Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D

Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D


Log-Analyse und Auswertung: Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 17.10.2011, 13:49   #1
skrti
 
Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D - Standard

Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D


Hallo liebes Trojaner-Board-Team,

ich bin ganz neu hier und mein erster Beitrag ist auch gleich ein Problem...

Zunächst hatte ich auf einmal ein Tool namens "Security Sphere 2012" bei mir auf dem Rechner, welches nach jedem Neustart "aufpoppte". Ich konnte es aber mittels der Anleitung http://www.trojaner-board.de/103761-...entfernen.html entfernen. Top!

Ernüchterung machte sich jedoch recht zügig breit: Avira kam mit folgender Viruswarnung: "Masterbootsektor HD0"; unerwünschtes Programm "BOO/TDss.D". Ein Löschen war/ist nicht möglich.

Nach weiteren Recherchen im Internet und u. a. dem vergeblichen Versuch das Programm tdsskiller.exe zu starten, wende ich mich mit meinem Problem letztlich doch persönlich an euch.

Folgende Informationen könnten noch nützlich sein:

- Malwarebytes habe ich für das Entfernen von Security Sphere benötigt, allerdings findet das Programm immer wieder Infizierungen. Das letzte Logfile ist beigefügt.
- in unregelmäßigen Abständen "pinkt" automatisch die Aufforderung hoch, dass ich doch bitte den iExplorer installieren möchte. Gerade aktuell mit der Aufforderung firefox (mein eigentlicher browser) zu installieren. Habe ich immer abgelehnt (hängt wohl auch mit dem Virus zusammen).

Ich habe eure Punkte zum Erstellen eines Themas befolgt (bzw. befolgen wollen). Folgende Abweichungen sind aufgetreten:

- defogger hat mich nicht zu einem Neustart aufgefordert (denke unproblematisch)
- ich habe ein 32-Bit-System und daher auch den Punkt 3 befolgt. Beim Start habe ich allerdings die beigefügte Fehlermeldung erhalten.
Darüber hinaus habe ich ein Bild der Auswahl des Gmer-Programms beigefügt; auf dieser Basis wurde der Scan durchgeführt.
Als Ergebnis kam nur: "GMER has not found system modification". Logfile ist leer.

Für eure Unterstützung bedanke ich mich ganz herzlich im Voraus!

Viele Grüße
Tim

OLT.txt

Code:
ATTFilter
OTL logfile created on: 10/17/2011 1:16:36 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\skrti011\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.18 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 65.14% Memory free
6.35 Gb Paging File | 5.09 Gb Available in Paging File | 80.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 565.07 Gb Total Space | 43.97 Gb Free Space | 7.78% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 9.61 Gb Free Space | 32.05% Space Free | Partition Type: NTFS
 
Computer Name: SKRTI011-PC | User Name: skrti011 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/10/17 13:10:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\skrti011\Desktop\OTL.exe
PRC - [2011/10/17 10:51:34 | 000,192,000 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\04700\lvvm.exe
PRC - [2011/10/17 10:51:03 | 000,284,160 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\E0104\A5448.exe
PRC - [2011/10/17 09:56:02 | 000,176,640 | ---- | M] () -- C:\Program Files\Internet Explorer\48DE\B7C.exe
PRC - [2011/06/28 18:14:54 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/28 21:10:35 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/04 23:01:27 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/06/21 22:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2010/06/02 16:42:18 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2010/05/10 21:28:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2009/12/03 01:37:30 | 002,684,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\Power2Go\Power2GoExpressServer.exe
PRC - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/10/17 10:51:34 | 000,192,000 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\04700\lvvm.exe
MOD - [2011/10/17 10:51:03 | 000,284,160 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\E0104\A5448.exe
MOD - [2011/10/17 09:56:02 | 000,176,640 | ---- | M] () -- C:\Program Files\Internet Explorer\48DE\B7C.exe
MOD - [2011/10/15 09:06:07 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/15 09:06:07 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/15 09:05:06 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/15 09:04:37 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/15 09:04:28 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/07/26 16:27:00 | 000,010,856 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2010/02/12 16:20:04 | 000,031,840 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideops.dll
MOD - [2009/11/25 01:58:42 | 001,031,976 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\Language\DEU\P2GRC.dll
MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/11/02 23:20:02 | 000,144,680 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLVistaAudioMixer.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/06/28 18:14:54 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/28 21:10:35 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/15 05:41:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/05/10 21:28:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- (x10nets)
SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/06/28 18:14:55 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 18:14:55 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/09/14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/09/14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/09/14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/09/14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/07/26 16:27:00 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/07/26 16:27:00 | 000,019,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvpciflt.sys -- (nvpciflt)
DRV - [2010/06/21 09:14:36 | 000,246,272 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/05/10 21:28:49 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel(R)
DRV - [2010/04/27 09:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/04/27 09:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\nusb3hub.sys -- (nusb3hub)
DRV - [2010/04/01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/03/16 22:30:36 | 000,482,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_DWA.SYS -- (DWA)
DRV - [2010/03/16 22:30:12 | 000,791,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_HWA.SYS -- (hwa)
DRV - [2010/03/16 18:49:00 | 000,140,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_RCI.SYS -- (HWARadio)
DRV - [2010/03/04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/02/26 23:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\Impcd.sys -- (Impcd)
DRV - [2009/08/13 08:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/05/13 21:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009/05/13 21:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10hid.sys -- (X10Hid)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aldi.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://medion.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57616
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57616
FF - prefs.js..network.proxy.type: 1
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/17 00:08:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/23 21:43:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/23 19:24:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/17 00:08:52 | 000,000,000 | ---D | M]
 
