| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nach vermutlichem Virus Befall Daten weg !Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.09.2011, 14:57
| #1 |
 |  Nach vermutlichem Virus Befall Daten weg ! Hallo zusammen , ich habe schon wieder ein problem, und zwar hatte oder habe ich schon wieder einen virus auf meinem pc , und von jetz auf gleich waren so zeimlich alle daten weg , also fotos,videos,musik, games einfach alles. Mein desktop ist auch komplett leer , firefox ist noch da , antivir istauch noch da , und zwei games aber sonst fast nichts ..  Ich hoffe ihr könnt mir helfen  Gruss Nico |
|
11.09.2011, 15:26
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Nach vermutlichem Virus Befall Daten weg ! Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
11.09.2011, 16:09
| #3 |
| | Nach vermutlichem Virus Befall Daten weg ! So hier OTL
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.09.2011 16:55:53 - Run 1 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Nico Fuhrmann\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 64,98% Memory free 6,19 Gb Paging File | 5,19 Gb Available in Paging File | 83,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 456,93 Gb Total Space | 264,86 Gb Free Space | 57,96% Space Free | Partition Type: NTFS Drive D: | 458,58 Gb Total Space | 458,22 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Drive E: | 6,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive J: | 998,10 Mb Total Space | 911,46 Mb Free Space | 91,32% Space Free | Partition Type: FAT32 Computer Name: NICOFUHRMANN-PC | User Name: Nico Fuhrmann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.11 16:54:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Nico Fuhrmann\Downloads\OTL.exe PRC - [2011.06.28 17:16:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.25 09:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.03.28 16:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.08.22 14:10:38 | 000,438,399 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe PRC - [2008.08.06 17:00:00 | 000,028,672 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0415Mon.exe PRC - [2008.03.26 13:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.29 12:25:10 | 000,598,016 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe PRC - [2008.01.29 12:24:46 | 000,163,840 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2011.09.07 17:59:41 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.06.28 17:16:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.01.29 12:25:10 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2008.01.29 12:24:46 | 000,163,840 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011.06.28 17:16:16 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 17:16:16 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.28 10:49:40 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.05.25 09:25:04 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.05.25 09:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2008.08.14 03:00:00 | 000,282,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\V0415Vid.sys -- (V0415Vid) DRV - [2008.08.12 15:50:36 | 000,135,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt) DRV - [2008.01.29 13:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.10.12 16:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.01.15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {40f5f417-32bb-4296-9446-c1e0094e7d82} - C:\Programme\Uptodown_EN\prxtbUpto.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2828561 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {40f5f417-32bb-4296-9446-c1e0094e7d82} - C:\Programme\Uptodown_EN\prxtbUpto.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Uptodown EN Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2828561&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.07 13:28:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.28 10:35:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nico Fuhrmann\AppData\Roaming\mozilla\Extensions [2011.09.02 23:16:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nico Fuhrmann\AppData\Roaming\mozilla\Firefox\Profiles\m01tzwhl.default\extensions [2011.08.19 15:21:16 | 000,000,000 | -H-D | M] (Uptodown EN Community Toolbar) -- C:\Users\Nico Fuhrmann\AppData\Roaming\mozilla\Firefox\Profiles\m01tzwhl.default\extensions\{40f5f417-32bb-4296-9446-c1e0094e7d82} [2011.08.14 14:54:56 | 000,000,925 | -H-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Mozilla\Firefox\Profiles\m01tzwhl.default\searchplugins\conduit.xml [2011.08.12 14:13:02 | 000,010,525 | -H-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Mozilla\Firefox\Profiles\m01tzwhl.default\searchplugins\gmx-suche.xml [2011.06.03 15:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.06.03 15:48:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.05.30 01:30:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} () (No name found) -- C:\USERS\NICO FUHRMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M01TZWHL.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI [2011.05.30 14:34:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.09.07 13:28:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.06.25 23:20:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.06.25 23:20:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.06.25 23:20:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.06.25 23:20:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.06.25 23:20:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.06.25 23:20:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Uptodown EN Toolbar) - {40f5f417-32bb-4296-9446-c1e0094e7d82} - C:\Programme\Uptodown_EN\prxtbUpto.dll (Conduit Ltd.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Uptodown EN Toolbar) - {40f5f417-32bb-4296-9446-c1e0094e7d82} - C:\Programme\Uptodown_EN\prxtbUpto.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Live! Central] C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [V0415Mon.exe] C:\Windows\V0415Mon.exe (Creative Technology Ltd.) