Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malware Trace, HEUR/HTML.Malware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.10.2011, 23:45   #1
sternchen222
 
Malware Trace, HEUR/HTML.Malware - Standard

Malware Trace, HEUR/HTML.Malware



Hallo zusammen,

seit längerer Zeit bekomme ich immer wieder Virenfunde von Avira gemeldet. Ich habe mich damit begnügt, diese mit einem Mausklick zu entfernen. Wenn ich mir die History so ansehe, gibt es wohl mehrere Probleme auf meinem PC. Ich führe das einmal darauf zurück, dass ich früher in gutem Glauben einige Toolbars installiert (und kaum wieder wegbekommen) habe. Zum anderen surfen manchmal auch Freunde an dem Rechner, was ich nicht überwache. Die unten genannten HTML-Scriptmeldungen habe ich oft beim Surfen (Firefox), z. B. in Foren, bekommen.

Auszug Quarantäne Avira:
26.07.2010: Enthält Erkennungsmuster des HTML-Scriptvirus HTML/FlashFrame.Gen
11.12.2010: Ist das Trojanische Pferd TR/Code.tae (FreeYouTubeDownloader.exe)
09.02.2011: Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/AdSpy.Gen2
10.04.2011: Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen
29.10.2011: Enthält verdächtigen Code: HEUR/HTML.Malware

Also scheint der Rechner sehr verseucht zu sein, aber ich merke davon nichts... außer, dass er langsam ist. Dass ich jetzt erst wirklich "aktiv" werde, liegt daran, dass ein Bekannter meinte, der PC müsse platt gemacht werden. Ich hoffe, das ist nicht die einzige Lösung?!

Die Malware-Meldung habe ich heute bestimmt 20x bekommen und darauffhin einen Vollscan mit Malwarebytes gemacht. Ich konnte meine Version aber nicht aktualisieren, war ziemlich veraltet... Mir wurde als Fund Malware-Trace angezeigt (das bekam ich früher auch schon mal), ließ sich zwar entfernen, kam aber immer wieder. Ich habe die aktuelle Version installiert und werde morgen noch einen Vollscan machen.

Ich füge den OTL-Log dran, einen Extra-Log finde ich aber nicht auf meinem Desktop.

Über Hilfe wäre ich sehr, sehr dankbar! :-) Danke schon mal.

Viele Grüße
Angehängte Dateien
Dateityp: txt OTL.Txt (84,2 KB, 199x aufgerufen)

Alt 30.10.2011, 00:13   #2
mmk
 
Malware Trace, HEUR/HTML.Malware - Standard

Malware Trace, HEUR/HTML.Malware



Guten Abend & herzlich willkommen,
kurz ein paar Anmerkungen.

Zitat:
Zitat von sternchen222 Beitrag anzeigen
seit längerer Zeit bekomme ich immer wieder Virenfunde von Avira gemeldet. Ich habe mich damit begnügt, diese mit einem Mausklick zu entfernen.
Das kann sich in Fehleinschätzung der Sachlage zu einem durchaus größeren Problem auswachsen. Optimal wäre es, unmittelbar nach einer Meldung, diese z.B. in einem Fachforum zur Begutachtung zu posten. Das vielleicht als Empfehlung für die Zukunft.

Manchmal stecken hinter solchen Meldungen auch Fehlalarme; die Funde dann löschen zu lassen, kann selbst ohne vorliegende Infektion zu Einschränkungen des Systems oder der eingesetzten Programme führen, wenn diesbezüglich relevante Dateien fälschlicher Weise als Schädling klassifiziert worden waren.

Anders herum kann aber bei einer Meldung zu einem "echten" Schädling ein Mausklick nicht ausreichen, wenn der Virenscanner z.B. nur eine Komponente von mehreren entdeckte. Daher sollte jedem einzelnen Hinweis entsprechend nachgegangen werden.

Zitat:
Wenn ich mir die History so ansehe, gibt es wohl mehrere Probleme auf meinem PC.
Es wäre nicht schlecht, wenn Du diese komplette Fundhistorie Deines Virenscanners zusätzlich posten könntest - inklusive der jeweiligen Fundorte.

Zitat:
Ich führe das einmal darauf zurück, dass ich früher in gutem Glauben einige Toolbars installiert (und kaum wieder wegbekommen) habe.
Solange sich die Meldungen ausschließlich auf "ungefährliche" Toolbars bezogen hätten, wäre das nicht so schlimm - mal abgesehen davon, dass eine Menge von dem Zeug letztlich zu unnötigen Ballast anwächst, der auch noch die Angriffsfläche vergrößert.

Zitat:
Zum anderen surfen manchmal auch Freunde an dem Rechner, was ich nicht überwache.
Du solltest diesbezüglich darüber nachdenken, jenen lediglich ein Gast- bzw. eingeschränktes Konto zur Verfügung zu stellen. Ich kenne Deine Freunde nicht und weiß daher auch nicht, wie "fit" sie bei dem Thema sind, allerdings bist Du die Admina Deines Systems und solltest diese Handschrift daher auch entsprechend deutlich machen.


Die unten genannten HTML-Scriptmeldungen habe ich oft beim Surfen (Firefox), z. B. in Foren, bekommen.

Zitat:
Auszug Quarantäne Avira:
Code:
ATTFilter
26.07.2010: Enthält Erkennungsmuster des HTML-Scriptvirus HTML/FlashFrame.Gen
09.02.2011: Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/AdSpy.Gen2
10.04.2011: Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen
29.10.2011: Enthält verdächtigen Code: HEUR/HTML.Malware
         
Das können, wenn die heuristischen Meldungen korrekt waren, Hinweise auf infizierte Webseiten sein, die beim Aufruf verwundbare Systeme "drive-by", also im Vorbeisurfen ohne weitere Interaktion des Benutzers, infizieren.

Zitat:
Also scheint der Rechner sehr verseucht zu sein,
Kann. Muss nicht. Wenn die Exploits keine Angriffsfläche finden, kann auch keine Malware auf Dein System gelangen und dort aktiv werden. (Nein, Funde im Browsercache bedeuten nicht zwangsläufig auch eine Infektion des Systems!)

Zitat:
aber ich merke davon nichts...
Merken muss man von Infektionen auch nicht unbedingt etwas. Es gibt sehr auffällige - bewusst auffällig gestaltete, wie Scareware -, andererseits aber auch bewusst unauffällig konzipierte, wenn wir z.B. von persönliche Daten ausspionierender Malware reden.

Zitat:
außer, dass er langsam ist.
Auch das kann ein Hinweis sein, muss aber nicht. Keylogger beispielsweise benötigen keine große Bandbreite und versenden nur geringe Datenmengen, auch erzeugen sie nur minimalst Last. Das bemerkt man gar nicht. Anders herum kann auch ein lediglich "vermülltes" System zu einem langsamen System führen, ohne dass Schädlinge daran beteiligt sein müssen.

Zitat:
Dass ich jetzt erst wirklich "aktiv" werde, liegt daran, dass ein Bekannter meinte, der PC müsse platt gemacht werden. Ich hoffe, das ist nicht die einzige Lösung?!
Das hängt mit davon ab, wie sich die weiteren Ergebnisse zeigen. Ich habe jetzt nicht in das OTL-Log geschaut.

Zitat:
Ich habe die aktuelle Version installiert und werde morgen noch einen Vollscan machen.
Diese Infos wären dann auch noch wichtig.