[2010/10/30 17:27:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\skrti011\AppData\Roaming\mozilla\Extensions
[2010/10/30 17:27:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\skrti011\AppData\Roaming\mozilla\Firefox\Profiles\cskd47h4.default\extensions
[2010/12/30 10:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/12/30 10:46:40 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/02/17 00:08:52 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/10/27 07:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/10/27 07:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/10/27 07:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/10/27 07:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/10/27 07:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [B7C.exe] C:\Program Files\Internet Explorer\48DE\B7C.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKCU..\Run: [B7C.exe] C:\Users\skrti011\AppData\Roaming\Microsoft\48DE\B7C.exe ()
F3 - HKCU WinNT: Load - (C:\Users\skrti011\AppData\Roaming\04700\lvvm.exe) -C:\Users\skrti011\AppData\Roaming\04700\lvvm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354}: DhcpNameServer = 10.120.136.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB5CB38F-18CC-4EB4-8415-2AAD680E5D04}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) -C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\skrti011\AppData\Roaming\E0104\A5448.exe) -C:\Users\skrti011\AppData\Roaming\E0104\A5448.exe ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{675d2ed8-e479-11df-b508-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{675d2ed8-e479-11df-b508-806e6f6e6963}\Shell\AutoRun\command - "" = E:\web.exe html\INDEX.HTM
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.10.17 13:10:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\skrti011\Desktop\OTL.exe
[2011.10.17 12:21:09 | 003,313,664 | ---- | C] (Avira GmbH) -- C:\Users\skrti011\Desktop\bootwizard.exe
[2011.10.17 11:53:26 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\skrti011\Desktop\OTH.scr
[2011.10.17 11:26:06 | 001,559,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\skrti011\Desktop\hans.exe
[2011.10.17 11:16:45 | 001,559,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\skrti011\Desktop\tdsskiller.exe
[2011.10.17 10:34:28 | 000,000,000 | ---D | C] -- C:\Users\skrti011\AppData\Roaming\Malwarebytes
[2011.10.17 10:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.17 10:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.17 10:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.17 09:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\04700
[2011.10.17 09:48:32 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\skrti011\Desktop\herbert2.exe
[2011.10.16 19:04:58 | 000,000,000 | ---D | C] -- C:\Users\skrti011\AppData\Roaming\04700
[2011.10.16 19:04:37 | 000,000,000 | ---D | C] -- C:\Users\skrti011\AppData\Roaming\E0104
[2011.10.16 19:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\cE01300MgKfO01300
[2011.10.11 19:54:32 | 000,000,000 | ---D | C] -- C:\Users\skrti011\AppData\Local\{9D38B318-B402-40B0-8E22-5A80034D019C}
[2011.10.01 20:00:04 | 000,000,000 | ---D | C] -- C:\Users\skrti011\Documents\Yvonne
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.17 13:18:30 | 000,176,640 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\iexplore.exe
[2011.10.17 13:10:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\skrti011\Desktop\OTL.exe
[2011.10.17 13:09:46 | 000,000,000 | ---- | M] () -- C:\Users\skrti011\defogger_reenable
[2011.10.17 13:06:59 | 000,050,477 | ---- | M] () -- C:\Users\skrti011\Desktop\Defogger.exe
[2011.10.17 12:51:50 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.17 12:51:50 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.17 12:50:59 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.17 12:50:59 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.17 12:50:59 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.17 12:50:59 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.17 12:43:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.17 12:43:52 | 2558,595,072 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.17 12:21:16 | 003,313,664 | ---- | M] (Avira GmbH) -- C:\Users\skrti011\Desktop\bootwizard.exe