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [otpi.exe] File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D766E25-2E55-4E02-8688-54242078D464}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2ea31e79-8901-11e0-92d1-001d72b07da0}\Shell - "" = AutoRun O33 - MountPoints2\{2ea31e79-8901-11e0-92d1-001d72b07da0}\Shell\AutoRun\command - "" = I:\Installer.EXE O33 - MountPoints2\{e17d0521-8931-11e0-a301-001d72b07da0}\Shell - "" = AutoRun O33 - MountPoints2\{e17d0521-8931-11e0-a301-001d72b07da0}\Shell\AutoRun\command - "" = 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Nico Fuhrmann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) MsConfig - StartUpReg: V0415Mon.exe - hkey= - key= - C:\Windows\V0415Mon.exe (Creative Technology Ltd.) MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.11 16:34:12 | 000,000,000 | ---D | C] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Malwarebytes [2011.09.11 16:33:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.09.11 16:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.09.11 16:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.11 16:33:54 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.09.11 16:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.09.09 21:07:46 | 000,000,000 | ---D | C] -- C:\Users\Nico Fuhrmann\Documents\4A Games [2011.09.09 21:05:22 | 000,000,000 | ---D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\4A Games [2011.09.09 21:05:00 | 000,000,000 | ---D | C] -- C:\Users\Nico Fuhrmann\AppData\Roaming\NVIDIA [2011.09.09 15:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011.09.08 20:04:07 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Recovery [2011.09.08 19:03:30 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\Application Data [2011.09.07 13:28:28 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{49C823BE-FD81-4253-AA77-AC22347DA7E0} [2011.09.07 13:28:23 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{CB30E6B2-77F2-4A83-BBBB-3032E929B083} [2011.09.02 14:17:25 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{0CC73F31-3918-4E0C-8731-15F6033BCA50} [2011.09.02 14:17:14 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{E68623EB-F4FB-4077-AC12-B74F49A131CC} [2011.08.31 16:35:10 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Roaming\dvdcss [2011.08.31 15:31:37 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{69F8C1CF-7BE3-4E67-82AA-C08BC3C2C200} [2011.08.31 15:31:15 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{A84E3DF6-2373-4867-85C9-B1E8A97B5445} [2011.08.28 19:45:16 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{D93E8B31-CC97-4704-A52E-963426C0A598} [2011.08.28 19:45:09 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{E845B27F-657A-4E64-88CA-09AC1BA9431E} [2011.08.22 14:34:30 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{D0FBA9A0-860A-457A-AC2A-2CBBA542B70B} [2011.08.22 14:34:13 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{01BD0AB0-6368-4515-ABC5-68E4F1BFB04E} [2011.08.21 02:06:16 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{785A7B8C-F156-48A2-91FB-FDC75C96F1AC} [2011.08.21 02:06:12 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{58E8EB75-7992-4A92-BD4F-429FAFAC7899} [2011.08.20 17:13:48 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\Documents\Sniper - Ghost Warrior [2011.08.20 09:25:08 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{4E226090-A018-4874-9B53-F24BA9E2E62C} [2011.08.20 09:25:03 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{CE10E8F8-22FF-4433-97B6-1CC8465C14EF} [2011.08.19 15:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2011.08.19 15:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine [2011.08.19 15:21:04 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\Conduit [2011.08.19 15:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Uptodown_EN [2011.08.19 14:34:13 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{14D9D4A1-FD2D-424A-BE7D-E8AB87A3D50A} [2011.08.19 14:34:04 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{D58EB78D-4832-40B3-8A19-6DFB0E688652} [2011.08.18 15:53:05 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{3C261A65-4E33-446E-8AFD-DFDB35755740} [2011.08.18 15:53:01 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{FF9F340E-0404-4C42-82D9-5A914D1D4666} [2011.08.17 13:30:47 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{D713ABFA-D5D2-4FE2-990C-194EC56B5A7B} [2011.08.17 13:30:42 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{19ACA745-D3F5-4733-A7EA-2DA7ABF32116} [2011.08.16 13:03:02 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{5B4563CF-0CCD-4391-A017-B179650CFD86} [2011.08.16 13:02:58 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{ED005C13-F2F6-48BC-86F7-2AC298E9D68A} [2011.08.15 22:10:09 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\Desktop\Neuer Ordner (5) [2011.08.15 15:54:26 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{FDF1D66A-BC20-4A68-AD45-579B72A81041} [2011.08.15 15:54:18 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{07F9B0C9-6CA6-4E78-AF24-E3ADEE8C5662} [2011.08.14 10:10:32 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{E81E21ED-8F2B-4282-8984-701FA747219B} [2011.08.14 10:10:28 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{4D7BED63-5F77-407F-B40F-018B80F230D8} [2011.08.13 20:49:20 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{D1F7F5E1-BEF4-4A84-AA05-00B1F4CD0940} [2011.08.13 20:49:15 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{A05AE64E-2B5A-4B34-84DB-4F7813A71A49} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.11 16:50:12 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.11 16:50:02 | 000,004,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.11 16:50:02 | 000,004,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.11 16:50:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.11 16:49:57 | 3219,615,744 | -HS- | M] () -- C:\hiberfil.sys [2011.09.11 16:34:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.11 16:30:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.11 12:06:18 | 000,065,198 | ---- | M] () -- C:\Users\Nico Fuhrmann\Desktop\t150.jpg [2011.09.11 12:05:53 | 000,036,879 | ---- | M] () -- C:\Users\Nico Fuhrmann\Desktop\m146.jpg [2011.09.08 20:04:07 | 000,000,611 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\System Recovery.lnk [2011.09.08 20:04:07 | 000,000,216 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz [2011.09.08 20:04:07 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr [2011.09.08 20:04:05 | 000,000,344 | -H-- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz [2011.09.05 19:43:08 | 000,006,467 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\309538_254104091290415_100000724780132_841568_585936_s.jpg [2011.09.04 22:17:05 | 000,160,501 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\mona-lisa.jpg [2011.09.04 09:46:29 | 000,034,129 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\Winterjam.jpg [2011.09.03 11:20:39 | 007,605,760 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\Türke türke.mp3 [2011.09.03 10:32:04 | 000,132,916 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\02092011609.JPG [2011.09.02 17:35:20 | 001,773,639 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\02092011608.JPG [2011.09.02 17:34:32 | 001,824,895 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\02092011607.JPG [2011.09.02 14:23:28 | 000,039,401 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\275105_100001592077413_7899947_n.jpg [2011.09.01 09:11:30 | 002,024,495 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\01092011008.JPG [2011.09.01 09:11:06 | 002,118,059 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\01092011007.JPG [2011.08.31 18:54:28 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.31 18:54:28 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.31 18:54:28 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.31 18:54:28 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.31 15:38:30 | 000,231,848 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\Stammkurs, frau otto.JPG [2011.08.31 08:03:30 | 002,693,628 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\31082011599.JPG [2011.08.30 21:21:43 | 000,210,106 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\BaugnezCrossroads1.JPG [2011.08.27 18:27:54 | 000,018,944 | -H-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.24 18:52:09 | 000,260,747 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\fisher_f75_pic.jpg [2011.08.20 16:26:54 | 000,000,215 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\Sniper Ghost Warrior.url [2011.08.18 19:36:38 | 000,664,847 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Documents\Foto0418.jpg [2011.08.18 19:09:54 | 000,233,489 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\9_c___Herr_Meier.JPG [2011.08.16 18:50:49 | 000,654,342 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Documents\DSC03494-.jpg [2011.08.15 22:21:58 | 000,081,136 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\02082011509.JPG [2011.08.15 22:02:40 | 000,076,930 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\band_of_brothers_wallpaper_1280x1024_6.jpg [2011.08.13 23:15:26 | 000,055,716 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\13082011547.JPG [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.11 16:34:00 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.10 18:09:08 | 000,036,879 | ---- | C] () -- C:\Users\Nico Fuhrmann\Desktop\m146.jpg [2011.09.10 18:06:24 | 000,065,198 | ---- | C] () -- C:\Users\Nico Fuhrmann\Desktop\t150.jpg [2011.09.08 20:04:07 | 000,000,611 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\System Recovery.lnk [2011.09.08 20:04:07 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz [2011.09.08 20:04:07 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr [2011.09.08 20:04:05 | 000,000,344 | -H-- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz [2011.09.05 19:43:07 | 000,006,467 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\309538_254104091290415_100000724780132_841568_585936_s.jpg [2011.09.04 22:17:04 | 000,160,501 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\mona-lisa.jpg [2011.09.04 09:44:23 | 000,034,129 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\Winterjam.jpg [2011.09.03 11:20:28 | 007,605,760 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\Türke türke.mp3 [2011.09.03 10:09:34 | 001,824,895 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\02092011607.JPG [2011.09.03 10:09:34 | 001,773,639 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\02092011608.JPG [2011.09.03 10:09:34 | 000,132,916 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\02092011609.JPG [2011.09.02 14:20:15 | 000,039,401 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\275105_100001592077413_7899947_n.jpg [2011.09.01 19:12:34 | 002,118,059 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\01092011007.JPG [2011.09.01 19:12:31 | 002,024,495 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\01092011008.JPG [2011.08.31 15:33:08 | 000,231,848 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\Stammkurs, frau otto.JPG [2011.08.31 15:33:01 | 002,693,628 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\31082011599.JPG [2011.08.24 18:52:07 | 000,260,747 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\fisher_f75_pic.jpg [2011.08.20 16:26:54 | 000,000,215 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\Sniper Ghost Warrior.url [2011.08.18 19:36:27 | 000,664,847 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Documents\Foto0418.jpg [2011.08.18 19:09:52 | 000,233,489 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\9_c___Herr_Meier.JPG [2011.08.16 18:50:37 | 000,654,342 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Documents\DSC03494-.jpg [2011.08.15 22:02:26 | 000,076,930 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\band_of_brothers_wallpaper_1280x1024_6.jpg [2011.08.13 23:13:52 | 000,055,716 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\13082011547.JPG [2011.07.08 15:45:55 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2011.06.25 15:20:43 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys [2011.06.22 14:57:52 | 000,139,224 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.06.22 14:57:52 | 000,022,328 | -H-- | C] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\PnkBstrK.sys [2011.06.22 14:57:37 | 000,183,152 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.06.22 14:57:33 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2011.06.22 14:57:33 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.06.11 03:04:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.06.10 18:17:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.06.10 18:17:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.06.03 15:49:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.05.28 12:57:04 | 000,000,425 | -H-- | C] () -- C:\Windows\BRWMARK.INI [2011.05.28 12:57:04 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.05.28 10:48:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.28 10:18:59 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2011.05.28 10:18:59 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2011.05.28 10:18:59 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2011.05.28 09:57:54 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2011.05.27 21:10:51 | 000,018,944 | -H-- | C] () -- C:\Users\Nico Fuhrmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.27 20:44:18 | 000,000,680 | -H-- | C] () -- C:\Users\Nico Fuhrmann\AppData\Local\d3d9caps.dat [2011.05.24 13:03:24 | 000,276,232 | -H-- | C] () -- C:\Users\Nico Fuhrmann\AppData\Local\ConduitInstaller.exe [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2006.11.02 17:33:31 | 000,638,972 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,130,818 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,276,712 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2011.07.13 13:38:17 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\BOM [2011.05.28 10:51:53 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\DAEMON Tools Lite [2011.09.04 03:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\ICQ [2011.07.08 17:03:13 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Igdoap [2011.05.28 17:12:48 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\IrfanView [2011.07.28 08:31:12 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Irub [2011.07.12 09:00:35 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Koagky [2011.07.28 22:30:24 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Niopx [2011.05.30 01:36:44 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\OpenOffice.org [2011.06.04 22:16:26 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\TubeBox [2011.09.11 16:46:25 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.06.03 13:07:58 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Adobe [2011.05.28 12:53:33 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Avira [2011.07.13 13:38:17 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\BOM [2011.07.27 13:10:39 | 000,000,000 | RH-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Brother [2011.06.25 15:46:59 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Creative [2011.05.28 10:51:53 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\DAEMON Tools Lite [2011.08.31 16:35:10 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\dvdcss [2011.09.04 03:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\ICQ [2011.05.27 20:44:22 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Identities [2011.07.08 17:03:13 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Igdoap [2011.06.25 15:20:04 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\InstallShield [2011.05.28 17:12:48 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\IrfanView [2011.07.28 08:31:12 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Irub [2011.07.12 09:00:35 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Koagky [2011.05.28 14:11:24 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Macromedia [2011.09.11 16:34:12 | 000,000,000 | ---D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Media Center Programs [2011.09.08 19:03:31 | 000,000,000 | --SD | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft [2011.05.28 10:35:46 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Mozilla [2011.07.28 22:30:24 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Niopx [2011.09.09 21:05:00 | 000,000,000 | ---D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\NVIDIA [2011.05.30 01:36:44 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\OpenOffice.org [2011.09.11 16:53:08 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Skype [2011.07.03 11:06:03 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\skypePM [2011.05.28 17:09:10 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\SUPERAntiSpyware.com [2011.06.04 22:16:26 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\TubeBox [2011.06.18 14:33:56 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\vlc [2011.07.08 01:25:16 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.06.04 22:16:05 | 000,010,134 | RH-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6514C169A30B32C1D9071C.exe [2011.06.04 22:16:05 | 000,034,494 | RH-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6FEFF9B68218417F98F549.exe [2011.06.04 22:16:05 | 000,355,574 | RH-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_A284EAE41E055547217DE7.exe [2011.06.04 22:16:05 | 000,080,992 | RH-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_BEA59818F40318269C802B.exe [2011.06.04 22:16:05 | 000,355,574 | RH-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_E3DBAAA0CAF950FA4295EE.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2011.05.28 14:25:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2011.05.28 14:25:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2011.05.28 14:25:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2008.01.25 20:02:04 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=7DF63192BCF9C20EC2F7492E7F7544F9 -- C:\Windows\Temp\chipset_x86\IDE\WinVista\sataraid\nvstor32.sys [2008.01.25 20:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows\Temp\chipset_x86\IDE\WinVista\sata_ide\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2011.05.28 12:56:58 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2011.05.28 12:56:58 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.19 09:34:08 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2008.01.19 09:34:08 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll < > < End of report > Und Malwarebytes: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7695 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 11.09.2011 16:45:39 mbam-log-2011-09-11 (16-45-39).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 185214 Laufzeit: 5 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 9 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2F7ZUJ7G4IWWUF6VXQBJIKHST (Trojan.Agent) -> Value: 2F7ZUJ7G4IWWUF6VXQBJIKHST -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xINAfOOBcRr (Trojan.FakeAlert) -> Value: xINAfOOBcRr -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\systemdata\217fa966b37.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\programdata\xinafoobcrr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\programdata\p1kalmig2kb7fz.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. c:\Users\nico fuhrmann\AppData\Local\Temp\2B2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\nico fuhrmann\AppData\Local\Temp\audio_drivers_update_utility.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\nico fuhrmann\AppData\Local\Temp\tmpEDFA.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\nico fuhrmann\AppData\Local\Temp\0.0953075560232346.exe (Exploit.Drop.2) -> Quarantined and deleted successfully. c:\Recycle.Bin\48d2f5e4efb28b3 (Trojan.Spyeyes) -> Quarantined and deleted successfully. c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. |
|
11.09.2011, 17:27
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach vermutlichem Virus Befall Daten weg ! 1.) Wollte ich einen Vollscan sehen! 2.) Machst du Onlinebanking oder ähnlich kritische Dinge an diesem verseuchten Rechner?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.09.2011, 17:31
| #5 |
| | Nach vermutlichem Virus Befall Daten weg ! Oh sorry werde einen Vollscan durchführen .. Nein wahrscheinlich zum Glück nicht  Gruss Nico |
|
11.09.2011, 18:20
| #6 |
| | Nach vermutlichem Virus Befall Daten weg ! hier das ergebnis des vollscans Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7695 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 11.09.2011 19:19:19 mbam-log-2011-09-11 (19-19-19).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 301646 Laufzeit: 46 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
11.09.2011, 18:58
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach vermutlichem Virus Befall Daten weg ! Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.09.2011, 21:10
| #8 |
| | Nach vermutlichem Virus Befall Daten weg ! So endlich fertig ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=3ed24f021d67e340b8b22ff377f425ef # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-09-11 08:06:33 # local_time=2011-09-11 10:06:33 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1797 16775165 100 94 39128 52301633 88633 0 # compatibility_mode=5892 16776573 100 100 5656855 153297540 0 0 # compatibility_mode=8192 67108863 100 0 420 420 0 0 # scanned=143236 # found=2 # cleaned=0 # scan_time=6780 C:\Users\Nico Fuhrmann\AppData\Local\Temp\jar_cache209286109459687106.tmp Variante von Win32/Kryptik.SKG Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I C:\Users\Nico Fuhrmann\AppData\Local\Temp\jar_cache5849829848438039450.tmp Win32/Spy.Zbot.YW Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I |
|
12.09.2011, 09:25
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach vermutlichem Virus Befall Daten weg ! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Uptodown EN Toolbar) - {40f5f417-32bb-4296-9446-c1e0094e7d82} - C:\Programme\Uptodown_EN\prxtbUpto.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Uptodown EN Toolbar) - {40f5f417-32bb-4296-9446-c1e0094e7d82} - C:\Programme\Uptodown_EN\prxtbUpto.dll (Conduit Ltd.)