Soweit erstmal & gute Nacht!
__________________

__________________

Alt 30.10.2011, 19:45   #3
sternchen222
 
Malware Trace, HEUR/HTML.Malware - Standard

Malware Trace, HEUR/HTML.Malware



Vielen Dank, dass du dich meines Problems angenommen hast! und für die allgemeine Aufklärung zu Viren und Co.

Wie versprochen habe ich noch mal den Vollscan von Malwarebytes drüberlaufen lassen. Im Ergebnis zeigt er wieder den Malware Trace und zwei andere infizierte Dateien an. Ich habe alles entfernt und neu gestartet, doch laut Log hat's anscheinend nicht geklappt. Die Dateien, die mit dem AdwareAgent infiziert sind, wollte ich löschen, aber ich habe sie nicht gefunden.

Weil ich nicht rausgefunden habe, wie ich mit Avira einen Log erstelle, habe ich zwei Screenshots gemacht. Ich hoffe, die helfen dir weiter. Es ist auch fast alles drauf.

Einen schönen Abend noch und viele Grüße
__________________
Miniaturansicht angehängter Grafiken
Malware Trace, HEUR/HTML.Malware-avira1.jpg   Malware Trace, HEUR/HTML.Malware-avira2.jpg  
Angehängte Dateien
Dateityp: txt mbam-log-2011-10-30 (19-12-53).txt (1,2 KB, 164x aufgerufen)

Alt 02.11.2011, 19:40   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware Trace, HEUR/HTML.Malware - Standard

Malware Trace, HEUR/HTML.Malware



Zitat:
Datenbank Version: 7622
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

Zitat:
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.11.2011, 21:16   #5
sternchen222
 
Malware Trace, HEUR/HTML.Malware - Standard

Malware Trace, HEUR/HTML.Malware



Hallo cosinus,

hier ist der neue Malwarebytes-Log, diesmal konnte ich die Funde auch entfernen.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8077

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

03.11.2011 21:07:43
mbam-log-2011-11-03 (21-07-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 369675
Laufzeit: 1 Stunde(n), 31 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IGB (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Beim letzten OTL-Scan habe ich keinen Extra-Log erhalten. Davor habe ich OTL schon mal drüberlaufen lassen, nur mir ist danach aufgefallen, dass ich nicht alle Programme geschlossen hatte. Bei diesem Scan wurde aber eine Extra-Datei gespeichert. Die füge ich auch mal an.

Code:
ATTFilter
OTL Extras logfile created on: 29.10.2011 21:21:13 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\So\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,44 Gb Available Physical Memory | 25,38% Memory free
4,70 Gb Paging File | 2,88 Gb Available in Paging File | 61,16% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 77,02 Gb Total Space | 18,35 Gb Free Space | 23,83% Space Free | Partition Type: NTFS
Drive D: | 72,03 Gb Total Space | 38,28 Gb Free Space | 53,14% Space Free | Partition Type: NTFS
Drive E: | 29,95 Gb Total Space | 24,33 Gb Free Space | 81,26% Space Free | Partition Type: FAT32
Drive F: | 44,52 Gb Total Space | 39,13 Gb Free Space | 87,88% Space Free | Partition Type: NTFS
Drive I: | 465,65 Gb Total Space | 300,63 Gb Free Space | 64,56% Space Free | Partition Type: FAT32
 
Computer Name: PCSO | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 5B 58 63 BF B9 E1 C8 01  [binary data]
"VistaSp2" = C8 4D 26 5D 77 23 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2118127535-916424629-4213236669-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021795EB-81EC-407D-9DF0-E70996D5E22E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0A4BD74B-C4D9-446D-9AE6-07960038A7DA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0ACB1E45-F3D5-45C0-AA7E-DE42E38E1C23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0C3EC31F-0B28-4B74-9F6D-6F56D84E596B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{19B54CDD-7FAC-46FC-8188-0E435F7C3F55}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2EE2763B-3FDE-4BFE-8275-F13DD8A2A906}" = rport=445 | protocol=6 | dir=out | app=system | 
"{458BF1F7-B839-42B9-BBD6-91585D478F0E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{48B4B075-1BB3-4197-8C6B-CAC31F89A2ED}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{51720420-B885-45D4-B5D7-53A642C63E6B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5423E9AD-962B-4C42-84BB-4F72AA1C1691}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{570834E7-0FF2-454E-8222-FD0841EF6936}" = lport=137 | protocol=17 | dir=in | app=system | 
"{57D29779-5DFB-460B-8811-9555977CABEE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5B31DB6A-5609-4FCE-B5B6-FD4DA7FA26BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{600E4BFD-80EB-48CB-845C-592821FEF389}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{62A09606-0540-4676-8923-1C87AAB827F0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6A678C4F-2216-4D45-B0BD-FF93D2743030}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{78BD6815-396C-47A5-A500-F58D43B60784}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{89FE74BA-6728-4AF5-8DEF-7F36C5B9C011}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9C6BBB5E-D13F-4850-AE6A-FDAB8C9C0745}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B4D6F4F7-0D76-48D5-A70D-6BDD4D67FE08}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BCF966DF-A9B9-4E76-9380-25915896E4A6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C0A49C04-5685-449B-B986-E7C5D3FA5044}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CCB190B7-0FB5-4E68-9566-8D358F2F6ACC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D9CE5C56-C93D-4734-B937-BE7696901755}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DAA1D14C-679F-41E0-8508-3801BBC84BCE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EC05199A-D33F-4C03-BE9C-86D83342FCB1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F268D66A-2048-4DEF-879D-63001C3CA664}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04670F03-1E49-40D7-AB1E-9F4ECB050C85}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0761EC0A-7562-46D8-86DB-E4ED7EB685DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nicknaeck\counter-strike source\hl2.exe | 
"{09900AF7-6DD6-407D-8357-A27F59631F5B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{13883946-5FE4-4E42-BA12-4B62512B6D46}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{18E751CF-DCCE-4C40-96A2-B048EA86186D}" = protocol=17 | dir=in | app=d:\downloads1\3gpconvertersetup.exe | 
"{271FB02D-9D53-47A3-9878-1195FA11E85F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2DAADADB-4F98-443D-9541-6331CECB513D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{40EFA562-35F2-477F-AE75-18F3548CDB11}" = protocol=17 | dir=in | app=e:\datein\videotomp3setup.exe | 
"{442E7DDC-EA20-4CD9-885E-2493FB09A494}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nicknaeck\counter-strike source\hl2.exe | 
"{51020141-49FA-4847-ACDD-C133E88CFBAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{51194E55-777C-4CBB-9DF1-234AD63D437D}" = protocol=6 | dir=in | app=d:\downloads1\3gpconvertersetup.exe | 
"{531F781A-D180-4140-97CA-8244B2943DE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nicknaeck\counter-strike source\hl2.exe | 
"{55F34907-EE3A-45B9-BAD3-A5E8685A3329}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6B906C24-5589-47C8-B885-7481D6E94D42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{70364E01-6973-4268-BE42-87D47CB19DB3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{79DF2E7F-1A95-4845-853F-11ADA79CE5AD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{879CCDC6-099D-4869-BB73-48DBE65B54E0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{890FC08E-DF44-43E2-9E61-C5D6D039DFCB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{894B4EF3-10EB-480E-93B3-095FB8607B03}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{92CE9962-50A7-42FF-93FE-50321D93C8AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{9D5A044A-63AF-4B06-A957-4D1BDC38F969}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9ED7E567-2DC5-4F77-8D9B-0695ABC00C5B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A27D6188-E2AD-4AE4-B7B4-E336B90DC42A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nicknaeck\counter-strike source\hl2.exe | 
"{B5491A4E-6FD1-43A3-92D2-2F7AC7863879}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B8276490-4060-48E4-B260-DA96172ABA49}" = protocol=6 | dir=out | app=system | 
"{BC65ABA5-AAED-4A36-8B91-9A9013C3FB34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C6F01717-37A0-41DF-AEF6-E1144CF827A4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C90A92AF-BE45-4BE9-B669-BA9D20D075C9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D167E20C-DA9D-464A-96DC-EA2B95056C03}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D606405B-4F26-41A2-8BBA-5D1C4FEABA31}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D6CE066B-A1E6-4944-B31D-9B4A7AD9B3B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DAC96FCA-DE1E-437D-AD6C-FD6190769372}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E522A3F1-2D90-479B-B927-DD360992CE2E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F857B3A7-3423-4B72-9F9A-30913F5750FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FCA90AD9-F47A-41E0-857C-441CD3108AE9}" = protocol=6 | dir=in | app=e:\datein\videotomp3setup.exe | 
"TCP Query User{16D4877F-2515-40C7-8A1B-8FBA0617AFB1}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{4B755E65-9535-45EA-B722-634F13064412}C:\users\so\appdata\roaming\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\users\so\appdata\roaming\icq6.5\icq.exe | 
"TCP Query User{546094A7-859A-424F-9796-7AB130550B2B}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{D83318E6-A38D-4427-81F3-BF08FD8FAB9C}C:\users\so\appdata\roaming\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\users\so\appdata\roaming\icq6.5\icq.exe | 
"UDP Query User{3A45EF18-E234-46F6-BC63-AAF17AE38013}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"UDP Query User{91C5241C-C7CD-4042-A66A-79C9C5E9BEFA}C:\users\so\appdata\roaming\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\users\so\appdata\roaming\icq6.5\icq.exe | 
"UDP Query User{9C5687FD-281F-4A45-BD71-A704F7DC5636}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"UDP Query User{BDF836C7-656B-4386-8885-72C6D8EFEF9E}C:\users\so\appdata\roaming\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\users\so\appdata\roaming\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"VistaFirewallControl (x64)_is1" = VistaFirewallControl 1.0.7.134
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ElsterFormular für Privatanwender 12.2.0.6412p" = ElsterFormular für Privatanwender
"Freemake Video Downloader_is1" = Freemake Video Downloader
"GoldWave v5.06" = GoldWave v5.06
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Revo Uninstaller" = Revo Uninstaller 1.83
"SpeedCommander 9" = SpeedCommander 9
"Steam App 240" = Counter-Strike: Source
"SystemInfo_is1" = SystemInfo 1.0.1.7
"SystemRequirementsLab" = System Requirements Lab
"Trillian" = Trillian
"VLC media player" = VLC media player 1.1.11
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.12.2009 10:03:26 | Computer Name = PCSo | Source = Google Update | ID = 20
Description = 
 
