.dmp
[2011.07.17 09:38:30 | 000,672,769 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_17_09_38_30_0000538b.dmp
[2011.07.17 09:31:14 | 000,672,851 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_17_09_31_14_00005263.dmp
[2011.07.17 09:08:29 | 000,672,211 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_17_09_08_28_000060a5.dmp
[2011.07.17 00:03:35 | 000,676,399 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_17_00_03_35_00006ef7.dmp
[2011.07.16 23:55:39 | 000,679,556 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_16_23_55_39_00007712.dmp
[2011.07.16 23:50:45 | 000,671,711 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_16_23_50_45_000072de.dmp
[2011.07.16 23:29:20 | 000,675,763 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_16_23_29_20_0000533d.dmp
[2011.07.16 19:40:15 | 000,674,679 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_16_19_40_14_00005188.dmp
[2011.07.16 19:11:40 | 000,677,919 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_16_19_11_40_0000952d.dmp
[2011.07.16 18:56:18 | 000,673,634 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_16_18_56_17_0000a968.dmp
[2011.07.16 18:45:32 | 000,674,487 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_16_18_45_32_00007d88.dmp
[2011.07.14 19:03:38 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011.07.14 19:03:38 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
 
========== Files Created - No Company Name ==========
 
[2011.08.13 09:41:45 | 000,678,404 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_13_09_41_45_00004816.dmp
[2011.08.13 08:59:33 | 000,672,591 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_13_08_59_33_000045c6.dmp
[2011.08.13 08:58:12 | 000,000,020 | ---- | C] () -- C:\Users\*******\defogger_reenable
[2011.08.13 08:51:38 | 000,678,312 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_13_08_51_38_000052d0.dmp
[2011.08.12 23:56:03 | 000,673,046 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_12_23_56_03_00005abc.dmp
[2011.08.12 23:51:15 | 000,670,709 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_12_23_51_15_00006a56.dmp
[2011.08.12 23:48:09 | 000,679,345 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_12_23_48_09_00006a75.dmp
[2011.08.12 23:33:41 | 000,001,779 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.08.12 23:22:02 | 000,677,756 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_12_23_22_02_00009a99.dmp
[2011.08.11 22:22:36 | 000,678,388 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_11_22_22_36_0000a42a.dmp
[2011.08.11 19:52:51 | 000,670,848 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_11_19_52_51_000052ff.dmp
[2011.08.10 21:41:35 | 000,671,050 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_10_21_41_35_0000694c.dmp
[2011.08.10 19:27:34 | 000,675,328 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_10_19_27_34_000052d0.dmp
[2011.08.09 20:06:11 | 000,676,814 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_09_20_06_11_00005530.dmp
[2011.08.08 18:32:00 | 000,669,928 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_08_18_32_00_00006a65.dmp
[2011.08.07 09:08:49 | 000,679,827 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_07_09_08_49_000051e6.dmp
[2011.08.06 15:11:44 | 000,672,947 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_06_15_11_44_0000557e.dmp
[2011.08.05 17:47:02 | 000,672,604 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_05_17_47_02_00005169.dmp
[2011.08.04 22:22:49 | 000,675,979 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_04_22_22_49_000053aa.dmp
[2011.08.03 19:01:30 | 000,680,193 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_03_19_01_30_00005263.dmp
[2011.08.02 22:12:15 | 000,671,730 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_02_22_12_15_000054e2.dmp
[2011.08.01 21:35:13 | 000,682,147 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_01_21_35_13_000053e9.dmp
[2011.08.01 19:59:14 | 000,671,965 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_01_19_59_14_00005263.dmp
[2011.07.31 11:36:18 | 000,682,378 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_31_11_36_18_0000563a.dmp
[2011.07.30 11:15:48 | 000,680,304 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_30_11_15_48_00005234.dmp
[2011.07.29 20:10:12 | 000,673,301 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_29_20_10_12_00005494.dmp
[2011.07.28 20:39:26 | 000,673,562 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_28_20_39_26_0000531e.dmp
[2011.07.27 21:10:30 | 000,672,909 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_27_21_10_30_0000558e.dmp
[2011.07.27 17:37:42 | 000,673,967 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_27_17_37_42_0000555f.dmp
[2011.07.26 20:45:10 | 000,677,017 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_26_20_45_10_000058b9.dmp
[2011.07.26 18:23:42 | 000,671,601 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_26_18_23_42_000063ff.dmp
[2011.07.25 21:42:32 | 000,169,048 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.07.25 21:33:47 | 000,001,717 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.07.25 21:29:06 | 000,678,790 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_25_21_29_06_0000643e.dmp
[2011.07.25 21:01:39 | 000,673,612 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_25_21_01_39_0000618f.dmp
[2011.07.25 20:50:39 | 000,001,552 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\iTunes
[2011.07.25 20:46:29 | 000,675,776 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_25_20_46_29_00006e9a.dmp
[2011.07.25 19:54:18 | 000,675,876 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_25_19_54_18_00005772.dmp
[2011.07.24 22:42:38 | 000,672,705 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_24_22_42_38_000071b5.dmp
[2011.07.24 15:51:37 | 000,002,134 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.07.24 10:35:58 | 000,674,540 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_24_10_35_58_00005446.dmp
[2011.07.23 13:02:46 | 000,678,464 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_23_13_02_46_00005f2f.dmp
[2011.07.23 09:38:42 | 000,682,507 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_23_09_38_42_00006640.dmp
[2011.07.22 20:23:25 | 000,674,625 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_22_20_23_25_0000a4d6.dmp
[2011.07.22 19:58:50 | 000,677,347 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_22_19_58_50_000056e5.dmp
[2011.07.21 18:10:19 | 000,674,093 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_21_18_10_19_000056f5.dmp
[2011.07.19 07:54:18 | 000,682,673 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_19_07_54_18_00005456.dmp
[2011.07.18 21:41:14 | 000,675,385 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_18_21_41_14_00005d8a.dmp
[2011.07.18 20:58:26 | 000,682,116 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_18_20_58_26_00005965.dmp
[2011.07.18 18:27:07 | 000,673,122 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_18_18_27_07_00005704.dmp
[2011.07.17 18:56:42 | 000,679,637 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_17_18_56_42_00009c2f.dmp
[2011.07.17 12:08:39 | 000,001,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011.07.17 12:08:39 | 000,001,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2011.07.17 12:08:39 | 000,001,838 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011.07.17 09:42:54 | 000,676,376 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_17_09_42_54_00009bf0.dmp
[2011.07.17 09:38:30 | 000,672,769 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_17_09_38_30_0000538b.dmp
[2011.07.17 09:31:14 | 000,672,851 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_17_09_31_14_00005263.dmp
[2011.07.17 09:08:28 | 000,672,211 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_17_09_08_28_000060a5.dmp
[2011.07.17 00:03:35 | 000,676,399 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_17_00_03_35_00006ef7.dmp
[2011.07.16 23:55:39 | 000,679,556 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_16_23_55_39_00007712.dmp
[2011.07.16 23:50:45 | 000,671,711 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_16_23_50_45_000072de.dmp
[2011.07.16 23:29:20 | 000,675,763 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_16_23_29_20_0000533d.dmp
[2011.07.16 19:40:14 | 000,674,679 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_16_19_40_14_00005188.dmp
[2011.07.16 19:11:40 | 000,677,919 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_16_19_11_40_0000952d.dmp
[2011.07.16 18:56:17 | 000,673,634 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_16_18_56_17_0000a968.dmp
[2011.07.16 18:45:32 | 000,674,487 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_16_18_45_32_00007d88.dmp
[2011.04.21 22:53:54 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.04.21 22:53:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.04.21 22:53:54 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.04.21 22:53:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.04.21 22:53:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.04.21 22:38:47 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.04.21 20:28:55 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.21 20:28:55 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.05 22:10:18 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ4809N.DAT
[2010.12.05 11:27:04 | 025,989,120 | ---- | C] () -- C:\Users\*******\AppData\Local\AuGTU.mp4
[2010.10.17 13:31:26 | 065,169,605 | ---- | C] () -- C:\Program Files\altu.flv
[2010.05.15 18:35:36 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2010.05.13 18:04:27 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2010.04.18 10:44:54 | 000,003,584 | ---- | C] () -- C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.01 18:34:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.03.30 01:46:29 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll
[2010.03.30 00:15:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.03.29 21:27:29 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.03.03 02:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010.03.03 02:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.03.03 02:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2010.03.03 02:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010.03.03 02:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2010.03.03 02:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010.03.03 02:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010.03.03 02:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010.03.03 02:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010.03.03 02:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010.03.03 02:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2010.03.03 02:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010.01.10 07:44:49 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.01.08 10:39:19 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010.01.08 10:05:02 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2010.01.08 10:05:02 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2010.01.08 09:57:53 | 000,013,224 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2010.01.07 10:22:31 | 000,007,648 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2010.01.07 10:22:31 | 000,000,480 | ---- | C] () -- C:\Windows\11317231_001416BE_ca.bin
[2010.01.07 10:22:31 | 000,000,480 | ---- | C] () -- C:\Windows\11317231_001316BE_ca.bin
[2010.01.07 10:22:31 | 000,000,480 | ---- | C] () -- C:\Windows\11317231_001216BE_ca.bin
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.12.03 00:50:04 | 000,041,808 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2009.12.03 00:50:00 | 000,330,344 | ---- | C] () -- C:\Windows\System32\easyUpdatusAPIU.dll
[2009.11.14 20:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009.11.14 20:33:40 | 000,357,888 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2009.11.14 20:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009.11.14 20:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009.11.14 20:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009.11.14 20:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009.11.14 20:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009.11.14 20:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009.11.14 20:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009.11.14 20:11:36 | 000,136,704 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2009.11.14 20:11:36 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2009.11.14 20:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009.11.14 20:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2009.10.29 12:20:42 | 008,824,824 | ---- | C] () -- C:\Windows\System32\drivers\NWTransLib.sys
[2009.10.29 12:20:38 | 000,022,392 | ---- | C] () -- C:\Windows\System32\drivers\NW1950.sys
[2009.08.11 23:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 10:47:43 | 000,655,284 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,129,824 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,471,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,866 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,048 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.06.07 18:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.01.11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.06.04 06:53:14 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2007.10.13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2006.11.02 18:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\System32\sherlock2.exe
[2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
 