O4 - HKCU..\Run: [otpi.exe] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2ea31e79-8901-11e0-92d1-001d72b07da0}\Shell - "" = AutoRun
O33 - MountPoints2\{2ea31e79-8901-11e0-92d1-001d72b07da0}\Shell\AutoRun\command - "" = I:\Installer.EXE
O33 - MountPoints2\{e17d0521-8931-11e0-a301-001d72b07da0}\Shell - "" = AutoRun
O33 - MountPoints2\{e17d0521-8931-11e0-a301-001d72b07da0}\Shell\AutoRun\command - "" = 1
[2011.09.08 20:04:07 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Recovery
[2011.08.19 15:21:04 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\Conduit
[2011.08.19 15:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Uptodown_EN
[2011.09.08 20:04:07 | 000,000,611 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\System Recovery.lnk
[2011.09.08 20:04:07 | 000,000,216 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011.09.08 20:04:07 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011.09.08 20:04:05 | 000,000,344 | -H-- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2011.07.08 17:03:13 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Igdoap
[2011.07.28 08:31:12 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Irub
[2011.07.12 09:00:35 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Koagky
[2011.07.28 22:30:24 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Niopx
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2011, 14:09
| #10 |
| | Nach vermutlichem Virus Befall Daten weg ! So nach neustart bin ich wieder da All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40f5f417-32bb-4296-9446-c1e0094e7d82}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40f5f417-32bb-4296-9446-c1e0094e7d82}\ deleted successfully. C:\Programme\Uptodown_EN\prxtbUpto.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Programme\ConduitEngine\prxConduitEngine.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40f5f417-32bb-4296-9446-c1e0094e7d82} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40f5f417-32bb-4296-9446-c1e0094e7d82}\ not found. File C:\Programme\Uptodown_EN\prxtbUpto.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\otpi.exe deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ea31e79-8901-11e0-92d1-001d72b07da0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ea31e79-8901-11e0-92d1-001d72b07da0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ea31e79-8901-11e0-92d1-001d72b07da0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ea31e79-8901-11e0-92d1-001d72b07da0}\ not found. File I:\Installer.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e17d0521-8931-11e0-a301-001d72b07da0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e17d0521-8931-11e0-a301-001d72b07da0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e17d0521-8931-11e0-a301-001d72b07da0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e17d0521-8931-11e0-a301-001d72b07da0}\ not found. File 1 not found. C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Recovery folder moved successfully. C:\Users\Nico Fuhrmann\AppData\Local\Conduit\CT2828561 folder moved successfully. C:\Users\Nico Fuhrmann\AppData\Local\Conduit folder moved successfully. C:\Program Files\Uptodown_EN folder moved successfully. C:\Users\Nico Fuhrmann\Desktop\System Recovery.lnk moved successfully. C:\ProgramData\~P1kAlMiG2Kb7Fz moved successfully. C:\ProgramData\~P1kAlMiG2Kb7Fzr moved successfully. C:\ProgramData\P1kAlMiG2Kb7Fz moved successfully. C:\Users\Nico Fuhrmann\AppData\Roaming\Igdoap folder moved successfully. C:\Users\Nico Fuhrmann\AppData\Roaming\Irub folder moved successfully. C:\Users\Nico Fuhrmann\AppData\Roaming\Koagky folder moved successfully. C:\Users\Nico Fuhrmann\AppData\Roaming\Niopx folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Nico Fuhrmann ->Temp folder emptied: 1133782905 bytes ->Temporary Internet Files folder emptied: 66009054 bytes ->Java cache emptied: 1957430 bytes ->FireFox cache emptied: 325718738 bytes ->Flash cache emptied: 34220 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 155648 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 289291028 bytes RecycleBin emptied: 8020383074 bytes Total Files Cleaned = 9.382,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.27.0 log created on 09122011_140401 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
12.09.2011, 14:24
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach vermutlichem Virus Befall Daten weg ! Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2011, 14:27
| #12 |
| | Nach vermutlichem Virus Befall Daten weg ! 2011/09/12 15:25:53.0098 5344 TDSS rootkit removing tool 2.5.21.0 Sep 10 2011 21:07:05 2011/09/12 15:25:53.0215 5344 ================================================================================ 2011/09/12 15:25:53.0215 5344 SystemInfo: 2011/09/12 15:25:53.0215 5344 2011/09/12 15:25:53.0215 5344 OS Version: 6.0.6002 ServicePack: 2.0 2011/09/12 15:25:53.0215 5344 Product type: Workstation 2011/09/12 15:25:53.0216 5344 ComputerName: NICOFUHRMANN-PC 2011/09/12 15:25:53.0216 5344 UserName: Nico Fuhrmann 2011/09/12 15:25:53.0216 5344 Windows directory: C:\Windows 2011/09/12 15:25:53.0216 5344 System windows directory: C:\Windows 2011/09/12 15:25:53.0216 5344 Processor architecture: Intel x86 2011/09/12 15:25:53.0216 5344 Number of processors: 4 2011/09/12 15:25:53.0216 5344 Page size: 0x1000 2011/09/12 15:25:53.0216 5344 Boot type: Normal boot 2011/09/12 15:25:53.0216 5344 ================================================================================ 2011/09/12 15:26:12.0652 5344 Initialize success 2011/09/12 15:26:28.0909 5508 ================================================================================ 2011/09/12 15:26:28.0909 5508 Scan started 2011/09/12 15:26:28.0909 5508 Mode: Manual; 2011/09/12 15:26:28.0909 5508 ================================================================================ 2011/09/12 15:26:29.0549 5508 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/09/12 15:26:29.0658 5508 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/09/12 15:26:29.0705 5508 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/09/12 15:26:29.0721 5508 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/09/12 15:26:29.0767 5508 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/09/12 15:26:29.0845 5508 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 2011/09/12 15:26:29.0908 5508 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/09/12 15:26:29.0955 5508 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/09/12 15:26:29.0986 5508 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/09/12 15:26:30.0001 5508 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/09/12 15:26:30.0017 5508 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/09/12 15:26:30.0048 5508 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/09/12 15:26:30.0064 5508 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/09/12 15:26:30.0126 5508 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/09/12 15:26:30.0157 5508 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/09/12 15:26:30.0220 5508 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/09/12 15:26:30.0267 5508 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/09/12 15:26:30.0313 5508 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/09/12 15:26:30.0345 5508 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 2011/09/12 15:26:30.0391 5508 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/09/12 15:26:30.0501 5508 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/09/12 15:26:30.0547 5508 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/09/12 15:26:30.0563 5508 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/09/12 15:26:30.0594 5508 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/09/12 15:26:30.0610 5508 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/09/12 15:26:30.0641 5508 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/09/12 15:26:30.0672 5508 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/09/12 15:26:30.0766 5508 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/09/12 15:26:30.0813 5508 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/09/12 15:26:30.0875 5508 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/09/12 15:26:30.0922 5508 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/09/12 15:26:31.0047 5508 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/09/12 15:26:31.0156 5508 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/09/12 15:26:31.0187 