Error - 29.12.2009 11:03:26 | Computer Name = PCSo | Source = Google Update | ID = 20
Description = 
 
Error - 29.12.2009 12:03:25 | Computer Name = PCSo | Source = Google Update | ID = 20
Description = 
 
Error - 29.12.2009 13:03:26 | Computer Name = PCSo | Source = Google Update | ID = 20
Description = 
 
Error - 29.12.2009 14:03:25 | Computer Name = PCSo | Source = Google Update | ID = 20
Description = 
 
Error - 29.12.2009 15:03:25 | Computer Name = PCSo | Source = Google Update | ID = 20
Description = 
 
Error - 29.12.2009 16:03:25 | Computer Name = PCSo | Source = Google Update | ID = 20
Description = 
 
Error - 29.12.2009 17:03:26 | Computer Name = PCSo | Source = Google Update | ID = 20
Description = 
 
Error - 29.12.2009 18:03:25 | Computer Name = PCSo | Source = Google Update | ID = 20
Description = 
 
Error - 29.12.2009 19:03:26 | Computer Name = PCSo | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 27.10.2011 07:52:01 | Computer Name = PCSo | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 27.10.2011 07:53:12 | Computer Name = PCSo | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 27.10.2011 07:53:12 | Computer Name = PCSo | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.10.2011 07:53:12 | Computer Name = PCSo | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 29.10.2011 08:55:36 | Computer Name = PCSo | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 29.10.2011 08:55:37 | Computer Name = PCSo | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = 
 
Error - 29.10.2011 08:56:18 | Computer Name = PCSo | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 29.10.2011 08:57:31 | Computer Name = PCSo | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 29.10.2011 08:57:31 | Computer Name = PCSo | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.10.2011 08:57:31 | Computer Name = PCSo | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
Viele Grüße


Alt 03.11.2011, 21:55   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware Trace, HEUR/HTML.Malware - Standard

Malware Trace, HEUR/HTML.Malware



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> Malware Trace, HEUR/HTML.Malware

Alt 04.11.2011, 18:06   #7
sternchen222
 
Malware Trace, HEUR/HTML.Malware - Standard

Malware Trace, HEUR/HTML.Malware



Hier ist nun der ESET-Log:

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetesets_scanner_update returned -1 esets_gle=41217
ESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=0
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=61a20685c68efc4c901515db5d12454d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-04 05:04:01
# local_time=2011-11-04 06:04:01 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 100 5543 95322805 77832 0
# compatibility_mode=5892 16776573 100 56 4926 157950147 0 0
# compatibility_mode=8192 67108863 100 0 5023 5023 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
         

Alt 04.11.2011, 19:41   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware Trace, HEUR/HTML.Malware - Standard

Malware Trace, HEUR/HTML.Malware



mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.11.2011, 20:10   #9
sternchen222
 
Malware Trace, HEUR/HTML.Malware - Standard

Malware Trace, HEUR/HTML.Malware



Ist erledigt! Danke, dass du hier so schnell reagierst

Code:
ATTFilter
OTL logfile created on: 04.11.2011 19:51:04 - Run 3
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\So\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,95% Memory free
4,70 Gb Paging File | 3,48 Gb Available in Paging File | 74,10% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 77,02 Gb Total Space | 15,07 Gb Free Space | 19,56% Space Free | Partition Type: NTFS
Drive D: | 72,03 Gb Total Space | 38,21 Gb Free Space | 53,04% Space Free | Partition Type: NTFS
Drive E: | 29,95 Gb Total Space | 23,53 Gb Free Space | 78,58% Space Free | Partition Type: FAT32
Drive F: | 44,52 Gb Total Space | 39,13 Gb Free Space | 87,88% Space Free | Partition Type: NTFS
 