========== LOP Check ==========
 
[2010.10.31 15:57:43 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\calibre
[2011.04.05 22:20:39 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Canon
[2010.04.12 18:39:24 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\CD-LabelPrint
[2011.07.10 23:34:48 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DAEMON Tools Lite
[2011.06.12 18:08:09 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Dropbox
[2011.01.24 00:24:04 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\GrabPro
[2011.07.18 20:59:34 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Gyyqo
[2010.10.02 17:07:58 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\ICQ
[2011.01.24 00:36:37 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Orbit
[2011.07.16 19:41:56 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\PowerCinema
[2011.01.23 20:00:33 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\ProgSense
[2011.07.17 12:45:09 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Sasa
[2010.03.31 16:53:54 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\TomTom
[2010.09.19 17:47:05 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\TrueCrypt
[2011.06.28 21:38:31 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.06.09 22:22:32 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.07.17 09:25:08 | 000,000,000 | ---D | M] -- C:\AULOGS
[2010.03.29 17:21:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.01.23 20:00:33 | 000,000,000 | ---D | M] -- C:\Downloads
[2010.01.08 09:32:52 | 000,000,000 | ---D | M] -- C:\Intel
[2010.03.29 21:11:59 | 000,000,000 | R--D | M] -- C:\MSOCache
[2011.08.12 23:33:29 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.07.27 18:26:49 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.03.29 17:21:22 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.04.26 21:24:18 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.03.29 17:21:22 | 000,000,000 | ---D | M] -- C:\Recovery
[2011.08.11 22:34:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.16 19:42:38 | 000,000,000 | R--D | M] -- C:\Users
[2011.08.13 09:44:14 | 000,000,000 | ---D | M] -- C:\Windows
[2011.04.25 17:05:32 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-11 20:38:55
 
<           >

< End of report >
         
GMER.txt:
Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-08-13 09:36:22
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.80.0
Running: g2m3e4r.exe; Driver: C:\Users\*******\AppData\Local\Temp\fwldapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13D1                                                                         83293349 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                832CCD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE            peauth.sys                                                                                            9E36DBEC 111 Bytes  JMP 4666CA22 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\BTHUSB \Device\00000090                                                                       bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000090                                                                       bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000092                                                                       bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000092                                                                       bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\ACPI_HAL \Device\0000004d                                                                     halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a14f3d                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a15499                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6033cb2                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                   0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                   0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                0xA2 0xC4 0x49 0xF4 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a14f3d (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a15499 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6033cb2 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                       0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                       0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                    0xA2 0xC4 0x49 0xF4 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                 
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSAFEERASE04.00.00.01MSWINDOWS                 0DCA2D38AAC82F9F01ADBA02A26CA80B243744DB67F39D5C2552B2957B163C93D291408F77FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794BA7FD869164D67944DC90C7E176435D7B5884736BF660771E6ECE2E676DBF6615D3516A2E81587361B530287B0EB3174CB9DB73ED93807A228050085B34FADDA386087557B1727F5E048C48C4A2AE8BEBB7DBCAA5C0CC63944E896A62765277959A4F545BBDB918A0513B00C7CF38165998BCBBF9E7F12F39E17CD6F8426752C8EB65F18DA74BD3462423ACF947E751A6DCFEB032B9188968BADE34731F97A681AEFD437BCD17239C889E85F95E51293B4763940BF271BE753732A5ACA2D6EA6B04FFE4E79CACDE3F9BFD78934A9788DDDCEE506508892363450841920F25DE37DF596D05E194080AEDF3561D9AE1F464ECC34A801E3884D5ED2EE3735DF27211EA9E9716BDB0DE01008C5BCA33ACF005B097D3FAE46EB05F6A974AD416D7EE124D45B2B5594CF5C3EFB61B46379A802D4BEADA3E7A70032972C37382FF86CAE1706E1B904AAF2C9CCA170A820791B16F74EC3F46C5EDA30CCD06C569EC34C95EFED86209568380AC085F4B990306D8BF93CD698B526E7E097365CCB6474CDA61DE16921597BB47B1754024F2474B7B5022E0