5508 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 2011/09/12 15:26:31.0327 5508 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/09/12 15:26:31.0405 5508 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/09/12 15:26:31.0530 5508 CtClsFlt (a029cde0a50aee7eeffd70dd3821953d) C:\Windows\system32\DRIVERS\CtClsFlt.sys 2011/09/12 15:26:31.0702 5508 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 2011/09/12 15:26:31.0811 5508 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/09/12 15:26:31.0920 5508 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/09/12 15:26:31.0983 5508 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 2011/09/12 15:26:32.0061 5508 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/09/12 15:26:32.0107 5508 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/09/12 15:26:32.0185 5508 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/09/12 15:26:32.0232 5508 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/09/12 15:26:32.0326 5508 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/09/12 15:26:32.0373 5508 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/09/12 15:26:32.0419 5508 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/09/12 15:26:32.0466 5508 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/09/12 15:26:32.0497 5508 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/09/12 15:26:32.0529 5508 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/09/12 15:26:32.0591 5508 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/09/12 15:26:32.0669 5508 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/09/12 15:26:32.0700 5508 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/09/12 15:26:32.0763 5508 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/09/12 15:26:32.0872 5508 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/09/12 15:26:33.0043 5508 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/09/12 15:26:33.0153 5508 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/09/12 15:26:33.0231 5508 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/09/12 15:26:33.0262 5508 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/09/12 15:26:33.0309 5508 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/09/12 15:26:33.0324 5508 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/09/12 15:26:33.0387 5508 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/09/12 15:26:33.0480 5508 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/09/12 15:26:33.0605 5508 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/09/12 15:26:33.0714 5508 IntcAzAudAddService (4c01298060cf930d26a75a86b874b6ae) C:\Windows\system32\drivers\RTKVHDA.sys 2011/09/12 15:26:33.0901 5508 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 2011/09/12 15:26:33.0995 5508 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 2011/09/12 15:26:34.0057 5508 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/09/12 15:26:34.0120 5508 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/09/12 15:26:34.0167 5508 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/09/12 15:26:34.0213 5508 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/09/12 15:26:34.0260 5508 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/09/12 15:26:34.0401 5508 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/09/12 15:26:34.0525 5508 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/09/12 15:26:34.0635 5508 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/09/12 15:26:34.0697 5508 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/09/12 15:26:34.0775 5508 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 2011/09/12 15:26:34.0869 5508 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/09/12 15:26:35.0040 5508 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/09/12 15:26:35.0181 5508 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/09/12 15:26:35.0196 5508 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/09/12 15:26:35.0243 5508 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/09/12 15:26:35.0274 5508 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/09/12 15:26:35.0321 5508 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/09/12 15:26:35.0383 5508 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/09/12 15:26:35.0430 5508 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/09/12 15:26:35.0477 5508 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/09/12 15:26:35.0524 5508 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/09/12 15:26:35.0571 5508 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/09/12 15:26:35.0617 5508 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/09/12 15:26:35.0664 5508 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/09/12 15:26:35.0711 5508 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/09/12 15:26:35.0820 5508 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/09/12 15:26:35.0945 5508 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/09/12 15:26:36.0007 5508 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/09/12 15:26:36.0023 5508 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/09/12 15:26:36.0070 5508 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2011/09/12 15:26:36.0085 5508 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/09/12 15:26:36.0163 5508 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/09/12 15:26:36.0210 5508 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/09/12 15:26:36.0241 5508 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/09/12 15:26:36.0288 5508 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/09/12 15:26:36.0335 5508 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/09/12 15:26:36.0382 5508 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/09/12 15:26:36.0397 5508 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/09/12 15:26:36.0429 5508 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/09/12 15:26:36.0444 5508 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/09/12 15:26:36.0507 5508 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/09/12 15:26:36.0569 5508 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/09/12 15:26:36.0616 5508 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/09/12 15:26:36.0663 5508 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/09/12 15:26:36.0694 5508 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/09/12 15:26:36.0741 5508 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/09/12 15:26:36.0803 5508 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/09/12 15:26:36.0850 5508 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/09/12 15:26:36.0897 5508 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/09/12 15:26:36.0928 5508 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/09/12 15:26:36.0975 5508 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/09/12 15:26:37.0053 5508 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/09/12 15:26:37.0146 5508 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/09/12 15:26:37.0193 5508 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/09/12 15:26:37.0271 5508 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys 2011/09/12 15:26:37.0427 5508 NVHDA (0e616537f3e12d4c9fb71181c2f21bd5) C:\Windows\system32\drivers\nvhda32v.sys 2011/09/12 15:26:37.0692 5508 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/09/12 15:26:37.0817 5508 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/09/12 15:26:37.0848 5508 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\DRIVERS\nvsmu.sys 2011/09/12 15:26:37.0879 5508 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/09/12 15:26:37.0911 5508 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/09/12 15:26:38.0020 5508 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/09/12 15:26:38.0051 5508 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/09/12 15:26:38.0098 5508 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/09/12 15:26:38.0129 5508 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/09/12 15:26:38.0176 5508 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/09/12 15:26:38.0207 5508 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 2011/09/12 15:26:38.0238 5508 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/09/12 15:26:38.0301 5508 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/09/12 15:26:38.0410 5508 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/09/12 15:26:38.0457 5508 