Computer Name: PCSO | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.21 06:41:35 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.09.21 06:41:29 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.24 15:15:26 | 000,074,240 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011.06.04 16:44:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\So\Desktop\OTL.exe
PRC - [2010.11.15 20:02:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.04 16:44:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\So\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008.01.19 09:00:40 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV:64bit: - [2007.03.29 13:21:16 | 000,433,152 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\VistaFirewallControl\VistaFirewallService.exe -- (VistaFirewallService)
SRV - [2011.10.15 16:08:04 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.09.21 06:41:35 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.09.21 06:41:29 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.24 15:15:26 | 000,074,240 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (FreemakeUtilsService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.09.21 06:41:36 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.09.21 06:41:36 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.02.11 22:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.29 17:22:42 | 000,136,192 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv05.sys -- (acedrv05)
DRV:64bit: - [2009.03.25 16:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys -- (s1018mdm)
DRV:64bit: - [2009.03.25 16:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV:64bit: - [2009.03.25 16:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2009.03.25 16:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018obex.sys -- (s1018obex)
DRV:64bit: - [2009.03.25 16:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV:64bit: - [2009.03.25 16:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009.03.25 16:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys -- (s1018mdfl)
DRV:64bit: - [2008.11.11 22:40:17 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008.05.16 11:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 11:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008.05.16 11:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.05.16 11:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 11:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008.05.16 11:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV:64bit: - [2008.01.19 08:09:56 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008.01.19 07:36:12 | 000,119,296 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\irda.sys -- (irda)
DRV:64bit: - [2008.01.19 07:36:11 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\irsir.sys -- (irsir)
DRV:64bit: - [2007.12.10 14:21:56 | 000,109,096 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV:64bit: - [2006.09.18 22:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2007.02.20 17:28:43 | 000,144,812 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\dump_wmimmc.sys -- (dump_wmimmc)
DRV - [2005.01.04 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Speedbit Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.speedbit.com/search.aspx?aff=grbr_0&q="
FF - prefs.js..browser.search.order.1: "Speedbit Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {2122962a-1424-fffe-19af-bba2ef3eff4a}:1.0
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "hxxp://search.speedbit.com/search.aspx?aff=grbr_0&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.daemon-search.com/default"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2011.09.03 14:11:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox
FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.25 13:14:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.12 12:10:20 | 000,000,000 | ---D | M]
 
[2009.01.10 12:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2011.11.04 17:38:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions
[2009.08.23 13:08:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.04 23:36:01 | 000,000,000 | ---D | M] (YouTube Downloader for Facebook) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{2122962a-1424-fffe-19af-bba2ef3eff4a}
[2011.04.25 12:09:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.10 18:37:11 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010.02.26 17:22:12 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.12.22 16:41:46 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.02.26 17:22:25 | 000,000,873 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\conduit.xml
[2011.05.07 10:22:13 | 000,002,342 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\icq-search.xml
[2011.09.03 14:04:19 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\icqplugin-1.xml
[2011.05.13 19:13:02 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\icqplugin.xml
[2011.10.12 13:00:25 | 000,002,520 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\speedbit.xml
[2011.05.07 10:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- 
[2011.09.03 14:11:31 | 000,000,000 | ---D | M] (Freemake Video Downloader Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX
[2011.06.25 13:14:19 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.06.10 18:37:09 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.02 10:38:32 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Users\user\AppData\Local\CDRunner\MSDXM.ocx ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [VistaFirewallControl] C:\Programme\VistaFirewallControl\VistaFirewallControl.exe (Sphinx Software)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.68.161.141 217.68.161.171
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Users\user\AppData\Local\CDRunner\MSDXM.ocx ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{060a9c05-b08d-11dd-baf3-00138ffc017b}\Shell - "" = AutoRun
O33 - MountPoints2\{060a9c05-b08d-11dd-baf3-00138ffc017b}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk - C:\PROGRA~2\Adobe\READER~1.0\Reader\READER~1.EXE - (Adobe Systems Incorporated)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE - (Adobe Systems Incorporated)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk -  - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig:64bit - StartUpReg: DXM6Patch_981116 - hkey= - key= - C:\Windows\p_981116.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: ICQ Lite - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LDM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LogitechGalleryRepair - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LogitechImageStudioTray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LVCOMS - hkey= - key= - C:\Program Files (x86)\Common Files\Logitech\QCDriver3\LVCOMS.EXE (Logitech Inc.)
MsConfig:64bit - StartUpReg: QCDriverInstaller - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RealTray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Skype - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SweetIM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\SysWow64\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\Windows\SysWow64\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\SysWow64\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\Windows\SysWow64\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.)
Drivers32: vidc.mp42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWow64\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWow64\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP62 - C:\Windows\SysWow64\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.04 17:53:23 | 002,322,184 | ---- | C] (ESET) -- C:\Users\user\Desktop\esetsmartinstaller_enu.exe
[2011.11.04 17:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.11.03 19:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.03 19:14:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.10.27 11:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.10.12 13:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedBit
[2011.10.12 13:00:09 | 000,172,032 | ---- | C] (Jin Hui    E-mail: jinhui@jcomsoft.com   Web: hxxp://www.jcomsoft.com) -- C:\Windows\SysWow64\AniGIF.ocx
[2011.10.12 13:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2007.02.07 18:13:00 | 000,369,152 | ---- | C] (NVIDIA Corporation) -- C:\Programme\NVUninst.exe
[2007.02.07 18:13:00 | 000,369,152 | ---- | C] (NVIDIA Corporation) -- C:\Programme\nvudisp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.04 19:31:50 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.04 19:31:50 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.04 19:11:54 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.04 17:53:25 | 002,322,184 | ---- | M] (ESET) -- C:\Users\user\Desktop\esetsmartinstaller_enu.exe
[2011.11.04 17:32:16 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.04 17:32:05 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011.11.04 17:31:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.03 19:14:17 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.03 11:46:40 | 001,445,116 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.03 11:46:40 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.03 11:46:40 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.03 11:46:40 | 000,126,054 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.03 11:46:40 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.01 18:29:31 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.10.29 21:02:45 | 000,000,020 | ---- | M] () -- C:\Users\user\defogger_reenable
[2011.10.12 17:20:45 | 000,257,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.12 13:00:08 | 000,109,216 | ---- | M] () -- C:\Windows\SysWow64\EasyHook64.dll
[2011.10.12 13:00:08 | 000,090,784 | ---- | M] () -- C:\Windows\SysWow64\EasyHook32.dll
[2011.10.12 12:10:20 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
 