---- Files - GMER 1.0.15 ----

File            C:\Windows\assembly\NativeImages_v2.0.50727_32\index677.dat                                           0 bytes
File            C:\Windows\assembly\NativeImages_v2.0.50727_32\index678.dat                                           0 bytes
File            C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4C8A.tmp                                       0 bytes

---- EOF - GMER 1.0.15 ----
         
Angehängte Dateien
Dateityp: zip Logs.zip (11,0 KB, 88x aufgerufen)

Alt 15.08.2011, 20:18   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? - Standard

Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 15.08.2011, 22:47   #3
mattan75
 
Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? - Standard

Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?



Hi Cosinus und danke, dass du dich meiner Sache annimmst!

Hatte bereits in anderen Beiträgen verfolgt, dass du ESET zusätzlich ausführen lässt, deshalb habe ich das gestern bereits getan. Hier das Log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=e6ce57954b9ace438df795995c2c5a66
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-14 01:41:55
# local_time=2011-08-14 03:41:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 237851 49863700 64795 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 2485135 64954435 0 0
# compatibility_mode=8192 67108863 100 0 261 261 0 0
# scanned=161210
# found=1
# cleaned=0
# scan_time=6071
C:\Users\*******\Downloads\cole2k.media.-.codec.pack.v7.9.1.-advanced-.setup.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
         
Plus ein zusätzlicher Vollscan mit Malwarebytes (da ich zunächst nur einen Quickscan durchgeführt hatte):

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7466

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

14.08.2011 20:47:12
mbam-log-2011-08-14 (20-47-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 327374
Laufzeit: 44 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
__________________

Alt 16.08.2011, 10:15   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? - Standard

Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.08.2011, 19:40   #5
mattan75
 
Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? - Standard

Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?