[2011.10.17 11:47:22 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\skrti011\Desktop\OTH.scr
[2011.10.17 11:24:58 | 001,559,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\skrti011\Desktop\hans.exe
[2011.10.17 11:16:52 | 001,559,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\skrti011\Desktop\tdsskiller.exe
[2011.10.17 10:34:10 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.17 10:32:22 | 000,000,150 | ---- | M] () -- C:\Users\skrti011\Desktop\rk-proxy.reg
[2011.10.17 10:32:02 | 000,000,130 | ---- | M] () -- C:\Users\skrti011\Desktop\hosts-perm.bat
[2011.10.17 09:49:12 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\skrti011\Desktop\herbert2.exe
[2011.10.17 09:44:26 | 001,008,092 | ---- | M] () -- C:\Users\skrti011\Desktop\martin.com
[2011.10.15 09:42:31 | 000,197,877 | ---- | M] () -- C:\Users\skrti011\Desktop\in-zeiten-des-abnehmenden-lichts.png
[2011.10.15 09:39:52 | 000,254,284 | ---- | M] () -- C:\Users\skrti011\Desktop\abgruende.png
[2011.10.15 09:03:29 | 000,290,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.01 19:44:28 | 000,006,934 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\.freeciv-client-rc-2.2
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/02/11 19:10:50 | 000,874,048 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2011.10.17 13:09:46 | 000,000,000 | ---- | C] () -- C:\Users\skrti011\defogger_reenable
[2011.10.17 13:06:59 | 000,050,477 | ---- | C] () -- C:\Users\skrti011\Desktop\Defogger.exe
[2011.10.17 12:45:09 | 000,176,640 | ---- | C] () -- C:\Users\skrti011\AppData\Roaming\iexplore.exe
[2011.10.17 10:34:10 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.17 10:32:00 | 000,000,130 | ---- | C] () -- C:\Users\skrti011\Desktop\hosts-perm.bat
[2011.10.17 09:57:51 | 000,000,150 | ---- | C] () -- C:\Users\skrti011\Desktop\rk-proxy.reg
[2011.10.17 09:45:59 | 001,008,092 | ---- | C] () -- C:\Users\skrti011\Desktop\martin.com
[2011.10.15 09:42:30 | 000,197,877 | ---- | C] () -- C:\Users\skrti011\Desktop\in-zeiten-des-abnehmenden-lichts.png
[2011.10.15 09:39:51 | 000,254,284 | ---- | C] () -- C:\Users\skrti011\Desktop\abgruende.png
[2011.02.17 00:03:55 | 000,256,258 | ---- | C] () -- C:\Windows\hpwins24.dat
[2010/08/09 15:26:45 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010/08/09 06:37:40 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010/08/09 06:37:39 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010/08/09 06:37:38 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/07/27 08:56:50 | 000,408,168 | ---- | C] () -- C:\Windows\System32\easyUpdatusAPIU.dll
[2010/07/27 08:56:50 | 000,352,325 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2010/05/12 15:13:56 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010/05/12 15:13:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010/05/12 15:13:56 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010/05/12 15:13:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010/03/16 22:30:36 | 000,482,304 | ---- | C] () -- C:\Windows\System32\drivers\WSR_DWA.SYS
[2010/03/16 22:30:12 | 000,791,040 | ---- | C] () -- C:\Windows\System32\drivers\WSR_HWA.SYS
[2010/03/16 18:49:00 | 000,140,800 | ---- | C] () -- C:\Windows\System32\drivers\WSR_RCI.SYS
[2010.12.30 10:49:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.05 21:14:08 | 000,006,934 | ---- | C] () -- C:\Users\skrti011\AppData\Roaming\.freeciv-client-rc-2.2
[2010.08.14 00:50:46 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2010.08.14 00:50:45 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2010.08.09 14:23:48 | 000,072,017 | ---- | C] () -- C:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe
[2009/07/14 06:33:53 | 000,290,040 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,452 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,574 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.11.06 11:53:13 | 000,001,832 | ---- | C] () -- C:\Windows\hpwmdl24.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/04/21 11:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
 