========== Files Created - No Company Name ==========
 
[2011.11.03 19:14:17 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.29 21:02:45 | 000,000,020 | ---- | C] () -- C:\Users\user\defogger_reenable
[2011.10.12 13:00:23 | 000,109,216 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2011.10.12 13:00:23 | 000,090,784 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2011.04.02 10:49:58 | 000,005,061 | ---- | C] () -- C:\ProgramData\jdhdxjyu.jga
[2011.02.20 14:36:09 | 000,000,467 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.02.11 22:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010.03.17 13:56:38 | 000,005,048 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.01.03 21:20:41 | 000,004,913 | ---- | C] () -- C:\ProgramData\mnjemahv.gza
[2010.01.03 20:54:04 | 000,005,052 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2009.11.27 21:11:37 | 000,034,610 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.11.27 21:09:12 | 000,034,610 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.29 17:22:42 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\acedrv05.dll
[2009.08.22 22:49:42 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.08.22 22:49:07 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.08.22 22:48:34 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.08.22 10:24:49 | 000,000,732 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps64.dat
[2009.02.25 18:15:42 | 000,283,070 | ---- | C] () -- C:\Users\user\AppData\Local\vdrapet_nav.dat
[2009.02.25 18:15:12 | 000,000,328 | ---- | C] () -- C:\Users\user\AppData\Local\vdrapet_navps.dat
[2009.02.25 18:15:11 | 000,000,089 | ---- | C] () -- C:\Users\user\AppData\Local\vdrapet.bat
[2009.02.25 18:15:09 | 000,002,906 | ---- | C] () -- C:\Users\user\AppData\Local\vdrapet.dat
[2009.01.27 16:04:28 | 000,275,267 | ---- | C] () -- C:\Users\user\AppData\Local\zmrfjfb_nav.dat
[2009.01.27 16:03:57 | 000,002,905 | ---- | C] () -- C:\Users\user\AppData\Local\zmrfjfb.dat
[2009.01.27 16:03:57 | 000,000,311 | ---- | C] () -- C:\Users\user\AppData\Local\zmrfjfb_navps.dat
[2009.01.27 16:03:57 | 000,000,089 | ---- | C] () -- C:\Users\user\AppData\Local\zmrfjfb.bat
[2009.01.20 19:53:46 | 000,003,680 | ---- | C] () -- C:\Users\user\AppData\Roaming\Sys2657a.DLL
[2008.11.12 17:43:36 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2008.08.22 11:07:16 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.06.27 08:49:18 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.02.24 18:05:13 | 000,000,060 | ---- | C] () -- C:\Windows\mpsettings.ini
[2007.02.24 17:54:18 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2007.02.24 17:54:18 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2007.02.21 14:30:55 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2007.02.21 14:26:41 | 000,000,792 | ---- | C] () -- C:\Windows\_delis32.ini
[2007.02.21 14:25:07 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2007.02.18 17:10:19 | 000,144,812 | ---- | C] () -- C:\Windows\SysWow64\drivers\dump_wmimmc.sys
[2007.02.18 15:14:17 | 000,061,952 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.02.18 13:39:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.02.17 15:49:18 | 000,000,047 | ---- | C] () -- C:\Windows\wininit.ini
[2007.02.17 14:47:32 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2007.02.07 18:13:00 | 006,802,354 | ---- | C] () -- C:\Programme\NvCpl.dl_
[2007.02.07 18:13:00 | 004,976,822 | ---- | C] () -- C:\Programme\nvDispS.dl_
[2007.02.07 18:13:00 | 004,937,205 | ---- | C] () -- C:\Programme\data1.cab
[2007.02.07 18:13:00 | 004,547,123 | ---- | C] () -- C:\Programme\nvoglv64.dl_
[2007.02.07 18:13:00 | 004,478,646 | ---- | C] () -- C:\Programme\nvlddmkm.sy_
[2007.02.07 18:13:00 | 003,747,051 | ---- | C] () -- C:\Programme\nvd3dumx.dl_
[2007.02.07 18:13:00 | 003,425,576 | ---- | C] () -- C:\Programme\nvoglv32.dl_
[2007.02.07 18:13:00 | 003,167,904 | ---- | C] () -- C:\Programme\nvViTvS.dl_
[2007.02.07 18:13:00 | 003,136,116 | ---- | C] () -- C:\Programme\nvDispSR.dl_
[2007.02.07 18:13:00 | 002,787,424 | ---- | C] () -- C:\Programme\nvGameS.dl_
[2007.02.07 18:13:00 | 002,772,524 | ---- | C] () -- C:\Programme\nvd3dum.dl_
[2007.02.07 18:13:00 | 002,700,075 | ---- | C] () -- C:\Programme\nvViTvSR.dl_
[2007.02.07 18:13:00 | 001,619,145 | ---- | C] () -- C:\Programme\nvMoblSR.dl_
[2007.02.07 18:13:00 | 001,477,239 | ---- | C] () -- C:\Programme\nvwgf2umx.dl_
[2007.02.07 18:13:00 | 001,442,231 | ---- | C] () -- C:\Programme\nvwss.dl_
[2007.02.07 18:13:00 | 001,104,385 | ---- | C] () -- C:\Programme\nvGameSR.dl_
[2007.02.07 18:13:00 | 000,983,968 | ---- | C] () -- C:\Programme\nvwssr.dl_
[2007.02.07 18:13:00 | 000,940,236 | ---- | C] () -- C:\Programme\nvwgf2um.dl_
[2007.02.07 18:13:00 | 000,923,140 | ---- | C] () -- C:\Programme\nvcplui.ex_
[2007.02.07 18:13:00 | 000,729,554 | ---- | C] () -- C:\Programme\nvMoblS.dl_
[2007.02.07 18:13:00 | 000,459,544 | ---- | C] () -- C:\Programme\engine32.cab
[2007.02.07 18:13:00 | 000,435,969 | ---- | C] () -- C:\Programme\setup.ibt
[2007.02.07 18:13:00 | 000,368,989 | ---- | C] () -- C:\Programme\DPInst.ex_
[2007.02.07 18:13:00 | 000,339,712 | ---- | C] () -- C:\Programme\nvcpluir.dl_
[2007.02.07 18:13:00 | 000,247,609 | ---- | C] () -- C:\Programme\setup.inx
[2007.02.07 18:13:00 | 000,237,685 | ---- | C] () -- C:\Programme\nvdspJPN.chm
[2007.02.07 18:13:00 | 000,223,301 | ---- | C] () -- C:\Programme\nvdspKOR.chm
[2007.02.07 18:13:00 | 000,222,683 | ---- | C] () -- C:\Programme\nvdspTHA.chm
[2007.02.07 18:13:00 | 000,218,823 | ---- | C] () -- C:\Programme\nvdspELL.chm
[2007.02.07 18:13:00 | 000,218,813 | ---- | C] () -- C:\Programme\nvdspCHT.chm
[2007.02.07 18:13:00 | 000,213,815 | ---- | C] () -- C:\Programme\nvdspCHS.chm
[2007.02.07 18:13:00 | 000,210,619 | ---- | C] () -- C:\Programme\nvdspSKY.chm
[2007.02.07 18:13:00 | 000,209,771 | ---- | C] () -- C:\Programme\nvapi64.dl_
[2007.02.07 18:13:00 | 000,209,645 | ---- | C] () -- C:\Programme\nvdspRUS.chm
[2007.02.07 18:13:00 | 000,207,771 | ---- | C] () -- C:\Programme\nvdspSLV.chm
[2007.02.07 18:13:00 | 000,207,223 | ---- | C] () -- C:\Programme\nvdspHUN.chm
[2007.02.07 18:13:00 | 000,206,647 | ---- | C] () -- C:\Programme\nvdspPLK.chm
[2007.02.07 18:13:00 | 000,206,549 | ---- | C] () -- C:\Programme\nvdspHEB.chm
[2007.02.07 18:13:00 | 000,204,597 | ---- | C] () -- C:\Programme\nvdspTRK.chm
[2007.02.07 18:13:00 | 000,204,403 | ---- | C] () -- C:\Programme\nvdspCSY.chm
[2007.02.07 18:13:00 | 000,201,575 | ---- | C] () -- C:\Programme\nvdspARA.chm
[2007.02.07 18:13:00 | 000,200,469 | ---- | C] () -- C:\Programme\nvdspDEU.chm
[2007.02.07 18:13:00 | 000,199,129 | ---- | C] () -- C:\Programme\nvdspFIN.chm
[2007.02.07 18:13:00 | 000,198,663 | ---- | C] () -- C:\Programme\nvdspITA.chm
[2007.02.07 18:13:00 | 000,196,205 | ---- | C] () -- C:\Programme\nvdspNLD.chm
[2007.02.07 18:13:00 | 000,195,673 | ---- | C] () -- C:\Programme\nvdspPTG.chm
[2007.02.07 18:13:00 | 000,195,361 | ---- | C] () -- C:\Programme\nvdspPTB.chm
[2007.02.07 18:13:00 | 000,193,581 | ---- | C] () -- C:\Programme\nvdspESN.chm
[2007.02.07 18:13:00 | 000,193,463 | ---- | C] () -- C:\Programme\nvdspESM.chm