Code:
ATTFilter
2011/08/16 19:39:22.0402 6028	TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/16 19:39:22.0625 6028	================================================================================
2011/08/16 19:39:22.0626 6028	SystemInfo:
2011/08/16 19:39:22.0626 6028	
2011/08/16 19:39:22.0626 6028	OS Version: 6.1.7601 ServicePack: 1.0
2011/08/16 19:39:22.0626 6028	Product type: Workstation
2011/08/16 19:39:22.0626 6028	ComputerName: DESKTOP
2011/08/16 19:39:22.0626 6028	UserName: *******
2011/08/16 19:39:22.0626 6028	Windows directory: C:\Windows
2011/08/16 19:39:22.0626 6028	System windows directory: C:\Windows
2011/08/16 19:39:22.0626 6028	Processor architecture: Intel x86
2011/08/16 19:39:22.0626 6028	Number of processors: 2
2011/08/16 19:39:22.0626 6028	Page size: 0x1000
2011/08/16 19:39:22.0626 6028	Boot type: Normal boot
2011/08/16 19:39:22.0626 6028	================================================================================
2011/08/16 19:39:23.0031 6028	Initialize success
2011/08/16 19:39:46.0634 5652	================================================================================
2011/08/16 19:39:46.0634 5652	Scan started
2011/08/16 19:39:46.0634 5652	Mode: Manual; 
2011/08/16 19:39:46.0634 5652	================================================================================
2011/08/16 19:39:46.0991 5652	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/08/16 19:39:47.0039 5652	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/08/16 19:39:47.0077 5652	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/08/16 19:39:47.0125 5652	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/16 19:39:47.0152 5652	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/16 19:39:47.0181 5652	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/16 19:39:47.0235 5652	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/08/16 19:39:47.0264 5652	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/08/16 19:39:47.0292 5652	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/08/16 19:39:47.0345 5652	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/08/16 19:39:47.0361 5652	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/08/16 19:39:47.0381 5652	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/08/16 19:39:47.0403 5652	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/16 19:39:47.0423 5652	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/16 19:39:47.0444 5652	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/08/16 19:39:47.0507 5652	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/16 19:39:47.0528 5652	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/08/16 19:39:47.0609 5652	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/08/16 19:39:47.0649 5652	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/08/16 19:39:47.0669 5652	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/16 19:39:47.0721 5652	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/16 19:39:47.0744 5652	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/08/16 19:39:47.0784 5652	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/08/16 19:39:47.0869 5652	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/08/16 19:39:47.0927 5652	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/08/16 19:39:47.0949 5652	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/16 19:39:48.0022 5652	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/08/16 19:39:48.0054 5652	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/16 19:39:48.0129 5652	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/16 19:39:48.0152 5652	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/16 19:39:48.0172 5652	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/16 19:39:48.0201 5652	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/08/16 19:39:48.0220 5652	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/16 19:39:48.0263 5652	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/16 19:39:48.0296 5652	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/16 19:39:48.0336 5652	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
2011/08/16 19:39:48.0353 5652	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/16 19:39:48.0374 5652	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/16 19:39:48.0414 5652	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
2011/08/16 19:39:48.0452 5652	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
2011/08/16 19:39:48.0473 5652	btusbflt        (92c5b845803f3662637eb691ac0b250f) C:\Windows\system32\drivers\btusbflt.sys
2011/08/16 19:39:48.0496 5652	btwaudio        (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
2011/08/16 19:39:48.0532 5652	btwavdt         (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys
2011/08/16 19:39:48.0560 5652	btwl2cap        (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/08/16 19:39:48.0583 5652	btwrchid        (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/08/16 19:39:48.0707 5652	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/16 19:39:48.0749 5652	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/08/16 19:39:48.0775 5652	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/16 19:39:48.0819 5652	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/08/16 19:39:48.0867 5652	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/16 19:39:48.0888 5652	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/08/16 19:39:48.0922 5652	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/08/16 19:39:48.0942 5652	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/16 19:39:48.0977 5652	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/16 19:39:49.0002 5652	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/16 19:39:49.0065 5652	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/08/16 19:39:49.0098 5652	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/08/16 19:39:49.0118 5652	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/08/16 19:39:49.0177 5652	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/08/16 19:39:49.0220 5652	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/16 19:39:49.0353 5652	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/08/16 19:39:49.0469 5652	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/16 19:39:49.0505 5652	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/08/16 19:39:49.0551 5652	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/08/16 19:39:49.0583 5652	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/08/16 19:39:49.0606 5652	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/16 19:39:49.0646 5652	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/08/16 19:39:49.0675 5652	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/08/16 19:39:49.0709 5652	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/16 19:39:49.0741 5652	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/08/16 19:39:49.0790 5652	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/08/16 19:39:49.0811 5652	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/16 19:39:49.0857 5652	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/16 19:39:49.0874 5652	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/16 19:39:49.0938 5652	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/16 19:39:49.0992 5652	genport         (c1049f3d658f33d0d64cc48b0dcccf08) C:\Program Files\RemoteKeySrv\GenPort.sys
2011/08/16 19:39:50.0040 5652	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/16 19:39:50.0079 5652	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/08/16 19:39:50.0116 5652	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/16 19:39:50.0135 5652	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/16 19:39:50.0161 5652	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/16 19:39:50.0181 5652	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/16 19:39:50.0227 5652	hidkmdf         (1fab2540c1bd6da847ccd292f4eee48a) C:\Windows\system32\DRIVERS\hidkmdf.sys
2011/08/16 19:39:50.0275 5652	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/08/16 19:39:50.0314 5652	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/16 19:39:50.0367 5652	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/08/16 19:39:50.0393 5652	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/16 19:39:50.0420 5652	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/08/16 19:39:50.0451 5652	iaStor          (5a6c5876fb84418d08d67b8caed5efcf) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/16 19:39:50.0489 5652	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/08/16 19:39:50.0514 5652	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/16 19:39:50.0627 5652	IntcAzAudAddService (ba9a1f572d1a91559e6e76504cfd381c) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/16 19:39:50.0667 5652	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/08/16 19:39:50.0711 5652	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/16 19:39:50.0747 5652	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/16 19:39:50.0771 5652	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/16 19:39:50.0802 5652	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/08/16 19:39:50.0850 5652	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/08/16 19:39:50.0877 5652	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/08/16 19:39:50.0902 5652	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/08/16 19:39:50.0920 5652	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/08/16 19:39:50.0945 5652	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/08/16 19:39:50.0986 5652	KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/16 19:39:51.0004 5652	KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/16 19:39:51.0134 5652	Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/08/16 19:39:51.0166 5652	Lbd             (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
2011/08/16 19:39:51.0199 5652	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/16 19:39:51.0254 5652	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/16 19:39:51.0284 5652	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/16 19:39:51.0301 5652	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/16 19:39:51.0323 5652	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/16 19:39:51.0384 5652	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/08/16 19:39:51.0421 5652	MBAMProtector   (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/08/16 19:39:51.0453 5652	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/16 19:39:51.0476 5652	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/16 19:39:51.0507 5652	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/08/16 19:39:51.0533 5652	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/16 19:39:51.0554 5652	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/08/16 19:39:51.0603 5652	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/16 19:39:51.0630 5652	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/08/16 19:39:51.0659 5652	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/08/16 19:39:51.0681 5652	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/16 19:39:51.0731 5652	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/08/16 19:39:51.0766 5652	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/16 19:39:51.0817 5652	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/16 19:39:51.0836 5652	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/16 19:39:51.0859 5652	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/08/16 19:39:51.0894 5652	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/08/16 19:39:51.0936 5652	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/08/16 19:39:51.0971 5652	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/16 19:39:51.0987 5652	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/08/16 19:39:52.0034 5652	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/16 19:39:52.0050 5652	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/16 19:39:52.0071 5652	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/08/16 19:39:52.0104 5652	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/08/16 19:39:52.0135 5652	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/08/16 19:39:52.0152 5652	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/08/16 19:39:52.0192 5652	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/16 19:39:52.0225 5652	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/08/16 19:39:52.0261 5652	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/16 19:39:52.0321 5652	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/08/16 19:39:52.0346 5652	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/16 19:39:52.0364 5652	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/16 19:39:52.0405 5652	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/16 19:39:52.0450 5652	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/16 19:39:52.0470 5652	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/08/16 19:39:52.0506 5652	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/16 19:39:52.0548 5652	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/16 19:39:52.0639 5652	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/16 19:39:52.0671 5652	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/08/16 19:39:52.0708 5652	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/16 19:39:52.0765 5652	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/08/16 19:39:52.0791 5652	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/08/16 19:39:52.0834 5652	NVHDA           (eff6795cdacb959d1ab89eb9b9c29b57) C:\Windows\system32\drivers\nvhda32v.sys