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys 2011/09/12 15:26:38.0581 5508 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/09/12 15:26:38.0628 5508 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/09/12 15:26:38.0691 5508 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/09/12 15:26:38.0753 5508 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/09/12 15:26:38.0769 5508 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/09/12 15:26:38.0831 5508 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/09/12 15:26:38.0878 5508 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/09/12 15:26:38.0909 5508 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/09/12 15:26:38.0956 5508 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/09/12 15:26:39.0003 5508 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/09/12 15:26:39.0034 5508 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/09/12 15:26:39.0049 5508 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/09/12 15:26:39.0096 5508 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/09/12 15:26:39.0174 5508 RLDesignVirtualAudioCableWdm (f5cd7457fa2f0d1078992ccb77a546c4) C:\Windows\system32\DRIVERS\livecamv.sys 2011/09/12 15:26:39.0237 5508 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/09/12 15:26:39.0330 5508 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2011/09/12 15:26:39.0361 5508 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2011/09/12 15:26:39.0455 5508 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/09/12 15:26:39.0502 5508 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/09/12 15:26:39.0533 5508 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/09/12 15:26:39.0549 5508 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/09/12 15:26:39.0595 5508 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/09/12 15:26:39.0642 5508 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 2011/09/12 15:26:39.0658 5508 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/09/12 15:26:39.0689 5508 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 2011/09/12 15:26:39.0705 5508 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/09/12 15:26:39.0736 5508 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/09/12 15:26:39.0751 5508 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/09/12 15:26:39.0767 5508 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/09/12 15:26:39.0814 5508 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/09/12 15:26:39.0876 5508 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/09/12 15:26:39.0923 5508 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/09/12 15:26:39.0970 5508 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 2011/09/12 15:26:40.0017 5508 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 2011/09/12 15:26:40.0048 5508 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/09/12 15:26:40.0126 5508 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/09/12 15:26:40.0157 5508 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/09/12 15:26:40.0188 5508 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/09/12 15:26:40.0204 5508 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/09/12 15:26:40.0282 5508 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys 2011/09/12 15:26:40.0329 5508 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys 2011/09/12 15:26:40.0360 5508 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/09/12 15:26:40.0407 5508 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/09/12 15:26:40.0438 5508 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/09/12 15:26:40.0500 5508 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/09/12 15:26:40.0547 5508 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/09/12 15:26:40.0625 5508 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/09/12 15:26:40.0656 5508 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/09/12 15:26:40.0672 5508 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/09/12 15:26:40.0703 5508 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/09/12 15:26:40.0750 5508 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/09/12 15:26:40.0812 5508 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/09/12 15:26:40.0968 5508 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/09/12 15:26:41.0077 5508 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/09/12 15:26:41.0187 5508 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/09/12 15:26:41.0311 5508 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/09/12 15:26:41.0436 5508 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 2011/09/12 15:26:41.0483 5508 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/09/12 15:26:41.0545 5508 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/09/12 15:26:41.0592 5508 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/09/12 15:26:41.0670 5508 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/09/12 15:26:41.0733 5508 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 2011/09/12 15:26:41.0826 5508 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/09/12 15:26:41.0889 5508 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/09/12 15:26:41.0935 5508 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/09/12 15:26:41.0982 5508 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/09/12 15:26:42.0107 5508 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys 2011/09/12 15:26:42.0247 5508 V0415Vid (d1f704a02aceec96f4e2252ba120fc68) C:\Windows\system32\DRIVERS\V0415Vid.sys 2011/09/12 15:26:42.0294 5508 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/09/12 15:26:42.0357 5508 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/09/12 15:26:42.0403 5508 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/09/12 15:26:42.0497 5508 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/09/12 15:26:42.0528 5508 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2011/09/12 15:26:42.0606 5508 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/09/12 15:26:42.0669 5508 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/09/12 15:26:42.0778 5508 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/09/12 15:26:42.0809 5508 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/09/12 15:26:42.0996 5508 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/09/12 15:26:43.0121 5508 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/09/12 15:26:43.0137 5508 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/09/12 15:26:43.0183 5508 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/09/12 15:26:43.0339 5508 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/09/12 15:26:43.0542 5508 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/09/12 15:26:43.0620 5508 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/09/12 15:26:43.0683 5508 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/09/12 15:26:43.0792 5508 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/09/12 15:26:43.0839 5508 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 2011/09/12 15:26:43.0885 5508 MBR (0x1B8) (0519801742033545b239298c04ae2289) \Device\Harddisk1\DR1 2011/09/12 15:26:43.0917 5508 Boot (0x1200) (09ecf930fb0d9e59c1d03eae9552f266) \Device\Harddisk0\DR0\Partition0 2011/09/12 15:26:43.0963 5508 Boot (0x1200) (4da5aa2191d0a3e8709d94f4c7a665a9) \Device\Harddisk0\DR0\Partition1 2011/09/12 15:26:44.0010 5508 ================================================================================ 2011/09/12 15:26:44.0010 5508 Scan finished 2011/09/12 15:26:44.0010 5508 ================================================================================ 2011/09/12 15:26:44.0026 5500 Detected object count: 0 2011/09/12 15:26:44.0026 5500 Actual detected object count: 0 |
|
12.09.2011, 14:30
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach vermutlichem Virus Befall Daten weg ! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2011, 14:43
| #14 |
| | Nach vermutlichem Virus Befall Daten weg ! So .. Combofix Logfile: Code:
ATTFilter ComboFix 11-09-12.02 - Nico Fuhrmann 12.09.2011 15:35:42.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1854 [GMT 2:00]
ausgeführt von:: c:\users\Nico Fuhrmann\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\SystemData
c:\systemdata\41E816B4EFB28B3
c:\users\Nico Fuhrmann\AppData\Local\ConduitInstaller.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-08-12 bis 2011-09-12 ))))))))))))))))))))))))))))))
.