[2007.02.07 18:13:00 | 000,189,993 | ---- | C] () -- C:\Programme\nvdspFRA.chm
[2007.02.07 18:13:00 | 000,188,933 | ---- | C] () -- C:\Programme\nvdspDAN.chm
[2007.02.07 18:13:00 | 000,187,583 | ---- | C] () -- C:\Programme\nvdspSVE.chm
[2007.02.07 18:13:00 | 000,187,317 | ---- | C] () -- C:\Programme\nvdspNOR.chm
[2007.02.07 18:13:00 | 000,182,726 | ---- | C] () -- C:\Programme\nvdspENG.chm
[2007.02.07 18:13:00 | 000,180,024 | ---- | C] () -- C:\Programme\nvexpbar.dl_
[2007.02.07 18:13:00 | 000,179,765 | ---- | C] () -- C:\Programme\nvmccs.dl_
[2007.02.07 18:13:00 | 000,176,756 | ---- | C] () -- C:\Programme\setup.bmp
[2007.02.07 18:13:00 | 000,174,806 | ---- | C] () -- C:\Programme\nvwks.chm
[2007.02.07 18:13:00 | 000,167,166 | ---- | C] () -- C:\Programme\nvMccsSR.dl_
[2007.02.07 18:13:00 | 000,165,141 | ---- | C] () -- C:\Programme\nvdsp.chm
[2007.02.07 18:13:00 | 000,150,523 | ---- | C] () -- C:\Programme\nvapi.dl_
[2007.02.07 18:13:00 | 000,144,702 | ---- | C] () -- C:\Programme\nvMccsS.dl_
[2007.02.07 18:13:00 | 000,121,583 | ---- | C] () -- C:\Programme\nv3dJPN.chm
[2007.02.07 18:13:00 | 000,118,515 | ---- | C] () -- C:\Programme\nvcpl.chm
[2007.02.07 18:13:00 | 000,116,419 | ---- | C] () -- C:\Programme\nv3dTHA.chm
[2007.02.07 18:13:00 | 000,114,785 | ---- | C] () -- C:\Programme\nv3dKOR.chm
[2007.02.07 18:13:00 | 000,112,929 | ---- | C] () -- C:\Programme\nv3dELL.chm
[2007.02.07 18:13:00 | 000,112,507 | ---- | C] () -- C:\Programme\nv3dCHT.chm
[2007.02.07 18:13:00 | 000,112,329 | ---- | C] () -- C:\Programme\nvcpljpn.chm
[2007.02.07 18:13:00 | 000,111,801 | ---- | C] () -- C:\Programme\nv3dHEB.chm
[2007.02.07 18:13:00 | 000,111,149 | ---- | C] () -- C:\Programme\nvcpltha.chm
[2007.02.07 18:13:00 | 000,110,855 | ---- | C] () -- C:\Programme\nv3dPLK.chm
[2007.02.07 18:13:00 | 000,110,495 | ---- | C] () -- C:\Programme\nvcplell.chm
[2007.02.07 18:13:00 | 000,110,193 | ---- | C] () -- C:\Programme\nv3dARA.chm
[2007.02.07 18:13:00 | 000,109,903 | ---- | C] () -- C:\Programme\nv3dTRK.chm
[2007.02.07 18:13:00 | 000,109,697 | ---- | C] () -- C:\Programme\nv3dSKY.chm
[2007.02.07 18:13:00 | 000,109,653 | ---- | C] () -- C:\Programme\nvcplplk.chm
[2007.02.07 18:13:00 | 000,109,511 | ---- | C] () -- C:\Programme\nvcpltrk.chm
[2007.02.07 18:13:00 | 000,109,375 | ---- | C] () -- C:\Programme\nvcplslv.chm
[2007.02.07 18:13:00 | 000,109,255 | ---- | C] () -- C:\Programme\nv3dRUS.chm
[2007.02.07 18:13:00 | 000,109,143 | ---- | C] () -- C:\Programme\nvcplsky.chm
[2007.02.07 18:13:00 | 000,108,949 | ---- | C] () -- C:\Programme\nvcplheb.chm
[2007.02.07 18:13:00 | 000,108,949 | ---- | C] () -- C:\Programme\nvcplfin.chm
[2007.02.07 18:13:00 | 000,108,857 | ---- | C] () -- C:\Programme\nv3dCHS.chm
[2007.02.07 18:13:00 | 000,108,793 | ---- | C] () -- C:\Programme\nvcplhun.chm
[2007.02.07 18:13:00 | 000,108,619 | ---- | C] () -- C:\Programme\nv3dESN.chm
[2007.02.07 18:13:00 | 000,108,587 | ---- | C] () -- C:\Programme\nvcplkor.chm
[2007.02.07 18:13:00 | 000,108,497 | ---- | C] () -- C:\Programme\nvcplcsy.chm
[2007.02.07 18:13:00 | 000,108,491 | ---- | C] () -- C:\Programme\nvcplrus.chm
[2007.02.07 18:13:00 | 000,108,161 | ---- | C] () -- C:\Programme\nv3dDEU.chm
[2007.02.07 18:13:00 | 000,108,159 | ---- | C] () -- C:\Programme\nvcplcht.chm
[2007.02.07 18:13:00 | 000,107,901 | ---- | C] () -- C:\Programme\nv3dCSY.chm
[2007.02.07 18:13:00 | 000,107,787 | ---- | C] () -- C:\Programme\nvcplara.chm
[2007.02.07 18:13:00 | 000,107,715 | ---- | C] () -- C:\Programme\nvcplesn.chm
[2007.02.07 18:13:00 | 000,107,513 | ---- | C] () -- C:\Programme\nv3dSLV.chm
[2007.02.07 18:13:00 | 000,107,365 | ---- | C] () -- C:\Programme\nvcplita.chm
[2007.02.07 18:13:00 | 000,107,051 | ---- | C] () -- C:\Programme\nv3dESM.chm
[2007.02.07 18:13:00 | 000,106,941 | ---- | C] () -- C:\Programme\nvcplchs.chm
[2007.02.07 18:13:00 | 000,106,877 | ---- | C] () -- C:\Programme\nv3dHUN.chm
[2007.02.07 18:13:00 | 000,106,659 | ---- | C] () -- C:\Programme\nvcplptg.chm
[2007.02.07 18:13:00 | 000,106,571 | ---- | C] () -- C:\Programme\nvcplptb.chm
[2007.02.07 18:13:00 | 000,106,513 | ---- | C] () -- C:\Programme\nvcpldeu.chm
[2007.02.07 18:13:00 | 000,106,245 | ---- | C] () -- C:\Programme\nvcplesm.chm
[2007.02.07 18:13:00 | 000,106,081 | ---- | C] () -- C:\Programme\nv3dFIN.chm
[2007.02.07 18:13:00 | 000,105,249 | ---- | C] () -- C:\Programme\nvcplsve.chm
[2007.02.07 18:13:00 | 000,105,211 | ---- | C] () -- C:\Programme\nvcplnld.chm
[2007.02.07 18:13:00 | 000,105,121 | ---- | C] () -- C:\Programme\nvcplfra.chm
[2007.02.07 18:13:00 | 000,105,025 | ---- | C] () -- C:\Programme\nvcplnor.chm
[2007.02.07 18:13:00 | 000,104,809 | ---- | C] () -- C:\Programme\nvcpldan.chm
[2007.02.07 18:13:00 | 000,104,399 | ---- | C] () -- C:\Programme\nv3dITA.chm
[2007.02.07 18:13:00 | 000,104,183 | ---- | C] () -- C:\Programme\nvcpleng.chm
[2007.02.07 18:13:00 | 000,102,981 | ---- | C] () -- C:\Programme\nv3dPTG.chm
[2007.02.07 18:13:00 | 000,102,633 | ---- | C] () -- C:\Programme\nv3dPTB.chm
[2007.02.07 18:13:00 | 000,102,439 | ---- | C] () -- C:\Programme\nv3dDAN.chm
[2007.02.07 18:13:00 | 000,102,065 | ---- | C] () -- C:\Programme\nv3dNLD.chm
[2007.02.07 18:13:00 | 000,101,943 | ---- | C] () -- C:\Programme\nv3dSVE.chm
[2007.02.07 18:13:00 | 000,101,863 | ---- | C] () -- C:\Programme\nv3dFRA.chm
[2007.02.07 18:13:00 | 000,100,923 | ---- | C] () -- C:\Programme\nv3dNOR.chm
[2007.02.07 18:13:00 | 000,099,167 | ---- | C] () -- C:\Programme\nv3dENG.chm
[2007.02.07 18:13:00 | 000,095,638 | ---- | C] () -- C:\Programme\NvColor.ex_
[2007.02.07 18:13:00 | 000,090,934 | ---- | C] () -- C:\Programme\nv3d.chm
[2007.02.07 18:13:00 | 000,068,593 | ---- | C] () -- C:\Programme\setup.skin
[2007.02.07 18:13:00 | 000,060,169 | ---- | C] () -- C:\Programme\nvmobJPN.chm
[2007.02.07 18:13:00 | 000,058,989 | ---- | C] () -- C:\Programme\nvmobKOR.chm
[2007.02.07 18:13:00 | 000,058,989 | ---- | C] () -- C:\Programme\nvmobCHT.chm
[2007.02.07 18:13:00 | 000,058,975 | ---- | C] () -- C:\Programme\nvmobTHA.chm
[2007.02.07 18:13:00 | 000,058,433 | ---- | C] () -- C:\Programme\nvmobELL.chm
[2007.02.07 18:13:00 | 000,058,265 | ---- | C] () -- C:\Programme\nvmobHEB.chm
[2007.02.07 18:13:00 | 000,058,009 | ---- | C] () -- C:\Programme\nvmobCHS.chm
[2007.02.07 18:13:00 | 000,057,505 | ---- | C] () -- C:\Programme\nvmobPLK.chm
[2007.02.07 18:13:00 | 000,057,271 | ---- | C] () -- C:\Programme\nvmobARA.chm
[2007.02.07 18:13:00 | 000,057,135 | ---- | C] () -- C:\Programme\nvmobHUN.chm
[2007.02.07 18:13:00 | 000,057,085 | ---- | C] () -- C:\Programme\nvmobTRK.chm
[2007.02.07 18:13:00 | 000,057,065 | ---- | C] () -- C:\Programme\nvmobRUS.chm
[2007.02.07 18:13:00 | 000,057,003 | ---- | C] () -- C:\Programme\nvmobSKY.chm
[2007.02.07 18:13:00 | 000,056,769 | ---- | C] () -- C:\Programme\nvmobSLV.chm
[2007.02.07 18:13:00 | 000,056,641 | ---- | C] () -- C:\Programme\nvmobFIN.chm
[2007.02.07 18:13:00 | 000,056,411 | ---- | C] () -- C:\Programme\nvmobCSY.chm
[2007.02.07 18:13:00 | 000,055,905 | ---- | C] () -- C:\Programme\nvmobITA.chm
[2007.02.07 18:13:00 | 000,055,873 | ---- | C] () -- C:\Programme\nvmobDEU.chm