2011/08/16 19:39:53.0035 5652	nvlddmkm        (50c1b2dd2a5b3ed82c6e4683c4ad58b8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/16 19:39:53.0216 5652	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/08/16 19:39:53.0252 5652	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/08/16 19:39:53.0286 5652	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/08/16 19:39:53.0306 5652	NW1950          (f1a718c6c6cd3edf157fa3d459adfef7) C:\Windows\system32\DRIVERS\NW1950.sys
2011/08/16 19:39:53.0355 5652	NxpCap          (953e08d5ca0b02697a8145aaa0ca28be) C:\Windows\system32\DRIVERS\NxpCap.sys
2011/08/16 19:39:53.0401 5652	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/08/16 19:39:53.0479 5652	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/08/16 19:39:53.0508 5652	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/08/16 19:39:53.0533 5652	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/16 19:39:53.0568 5652	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/08/16 19:39:53.0597 5652	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/08/16 19:39:53.0615 5652	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/16 19:39:53.0645 5652	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/08/16 19:39:53.0681 5652	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/08/16 19:39:53.0777 5652	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/16 19:39:53.0798 5652	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/08/16 19:39:53.0836 5652	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/16 19:39:53.0884 5652	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/16 19:39:53.0914 5652	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/16 19:39:53.0939 5652	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/16 19:39:53.0971 5652	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/16 19:39:53.0997 5652	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/16 19:39:54.0034 5652	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/16 19:39:54.0064 5652	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/16 19:39:54.0093 5652	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/16 19:39:54.0137 5652	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/16 19:39:54.0164 5652	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/16 19:39:54.0203 5652	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/16 19:39:54.0255 5652	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/16 19:39:54.0295 5652	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/16 19:39:54.0336 5652	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/08/16 19:39:54.0374 5652	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/08/16 19:39:54.0434 5652	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/16 19:39:54.0494 5652	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/16 19:39:54.0535 5652	RSUSBSTOR       (b87f999e05dd9c0312c83a8752e8e66b) C:\Windows\System32\Drivers\RtsUStor.sys
2011/08/16 19:39:54.0573 5652	RTL8167         (e099d23ee1bbce0cf5745f811f3b1882) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/08/16 19:39:54.0626 5652	rtl8192se       (6f1b128cbe1e8d73b0a6be6537c0ecf8) C:\Windows\system32\DRIVERS\rtl8192se.sys
2011/08/16 19:39:54.0662 5652	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/08/16 19:39:54.0697 5652	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/16 19:39:54.0730 5652	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/16 19:39:54.0781 5652	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/16 19:39:54.0815 5652	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/08/16 19:39:54.0845 5652	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/16 19:39:54.0896 5652	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/08/16 19:39:54.0921 5652	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/16 19:39:54.0940 5652	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/16 19:39:54.0961 5652	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/16 19:39:54.0993 5652	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/08/16 19:39:55.0014 5652	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/16 19:39:55.0037 5652	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/16 19:39:55.0076 5652	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/08/16 19:39:55.0121 5652	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/08/16 19:39:55.0143 5652	SPLITCAM        (c7c361a04742ab187e10583bbf4fa975) C:\Windows\system32\DRIVERS\splitcam.sys
2011/08/16 19:39:55.0222 5652	sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/08/16 19:39:55.0354 5652	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/08/16 19:39:55.0395 5652	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/16 19:39:55.0436 5652	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/16 19:39:55.0492 5652	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/08/16 19:39:55.0517 5652	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/16 19:39:55.0549 5652	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/08/16 19:39:55.0637 5652	Tcpip           (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
2011/08/16 19:39:55.0677 5652	TCPIP6          (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/16 19:39:55.0728 5652	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/16 19:39:55.0756 5652	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/08/16 19:39:55.0782 5652	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/08/16 19:39:55.0811 5652	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/16 19:39:55.0842 5652	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/08/16 19:39:55.0920 5652	truecrypt       (aceb4f4f83b895e15c8c1a2f55009783) C:\Windows\system32\drivers\truecrypt.sys
2011/08/16 19:39:55.0964 5652	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/16 19:39:56.0005 5652	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/16 19:39:56.0042 5652	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/16 19:39:56.0064 5652	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/16 19:39:56.0101 5652	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/16 19:39:56.0137 5652	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/16 19:39:56.0177 5652	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/08/16 19:39:56.0202 5652	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/16 19:39:56.0248 5652	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/16 19:39:56.0292 5652	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/16 19:39:56.0314 5652	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/08/16 19:39:56.0359 5652	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/16 19:39:56.0399 5652	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/16 19:39:56.0426 5652	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
2011/08/16 19:39:56.0454 5652	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/16 19:39:56.0488 5652	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/16 19:39:56.0520 5652	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/08/16 19:39:56.0546 5652	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/16 19:39:56.0570 5652	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/16 19:39:56.0607 5652	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/16 19:39:56.0639 5652	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/16 19:39:56.0656 5652	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/08/16 19:39:56.0678 5652	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/08/16 19:39:56.0702 5652	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/08/16 19:39:56.0723 5652	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/08/16 19:39:56.0757 5652	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/08/16 19:39:56.0785 5652	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/08/16 19:39:56.0813 5652	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/08/16 19:39:56.0841 5652	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/08/16 19:39:56.0861 5652	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/16 19:39:56.0889 5652	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/16 19:39:56.0925 5652	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/16 19:39:56.0961 5652	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/08/16 19:39:56.0991 5652	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/16 19:39:57.0030 5652	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/16 19:39:57.0046 5652	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/16 19:39:57.0100 5652	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/08/16 19:39:57.0139 5652	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/16 19:39:57.0201 5652	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/16 19:39:57.0273 5652	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/08/16 19:39:57.0347 5652	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/16 19:39:57.0380 5652	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/16 19:39:57.0428 5652	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/16 19:39:57.0479 5652	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/08/16 19:39:57.0533 5652	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/16 19:39:57.0582 5652	X10Hid          (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\System32\Drivers\x10hid.sys
2011/08/16 19:39:57.0615 5652	XUIF            (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\System32\Drivers\x10ufx2.sys
2011/08/16 19:39:57.0683 5652	MBR (0x1B8)     (c79b30cb8852157f6f908e4698cfe0d0) \Device\Harddisk0\DR0
2011/08/16 19:39:57.0763 5652	Boot (0x1200)   (4b3bed5cba1fbf9c0f88f5c8173e51e1) \Device\Harddisk0\DR0\Partition0
2011/08/16 19:39:57.0790 5652	Boot (0x1200)   (7f2cd5d1042bf803298035bdc681c496) \Device\Harddisk0\DR0\Partition1
2011/08/16 19:39:57.0829 5652	Boot (0x1200)   (47f4c99eb5f18ec36bebe2501645e7a3) \Device\Harddisk0\DR0\Partition2
2011/08/16 19:39:57.0835 5652	================================================================================
2011/08/16 19:39:57.0835 5652	Scan finished
2011/08/16 19:39:57.0835 5652	================================================================================
2011/08/16 19:39:57.0849 5644	Detected object count: 0
2011/08/16 19:39:57.0849 5644	Actual detected object count: 0
         