========== LOP Check ==========
 
[2010.10.30 16:51:55 | 000,000,000 | -HSD | M] -- C:\Users\skrti011\AppData\Roaming\.#
[2010.11.05 21:12:35 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\.freeciv
[2011.10.17 10:51:34 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\04700
[2010.10.31 13:36:00 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Ashampoo
[2010.11.05 19:08:14 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\BitTorrent
[2011.10.17 10:51:03 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\E0104
[2011.08.16 21:02:32 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Juniper Networks
[2011.01.30 14:02:03 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Lexware
[2011.10.11 20:23:34 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\SoftGrid Client
[2010.10.30 17:43:34 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\TP
[2011.10.03 11:41:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.11.20 19:19:57 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.12.20 08:22:18 | 000,000,000 | ---D | M] -- C:\Backup Ext. Festplatte
[2011.03.21 19:17:09 | 000,000,000 | ---D | M] -- C:\Backup USB-Stick DFS 21.03.2011
[2011.10.15 01:34:25 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2010.10.30 16:09:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.09.03 13:19:23 | 000,000,000 | ---D | M] -- C:\Filme
[2010.08.09 06:44:54 | 000,000,000 | ---D | M] -- C:\Intel
[2011.10.17 10:34:06 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.10.17 10:34:10 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.03.05 18:23:39 | 000,000,000 | ---D | M] -- C:\Programme
[2010.10.30 16:09:25 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.08.10 21:39:06 | 000,000,000 | ---D | M] -- C:\redcoon
[2011.10.03 11:49:18 | 000,000,000 | ---D | M] -- C:\spiele
[2011.10.17 13:18:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.10.30 16:17:06 | 000,000,000 | R--D | M] -- C:\Users
[2011.10.17 09:54:41 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\skrti011\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\skrti011\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\skrti011\AppData\Local\Temp\RarSFX2\procs\explorer.exe
[2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\skrti011\AppData\Local\Temp\RarSFX3\procs\explorer.exe
[2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\skrti011\AppData\Local\Temp\RarSFX4\procs\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\skrti011\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\skrti011\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\skrti011\AppData\Local\Temp\RarSFX2\h\explorer.exe
[2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\skrti011\AppData\Local\Temp\RarSFX3\h\explorer.exe
[2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\skrti011\AppData\Local\Temp\RarSFX4\h\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX0\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX1\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX2\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX3\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX4\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX2\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX3\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX4\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-14 23:34:26

< End of report >

 

Themen zu Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D
adobe, antivir, autorun, avira, bho, bonjour, boo/tdss.d, browser, c:\windows\system32\rundll32.exe, defender, fehlermeldung, firefox, home, hängt, internet, kaspersky, launch, logfile, masterbootsektor hd0, nvlddmkm.sys, nvpciflt.sys, plug-in, programm, rarsfx0, realtek, registry, rundll, scan, security, security sphere 2012, software, sphere, starten, usb, usb 3.0, version=1.0, webcheck, windows


« Teile meines Laptops sind nur noch als Verknüpfungen da!?! | Win32.agent.fbx(trojaner anzeige),Tradedoubler, MediaPlex-Nicht löschbar. »


Ähnliche Themen: Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D


  1. Verschlüsselungstrojaner endgültig beseitigt oder noch ein to-Do?
    Log-Analyse und Auswertung - 11.06.2012 (3)
  2. Security Sphere 2012 - gelöscht? Analysedaten zur Überprüfung
    Log-Analyse und Auswertung - 13.12.2011 (7)
  3. Win 7 Security 2012 entfernen
    Anleitungen, FAQs & Links - 05.12.2011 (2)
  4. XP Security 2012 entfernen
    Anleitungen, FAQs & Links - 04.12.2011 (2)
  5. Nach Löschen von Security Sphere 2012 Probleme Firefox zu öffnen!
    Plagegeister aller Art und deren Bekämpfung - 24.11.2011 (25)
  6. AV Security 2012 entfernen
    Anleitungen, FAQs & Links - 15.11.2011 (2)
  7. Infektion Security Sphere 2012 / Bereits entfernt ?
    Log-Analyse und Auswertung - 14.11.2011 (3)
  8. Security Sphere 2012 - Immer noch Fehler nach Entfernung!
    Log-Analyse und Auswertung - 12.11.2011 (25)
  9. Security Sphere 2012 entfernen
    Anleitungen, FAQs & Links - 29.09.2011 (2)
  10. [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme
    Plagegeister aller Art und deren Bekämpfung - 29.06.2011 (50)
  11. Win 7 Security 2012 zwar entfernt aber trotzdem noch Probleme!
    Log-Analyse und Auswertung - 24.06.2011 (9)
  12. xp security 2012
    Plagegeister aller Art und deren Bekämpfung - 24.06.2011 (1)
  13. Win 7 Antispyware 2012, Vista Antivirus 2012, XP Security 2012 entfernen
    Anleitungen, FAQs & Links - 07.06.2011 (2)
  14. Trojaner- und Wurmbefall beseitigt oder noch vorhanden?
    Plagegeister aller Art und deren Bekämpfung - 16.08.2010 (21)
  15. Malware Defense/Security Alert --->Alles beseitigt?
    Plagegeister aller Art und deren Bekämpfung - 11.01.2010 (8)
  16. Trojan.TDss!K - Packed.Win32.Tdss!IK - und wer weiß was noch alles!
    Plagegeister aller Art und deren Bekämpfung - 09.12.2009 (1)
  17. Trojan Dropper.VB beseitigt jedoch immer noch Probleme....
    Log-Analyse und Auswertung - 07.09.2006 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D - Hallo liebes Trojaner-Board-Team, ich bin ganz neu hier und mein erster Beitrag ist auch gleich ein Problem... Zunächst hatte ich auf einmal ein Tool namens "Security Sphere 2012" bei mir - Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D...
Archiv
Du betrachtest: Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131