[2007.02.07 18:13:00 | 000,055,639 | ---- | C] () -- C:\Programme\nvmobPTG.chm
[2007.02.07 18:13:00 | 000,055,539 | ---- | C] () -- C:\Programme\nvmobESM.chm
[2007.02.07 18:13:00 | 000,055,527 | ---- | C] () -- C:\Programme\nvmobESN.chm
[2007.02.07 18:13:00 | 000,055,457 | ---- | C] () -- C:\Programme\nvmobNLD.chm
[2007.02.07 18:13:00 | 000,055,387 | ---- | C] () -- C:\Programme\nvmobSVE.chm
[2007.02.07 18:13:00 | 000,055,351 | ---- | C] () -- C:\Programme\nvmobPTB.chm
[2007.02.07 18:13:00 | 000,055,343 | ---- | C] () -- C:\Programme\nvmobFRA.chm
[2007.02.07 18:13:00 | 000,055,235 | ---- | C] () -- C:\Programme\nvmobNOR.chm
[2007.02.07 18:13:00 | 000,055,183 | ---- | C] () -- C:\Programme\nvmobDAN.chm
[2007.02.07 18:13:00 | 000,054,994 | ---- | C] () -- C:\Programme\nvmob.chm
[2007.02.07 18:13:00 | 000,054,939 | ---- | C] () -- C:\Programme\nvmobENG.chm
[2007.02.07 18:13:00 | 000,038,693 | ---- | C] () -- C:\Programme\NvMCTray.dl_
[2007.02.07 18:13:00 | 000,036,075 | ---- | C] () -- C:\Programme\nvcpl.cp_
[2007.02.07 18:13:00 | 000,035,171 | ---- | C] () -- C:\Programme\nv_disp.inf
[2007.02.07 18:13:00 | 000,033,121 | ---- | C] () -- C:\Programme\nvsvc64.dl_
[2007.02.07 18:13:00 | 000,029,080 | ---- | C] () -- C:\Programme\data1.hdr
[2007.02.07 18:13:00 | 000,025,008 | ---- | C] () -- C:\Programme\NvApps.xm_
[2007.02.07 18:13:00 | 000,011,089 | ---- | C] () -- C:\Programme\NvwsApps.xm_
[2007.02.07 18:13:00 | 000,007,772 | ---- | C] () -- C:\Programme\nvmccsrs.dl_
[2007.02.07 18:13:00 | 000,003,411 | ---- | C] () -- C:\Programme\nvdisp.nvu
[2007.02.07 18:13:00 | 000,000,862 | ---- | C] () -- C:\Programme\setup.ini
[2007.02.07 18:13:00 | 000,000,512 | ---- | C] () -- C:\Programme\data2.cab
[2007.02.07 18:13:00 | 000,000,510 | ---- | C] () -- C:\Programme\layout.bin
[2007.02.07 18:13:00 | 000,000,431 | ---- | C] () -- C:\Programme\setup.iss
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2011.05.09 05:32:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.19 13:30:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\elsterformular
[2010.01.08 22:07:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FLVPlayer4Free
[2010.01.09 20:12:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FreeFLVConverter
[2010.12.12 18:32:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Neoretix
[2010.03.22 11:57:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony
[2010.03.22 11:52:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony Setup
[2011.11.03 21:46:38 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.02.01 13:07:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Adobe
[2011.04.03 00:37:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Avira
[2009.03.17 20:33:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DivX
[2011.05.09 05:32:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.19 13:30:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\elsterformular
[2010.01.08 22:07:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FLVPlayer4Free
[2010.01.09 20:12:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FreeFLVConverter
[2007.02.17 15:58:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macromedia
[2011.04.03 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Media Center Programs
[2011.03.01 16:59:13 | 000,000,000 | --SD | M] -- C:\Users\user\AppData\Roaming\Microsoft
[2009.01.10 12:52:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla
[2010.12.12 18:32:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Neoretix
[2007.02.17 15:38:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org2
[2010.03.22 11:57:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony
[2010.03.22 11:52:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony Setup
[2007.02.20 20:01:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\teamspeak2
[2007.02.17 15:13:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\vlc
[2009.01.14 16:43:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.03.22 11:56:12 | 000,010,134 | R--- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
[2010.11.16 20:55:32 | 002,596,864 | ---- | M] (Neoretix Laboratory) -- C:\Users\user\AppData\Roaming\Neoretix\TubeHunter Ultra\TubeHunter.exe
[2010.03.22 11:53:42 | 032,494,896 | ---- | M] (Apple Inc.) -- C:\Users\user\AppData\Roaming\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2006.11.02 13:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.19 09:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.19 09:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.07 13:29:17 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=05001E1FACCE49DB895B8526B05C7302 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_37cb142cf6008bc1\atapi.sys
[2008.01.19 09:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008.03.07 13:29:17 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006.11.02 12:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.19 09:03:01 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2006.11.02 12:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 13:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.19 09:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2006.11.02 12:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll
[2008.01.19 09:03:55 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2006.11.02 10:44:25 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=00B53DCA0408CCD8F6BAF13994F6E3A0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_3174f01b5d2fa18f\user32.dll
[2007.04.04 19:02:17 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll
[2008.01.19 09:04:23 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.19 08:32:19 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2007.04.04 19:02:17 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll
[2007.04.04 19:02:19 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll
[2006.11.02 12:19:10 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=95D5555CC7BD8F520996E35D36491EEF -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_272045c928cedf94\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2007.04.04 19:02:18 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006.11.02 12:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe
[2008.01.19 09:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.19 09:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.19 09:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.19 09:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
[2006.11.02 12:16:20 | 000,122,368 | ---- | M] (Microsoft Corporation) MD5=6F92CE5B50283B0C0A7A539ED552039A -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.19 09:00:45 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 12:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.19 07:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.19 07:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
[2006.11.02 10:47:52 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=C4EE49DB7EADC812DBC0ECCF2E7FB929 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_a96e7a5c834006a3\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         