Alt 17.08.2011, 10:43   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? - Standard

Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
--> Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?

Alt 17.08.2011, 19:10   #7
mattan75
 
Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? - Standard

Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?



Erledigt:

Code:
ATTFilter
ComboFix 11-08-17.02 - ******* 17.08.2011  18:57:27.3.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3070.2049 [GMT 2:00]
ausgeführt von:: c:\users\*******\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\system32\no
c:\windows\system32\no\Lagoon.resources.dll
c:\windows\system32\SV
c:\windows\system32\SV\Lagoon.resources.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-07-17 bis 2011-08-17  ))))))))))))))))))))))))))))))
.
.
2011-08-17 17:04 . 2011-08-17 17:04	--------	d-----w-	c:\users\*******\AppData\Local\temp
2011-08-17 17:04 . 2011-08-17 17:04	--------	d-----w-	c:\windows\ServiceProfiles\NetworkService\AppData\Local\temp
2011-08-17 17:04 . 2011-08-17 17:04	--------	d-----w-	c:\users\Public\AppData\Local\temp
2011-08-17 17:04 . 2011-08-17 17:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-08-14 11:56 . 2011-08-14 11:56	--------	d-----w-	c:\program files\ESET
2011-08-11 19:03 . 2011-07-22 03:00	141104	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2011-07-27 16:26 . 2011-07-27 16:26	--------	d-----w-	c:\programdata\Yahoo! Companion
2011-07-25 19:33 . 2011-07-25 20:19	--------	d-----w-	c:\users\*******\AppData\Roaming\Apple Computer
2011-07-25 19:33 . 2011-07-25 19:33	--------	d-----w-	c:\users\*******\AppData\Local\Apple Computer
2011-07-25 19:32 . 2011-07-25 19:32	--------	d-----w-	c:\program files\Apple Software Update
2011-07-25 19:03 . 2011-07-25 19:33	--------	d-----w-	c:\program files\iPod
2011-07-25 19:03 . 2011-07-25 19:33	--------	d-----w-	c:\program files\iTunes
2011-07-25 18:05 . 2011-07-25 19:32	--------	d-----w-	c:\program files\Bonjour
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 21:48 . 2011-05-17 17:02	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-17 10:51 . 2010-09-18 15:41	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-07-12 09:20 . 2011-07-12 09:20	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20	50536	----a-w-	c:\windows\system32\jdns_sd.dll
2011-07-12 09:20 . 2011-07-12 09:20	178536	----a-w-	c:\windows\system32\dnssdX.dll
2011-07-06 17:52 . 2011-04-10 10:48	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-04-10 10:48	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-07-05 16:37 . 2011-07-05 16:37	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-07-05 16:37 . 2011-07-05 16:37	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-06-30 19:55 . 2011-04-21 18:28	101720	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-06-28 17:58 . 2010-03-29 17:18	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-06-28 17:58 . 2010-03-29 17:18	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-06-15 15:50 . 2010-03-29 23:46	237568	----a-w-	c:\windows\system32\rmc_rtspdl.dll
2011-06-15 15:50 . 2010-03-29 23:46	156672	----a-w-	c:\windows\system32\rmc_fixasf.exe
2011-06-11 02:29 . 2011-07-17 07:40	2334208	----a-w-	c:\windows\system32\win32k.sys
2011-06-09 20:45 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2011-05-24 10:44 . 2011-06-30 19:58	293376	----a-w-	c:\windows\system32\umpnpmgr.dll
2011-08-16 17:36 . 2011-03-22 19:23	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\*******\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\*******\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\*******\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\*******\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2011-07-25 2585408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-02 13838952]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-14 281768]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-01 202256]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-04-28 220552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-29 8391200]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
RemoteKeySrv.lnk - c:\program files\RemoteKeySrv\RemoteKeySrv.exe [2010-1-8 303104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-01 21:57	202256	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21	247728	----a-w-	c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-05-26 191752]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-19 15232]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-01-07 182304]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-04 691696]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-19 64512]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AirPrint;AirPrint;c:\program files\AirPrint\Airprint.exe [2011-02-06 234784]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-03-10 249648]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-09 13336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 RemoteKeySrv;RemoteKeySrv;c:\program files\RemoteKeySrv\RemoteKeySrv.exe [2010-01-08 303104]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 genport;genport;c:\program files\RemoteKeySrv\GenPort.sys [2005-12-08 4096]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [2009-10-29 10360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-10-13 67688]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [2009-10-29 22392]
S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [2009-12-22 1558368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-03-14 1115240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [2009-05-13 13720]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 15:21]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 15:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://webmail.havigs.com/
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\lmsewdbk.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE04.00.00.01MSWINDOWS"="0DCA2D38AAC82F9F01ADBA02A26CA80B243744DB67F39D5C2552B2957B163C93D291408F77FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794BA7FD869164D67944DC90C7E176435D7B5884736BF660771E6ECE2E676DBF6615D3516A2E81587361B530287B0EB3174CB9DB73ED93807A228050085B34FADDA386087557B1727F5E048C48C4A2AE8BEBB7DBCAA5C0CC63944E896A62765277959A4F545BBDB918A0513B00C7CF38165998BCBBF9E7F12F39E17CD6F8426752C8EB65F18DA74BD3462423ACF947E751A6DCFEB032B9188968BADE34731F97A681AEFD437BCD17239C889E85F95E51293B4763940BF271BE753732A5ACA2D6EA6B04FFE4E79CACDE3F9BFD78934A9788DDDCEE506508892363450841920F25DE37DF596D05E194080AEDF3561D9AE1F464ECC34A801E3884D5ED2EE3735DF27211EA9E9716BDB0DE01008C5BCA33ACF005B097D3FAE46EB05F6A974AD416D7EE124D45B2B5594CF5C3EFB61B46379A802D4BEADA3E7A70032972C37382FF86CAE1706E1B904AAF2C9CCA170A820791B16F74EC3F46C5EDA30CCD06C569EC34C95EFED86209568380AC085F4B990306D8BF93CD698B526E7E097365CCB6474CDA61DE16921597BB47B1754024F2474B7B5022E0DB2EC2165A66D1C66A2869275F57F5EBA4853F6D0863FE2BC12FB806969ACF2A3B1715366E8B668F926420C9A1D6E7EC1E13ED1489319A762F16E74C3038AF76A4255A4D114D0241DE58433E7B8348659FD84642E10FE3DC12083D2DCDF1F53C5D75E61E2960D7B6937733CDDE80DDAED73C7EE65ED3A623E1279841DE2E13A2D2A88BA27E5303F0CB1E5C15151AC8484D95B14A7A30B7A4F03C154C474BF8B2E358044027872E4453065BFE81C3834318F49D800A9A38B7E700272E3FC97C5E9362BF62AC98184EA5534192176CAB91FB4CC28527E2A416D9D9370DF6B3F8C91B09CAE2AD9FEDBE7034591480F718B0CAFD7D0D0A33B6ACD8E05C6F3B3FCA7EFEDA12CE12C7FCB37633ED4839C2EC34B290E05069D65F9688F96D0AD4C0E046176B69382498C586AE07C6E4AD5F69FC10E47D94DF72B8697ADBDCEECAE22B0549B8FEE943B212CA8AC0F50E8F8B6026A8F124CD6BE04CBC93CA46269595D614EEE13A7F093B012A8B93A507E464AEF53A22D392A055BA7044FA8932CD156EE67C7DA11C7E320FB39C174277E8185939F800D631DDE8F1D5C425B4F149A1C544CC1355D9BC5C500BBBFE8F132F3ACBA05A6DA705FE5F3547E340263D1422B33BC3C26A643D3F155A5F4F733336A7AD84ED573EC6FBACF17A88517826AD47ACC8CD96368E82E64587FE435CFF2B51C01D7936744A2FB5D53B0DDC5463AE4708A25"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-08-17  19:06:21
ComboFix-quarantined-files.txt  2011-08-17 17:06
ComboFix2.txt  2011-04-26 19:24
.
Vor Suchlauf: 11 Verzeichnis(se), 834.498.879.488 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 834.066.354.176 Bytes frei
.
- - End Of File - - BF26E21FE9073787FBB4C08F7CD3CA69
         

Alt 17.08.2011, 22:44   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? - Standard

Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.08.2011, 00:20   #9
mattan75
 
Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? - Standard

Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?