.
2011-09-12 11:52 . 2011-09-12 11:52 -------- d-----w- C:\_OTL
2011-09-11 18:06 . 2011-09-11 18:06 -------- d-----w- c:\program files\ESET
2011-09-11 14:34 . 2011-09-11 14:34 -------- d-----w- c:\users\Nico Fuhrmann\AppData\Roaming\Malwarebytes
2011-09-11 14:33 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-11 14:33 . 2011-09-11 14:33 -------- d-----w- c:\programdata\Malwarebytes
2011-09-11 14:33 . 2011-09-11 14:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-11 14:33 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-09 19:05 . 2011-09-09 19:05 -------- d-----w- c:\users\Nico Fuhrmann\AppData\Local\4A Games
2011-09-09 19:05 . 2011-09-09 19:05 -------- d-----w- c:\users\Nico Fuhrmann\AppData\Roaming\NVIDIA
2011-09-09 13:51 . 2011-09-09 13:51 -------- d-----w- c:\programdata\WindowsSearch
2011-08-31 14:35 . 2011-08-31 14:35 -------- d-----w- c:\users\Nico Fuhrmann\AppData\Roaming\dvdcss
2011-08-24 12:12 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-20 13:56 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-08-20 13:56 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-08-20 13:56 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-08-19 13:21 . 2011-08-19 13:21 -------- d-----w- c:\program files\Conduit
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-15 13:53 . 2011-05-28 12:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 15:07 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-22 13:54 . 2011-08-11 14:11 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-06 15:31 . 2011-08-11 14:11 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-28 15:16 . 2011-05-28 08:10 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-28 15:16 . 2011-05-28 08:10 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-22 13:50 . 2011-06-22 12:57 183152 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-22 13:28 . 2011-06-22 12:57 139224 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-22 12:59 . 2011-06-22 12:59 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-22 12:57 . 2011-06-22 12:57 22328 ----a-w- c:\users\Nico Fuhrmann\AppData\Roaming\PnkBstrK.sys
2011-06-22 12:57 . 2011-06-22 12:57 669184 ----a-w- c:\windows\system32\pbsvc.exe
2011-06-22 12:57 . 2011-06-22 12:57 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-06-22 12:40 . 2011-06-22 12:40 646 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-06-21 15:49 . 2011-08-11 14:11 834048 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 14:13 . 2011-08-11 14:11 389632 ----a-w- c:\windows\system32\html.iec
2011-06-20 08:54 . 2011-08-11 14:11 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54 . 2011-08-11 14:11 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-17 20:13 . 2011-08-11 14:11 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-17 16:03 . 2011-08-11 14:11 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-09-07 11:28 . 2011-05-28 08:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Live! Central"="c:\program files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" [2008-08-22 438399]
"V0415Mon.exe"="c:\windows\V0415Mon.exe" [2008-08-06 28672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Nico Fuhrmann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Nico Fuhrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-08-01 08:28 124480 ----a-w- c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-15 15:34 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-05-04 17:42 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0415Mon.exe]
2008-08-06 15:00 28672 ----a-w- c:\windows\V0415Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-28 218688]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-08-12 135616]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-05-25 139368]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-01-15 31616]
S3 V0415Vid;Creative Live! Cam Video IM Ultra Driver;c:\windows\system32\DRIVERS\V0415Vid.sys [2008-08-14 282464]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 42142481
*Deregistered* - 42142481
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 20:20]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 20:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2828561
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Nico Fuhrmann\AppData\Roaming\Mozilla\Firefox\Profiles\m01tzwhl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2828561&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Uptodown_EN Toolbar - c:\progra~1\UPTODO~1\UNINST~1.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-09-12 15:41
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-12 15:42:57
ComboFix-quarantined-files.txt 2011-09-12 13:42
.
Vor Suchlauf: 10 Verzeichnis(se), 292.416.966.656 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 293.440.950.272 Bytes frei
.
- - End Of File - - EE51881CE894CBB713D66B2FB0B0541C
|
|
12.09.2011, 15:17
| #15 |
| | Nach vermutlichem Virus Befall Daten weg ! Scheint alles wieder da zu sein , muss ich jetz noch etwas tun =?= Gruss Nico |
|
| Themen zu Nach vermutlichem Virus Befall Daten weg ! |
| antivir, befall, daten, daten weg, desktop, einfach, firefox, fotos, games, hallo zusammen, hoffe, komplett, leer, musik, nichts, problem, videos, virus, virus befall, zusammen |
Textbox.
.
Linear-Darstellung