GMER:

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-08-17 23:56:05
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.80.0
Running: ef2222pj.exe; Driver: C:\Users\Matthias\AppData\Local\Temp\fwldapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13D1                                                                                                     83242349 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                            8327BD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2064] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2064] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2064] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2064] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]   [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                   [73852437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                              [73835600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                             [738356BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                    [738524B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                          [73848514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                            [73844CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                           [7384506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                          [73845144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                                 [73846671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                           [7384826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                      [738487BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                    [7384901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                          [7384E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                              [73844BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\BTHUSB \Device\00000090                                                                                                   bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\ACPI_HAL \Device\0000004b                                                                                                 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000092                                                                                                   bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                          fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a14f3d                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a15499                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6033cb2                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                  
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                               0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                               0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                            0xA2 0xC4 0x49 0xF4 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a14f3d (not active ControlSet)                                   
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a15499 (not active ControlSet)                                   
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6033cb2 (not active ControlSet)                                   
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                              
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                   0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                   0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                0xA2 0xC4 0x49 0xF4 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                                             
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSAFEERASE04.00.00.01MSWINDOWS                                             0DCA2D38AAC82F9F01ADBA02A26CA80B243744DB67F39D5C2552B2957B163C93D291408F77FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794BA7FD869164D67944DC90C7E176435D7B5884736BF660771E6ECE2E676DBF6615D3516A2E81587361B530287B0EB3174CB9DB73ED93807A228050085B34FADDA386087557B1727F5E048C48C4A2AE8BEBB7DBCAA5C0CC63944E896A62765277959A4F545BBDB918A0513B00C7CF38165998BCBBF9E7F12F39E17CD6F8426752C8EB65F18DA74BD3462423ACF947E751A6DCFEB032B9188968BADE34731F97A681AEFD437BCD17239C889E85F95E51293B4763940BF271BE753732A5ACA2D6EA6B04FFE4E79CACDE3F9BFD78934A9788DDDCEE506508892363450841920F25DE37DF596D05E194080AEDF3561D9AE1F464ECC34A801E3884D5ED2EE3735DF27211EA9E9716BDB0DE01008C5BCA33ACF005B097D3FAE46EB05F6A974AD416D7EE124D45B2B5594CF5C3EFB61B46379A802D4BEADA3E7A70032972C37382FF86CAE1706E1B904AAF2C9CCA170A820791B16F74EC3F46C5EDA30CCD06C569EC34C95EFED86209568380AC085F4B990306D8BF93CD698B526E7E097365CCB6474CDA61DE16921597BB47B1754024F2474B7B5022E0

---- EOF - GMER 1.0.15 ----
         

OSAM:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:03:59 on 18.08.2011

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 6.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\Windows\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
"vp6dec_settings.cpl" - ? - C:\Windows\system32\vp6dec_settings.cpl  (File found, but it contains no detailed information)
"vp7dec_settings.cpl" - ? - C:\Windows\system32\vp7dec_settings.cpl  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"Bluetooth-Audiogerät" (btwaudio) - "Broadcom Corporation." - C:\Windows\System32\drivers\btwaudio.sys
"catchme" (catchme) - ? - C:\Users\*******\AppData\Local\Temp\catchme.sys  (File not found)
"genport" (genport) - "Wistron" - C:\Program Files\RemoteKeySrv\GenPort.sys
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"Splitcam, WDM Camera Stream Splitter" (SPLITCAM) - "LoteSoft Co." - C:\Windows\System32\DRIVERS\splitcam.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Windows\system32\mmfinfo.dll  (File found, but it contains no detailed information)
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? -   (File not found | COM-object registry key not found)
{6230EF55-8E71-4F40-861A-DBA282584FF5} "AVSVideoConverter Object" - "Online Media Technologies Ltd." - C:\PROGRA~1\AVS4YOU\AVSVID~1\AVSVID~1.DLL
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{4CF20B46-D006-4B90-A64B-DBAA9470EFBE} "ContextMenuHandler Class" - "Brice Lambson" - C:\Program Files\Image Resizer\ImageResizer.dll
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{E81FFB23-40E2-431C-A041-76AEA0E4B04C} "Enterprise-Projekte" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\NAMEEXT.DLL
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Windows\system32\mmfinfo.dll  (File found, but it contains no detailed information)
{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Windows\system32\mmfinfo.dll  (File found, but it contains no detailed information)
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Windows\system32\mmfinfo.dll  (File found, but it contains no detailed information)
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)
{BC593DF5-466F-44EC-8FFD-C4DBC603B917} "IZArc Shell Context Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} "NvAppShExt Class" - "NVIDIA Corporation" - C:\Windows\system32\Nv3DAppShExt.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7} "SafeEraseObj Class" - "O&O Software GmbH" - C:\Program Files\OO Software\SafeErase\oosesh.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4  (HTTP value)
"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
<binary data> "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} "SingleInstance Class" - "Yahoo! Inc" - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
{FCBCCB87-9224-4B8D-B117-F56D924BEB18} "SMTTB2009 Class" - ? - C:\Program Files\SplitCam Toolbar\tbcore3.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"RemoteKeySrv.lnk" - "Wistron Corporation" - C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe  (Shortcut exists | File exists)
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ccleaner" - "Piriform Ltd" - "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
"TomTomHOME.exe" - "TomTom" - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CanonSolutionMenuEx" - "CANON INC." - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"PDFPrint" - "Geek Software GmbH" - C:\Program Files\PDF24\pdf24.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AirPrint" (AirPrint) - "Apple Inc." - C:\Program Files\AirPrint\Airprint.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft Limited" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
"RemoteKeySrv" (RemoteKeySrv) - "Wistron Corporation" - C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
"Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

aswMBR:

Code:
ATTFilter
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-18 00:07:37
-----------------------------
00:07:37.774    OS Version: Windows 6.1.7601 Service Pack 1
00:07:37.774    Number of processors: 2 586 0x170A
00:07:37.774    ComputerName: DESKTOP  UserName: 
00:07:53.327    Initialize success
00:09:29.328    AVAST engine defs: 11081701
00:10:01.059    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:10:01.075    Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
00:10:01.090    Disk 0 MBR read successfully
00:10:01.090    Disk 0 MBR scan
00:10:01.106    Disk 0 unknown MBR code
00:10:01.106    Disk 0 scanning sectors +1953523120
00:10:01.184    Disk 0 scanning C:\Windows\system32\drivers
00:10:07.721    Service scanning
00:10:09.483    Modules scanning
00:10:13.087    Disk 0 trace - called modules:
00:10:13.118    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
00:10:13.118    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88191030]
00:10:13.118    3 CLASSPNP.SYS[8bdb459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85937028]
00:10:16.893    AVAST engine scan C:\Windows
00:10:20.653    AVAST engine scan C:\Windows\system32
00:11:49.791    AVAST engine scan C:\Windows\system32\drivers
00:11:58.808    AVAST engine scan C:\Users\*******
00:17:10.535    AVAST engine scan C:\ProgramData
00:18:12.221    Scan finished successfully
00:18:23.377    Disk 0 MBR has been saved successfully to "C:\Users\*******\Desktop\MBR.dat"
00:18:23.393    The log file has been saved successfully to "C:\Users\*******\Desktop\aswMBR.txt"
         

Alt 18.08.2011, 00:37   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? - Standard

Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?



Zitat:
00:10:01.106 Disk 0 unknown MBR code
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.
Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.08.2011, 18:12   #11
mattan75
 
Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? - Standard

Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?



MBR wie angewiesen gefixt, hat problemlos geklappt. Habe danach nochmals ein Log erstellt, siehe unten.

Code:
ATTFilter
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-18 18:01:33
-----------------------------
18:01:33.201    OS Version: Windows 6.1.7601 Service Pack 1
18:01:33.201    Number of processors: 2 586 0x170A
18:01:33.201    ComputerName: DESKTOP  UserName: 
18:01:35.807    Initialize success
18:01:41.204    AVAST engine defs: 11081701
18:01:46.212    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:01:46.228    Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
18:01:46.243    Disk 0 MBR read successfully
18:01:46.243    Disk 0 MBR scan
18:01:46.243    Disk 0 Windows 7 default MBR code
18:01:46.259    Disk 0 scanning sectors +1953523120
18:01:46.337    Disk 0 scanning C:\Windows\system32\drivers
18:01:53.294    Service scanning
18:01:55.962    Modules scanning
18:02:04.885    Disk 0 trace - called modules:
18:02:04.916    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
18:02:04.932    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88191030]
18:02:04.932    3 CLASSPNP.SYS[8bda059e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85937028]
18:02:07.537    AVAST engine scan C:\Windows
18:02:15.353    AVAST engine scan C:\Windows\system32
18:04:09.031    AVAST engine scan C:\Windows\system32\drivers
18:04:20.107    AVAST engine scan C:\Users\*******
18:09:43.403    AVAST engine scan C:\ProgramData
18:11:02.066    Scan finished successfully
18:11:30.287    Disk 0 MBR has been saved successfully to "C:\Users\*******\Desktop\MBR.dat"
18:11:30.303    The log file has been saved successfully to "C:\Users\*******\Desktop\aswMBR.txt"
         

Alt 19.08.2011, 15:46   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? - Standard

Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.08.2011, 15:47   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? - Standard

Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.08.2011, 22:48   #14
mattan75
 
Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? - Standard

Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?



Malwarebytes und SUPERAntiSpyware erscheinen mir sauber, aber ESET hat noch was gefunden...

ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=e6ce57954b9ace438df795995c2c5a66
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-14 01:41:55
# local_time=2011-08-14 03:41:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 237851 49863700 64795 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 2485135 64954435 0 0
# compatibility_mode=8192 67108863 100 0 261 261 0 0
# scanned=161210
# found=1
# cleaned=0
# scan_time=6071
C:\Users\*******\Downloads\cole2k.media.-.codec.pack.v7.9.1.-advanced-.setup.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=e6ce57954b9ace438df795995c2c5a66
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-19 08:05:18
# local_time=2011-08-19 10:05:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 175723 50319017 0 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 2940452 65409752 0 0
# compatibility_mode=8192 67108863 100 0 455578 455578 0 0
# scanned=161338
# found=2
# cleaned=0
# scan_time=5798
C:\Users\*******\AppData\Roaming\Mibe\avneu.exe	a variant of Win32/Kryptik.RWC trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\*******\Downloads\cole2k.media.-.codec.pack.v7.9.1.-advanced-.setup.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
         
Malwarebytes:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7500

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

18.08.2011 19:03:33
mbam-log-2011-08-18 (19-03-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 327789
Laufzeit: 43 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
SuperAntiSpyware:
Code:
ATTFilter
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 08/19/2011 bei 08:12 PM

Version der Applikation : 5.0.1118

Version der Kern-Datenbank : 7579
Version der Spur-Datenbank : 5391

Scan Art       : kompletter Scann
Totale Scann-Zeit : 01:02:54

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Gescannte Speicherelemente  : 802
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 39978
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente     : 158142
Erfasste Datei-Elemente   : 0
         

Alt 20.08.2011, 09:27   #15
mattan75
 
Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? - Standard

Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?



Muss mir sowas hier sorgen machen? Heute beim Hochfahren erschien die angehängte Meldung...
Angehängte Grafiken
Dateityp: jpg Bild1.jpg (98,5 KB, 385x aufgerufen)

Antwort

Themen zu Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?
ad-aware, antivir, avira, bingbar, bonjour, c:\windows\system32\rundll32.exe, defender, error, explorer, firefox, format, hilfe!!, home, index, locker, logfile, mahmud.exe, mbamservice.exe, mozilla, nodrives, nvlddmkm.sys, realtek, registry, rundll, scan, software, sptd.sys, start menu, system, taskmanager, trojaner, windows



Ähnliche Themen: Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?


  1. Bikiniland Trojaner erfolgreich entfernt?
    Log-Analyse und Auswertung - 12.02.2015 (9)
  2. Windows 7 & BKA Trojaner 1.18 -> Nur teilweise erfolgreich entfernt
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (5)
  3. BKA Trojaner erfolgreich entfernt ! Langsames Hochfahren und Spiel nicht mehr Spielbar!
    Plagegeister aller Art und deren Bekämpfung - 01.12.2012 (0)
  4. GVU erfolgreich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (5)
  5. Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbar
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (31)
  6. GVU Trojaner erfolgreich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (9)
  7. GVU-Trojaner erfolgreich entfernt?! Und jetzt?!
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (2)
  8. Windows Update Trojaner erfolgreich entfernt, viele Dateien sind gesperrt, was nun ?
    Log-Analyse und Auswertung - 16.06.2012 (3)
  9. Habe den Virus mit der Bundespolizei erfolgreich entfernt..... Aber bin ich sicher?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  10. Bundespolizei-Virus erfolgreich entfernt
    Plagegeister aller Art und deren Bekämpfung - 07.08.2011 (2)
  11. AntiVir meldete verschiedene Trojaner - habe ich sie erfolgreich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 13.12.2010 (19)
  12. trojaner, erfolgreich entfernt?
    Log-Analyse und Auswertung - 10.01.2010 (7)
  13. Trojaner erfolgreich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 18.11.2009 (8)
  14. Keylogger erfolgreich entfernt??
    Log-Analyse und Auswertung - 14.10.2009 (4)
  15. Trojaner und Rootkit erfolgreich entfernt???
    Log-Analyse und Auswertung - 24.03.2009 (0)
  16. Trojaner erfolgreich entfernt (wenn auch sehr mühsam)
    Log-Analyse und Auswertung - 23.01.2006 (2)
  17. Trojaner drop.agent erfolgreich entfernt? Hijack Logfile
    Log-Analyse und Auswertung - 08.05.2005 (7)

Zum Thema Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? - Hallo zusammen, auch bei mir hat der Bundespolizei Trojaner zugeschlagen. Konnte mit Taskmanager einen Win7 Neustart im abgesicherten Modus erzwingen und mit Malwarebytes entfernen. Logs im Anhang. OTL und GMER - Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?...
Archiv
Du betrachtest: Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.