Alt 04.11.2011, 20:30   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware Trace, HEUR/HTML.Malware - Standard

Malware Trace, HEUR/HTML.Malware



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Speedbit Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.speedbit.com/search.aspx?aff=grbr_0&q="
FF - prefs.js..browser.search.order.1: "Speedbit Search"
FF - prefs.js..keyword.URL: "http://search.speedbit.com/search.aspx?aff=grbr_0&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "http://www.daemon-search.com/default"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
[2011.04.25 12:09:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.10 18:37:11 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010.02.26 17:22:12 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.12.22 16:41:46 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.02.26 17:22:25 | 000,000,873 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\conduit.xml
[2011.05.07 10:22:13 | 000,002,342 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\icq-search.xml
[2011.09.03 14:04:19 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\icqplugin-1.xml
[2011.05.13 19:13:02 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\icqplugin.xml
[2011.10.12 13:00:25 | 000,002,520 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\speedbit.xml
[2010.06.10 18:37:09 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Users\user\AppData\Local\CDRunner\MSDXM.ocx ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{060a9c05-b08d-11dd-baf3-00138ffc017b}\Shell - "" = AutoRun
O33 - MountPoints2\{060a9c05-b08d-11dd-baf3-00138ffc017b}\Shell\AutoRun\command - "" = I:\AutoRun.exe
[2011.10.12 13:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedBit
[2011.10.12 13:00:09 | 000,172,032 | ---- | C] (Jin Hui    E-mail: jinhui@jcomsoft.com   Web: http://www.jcomsoft.com) -- C:\Windows\SysWow64\AniGIF.ocx
[2011.10.12 13:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2011.04.02 10:49:58 | 000,005,061 | ---- | C] () -- C:\ProgramData\jdhdxjyu.jga
[2010.03.17 13:56:38 | 000,005,048 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.01.03 21:20:41 | 000,004,913 | ---- | C] () -- C:\ProgramData\mnjemahv.gza
[2010.01.03 20:54:04 | 000,005,052 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.11.2011, 20:50   #11
sternchen222
 
Malware Trace, HEUR/HTML.Malware - Standard

Malware Trace, HEUR/HTML.Malware



Neustart ist erfolgt. Wahnsinn, 3,8 GB wurden entfernt?

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Speedbit Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.speedbit.com/search.aspx?aff=grbr_0&q=" removed from browser.search.defaulturl
Prefs.js: "Speedbit Search" removed from browser.search.order.1
Prefs.js: "hxxp://search.speedbit.com/search.aspx?aff=grbr_0&q=" removed from keyword.URL
Prefs.js: "chrome://browser-region/locale/region.properties" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "DAEMON Search" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "hxxp://www.daemon-search.com/default" removed from browser.startup.homepage
Prefs.js: "chrome://browser-region/locale/region.properties" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\searchplugin folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\META-INF folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\lib folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\searchplugin folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\META-INF folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\lib folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\conduit.xml moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\icq-search.xml moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\speedbit.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E718888-423F-11D2-876E-00A0C9082467} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E718888-423F-11D2-876E-00A0C9082467}\ deleted successfully.
C:\Users\user\AppData\Local\CDRunner\MSDXM.ocx moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{060a9c05-b08d-11dd-baf3-00138ffc017b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{060a9c05-b08d-11dd-baf3-00138ffc017b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{060a9c05-b08d-11dd-baf3-00138ffc017b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{060a9c05-b08d-11dd-baf3-00138ffc017b}\ not found.
File I:\AutoRun.exe not found.
C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate folder moved successfully.
C:\Program Files (x86)\Common Files\SpeedBit folder moved successfully.
C:\Windows\SysWOW64\AniGIF.ocx moved successfully.
C:\ProgramData\SpeedBit folder moved successfully.
C:\ProgramData\jdhdxjyu.jga moved successfully.
C:\ProgramData\mtbjfghn.xbe moved successfully.
C:\ProgramData\mnjemahv.gza moved successfully.
C:\ProgramData\xqkcebzs.dik moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 348385 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: So
->Temp folder emptied: 36591319 bytes
->Temporary Internet Files folder emptied: 12276150 bytes
->Java cache emptied: 1080779 bytes
->FireFox cache emptied: 44135976 bytes
->Flash cache emptied: 1933940 bytes
 
User: user
->Temp folder emptied: 3670233246 bytes
->Temporary Internet Files folder emptied: 5017828 bytes
->Java cache emptied: 39504 bytes
->FireFox cache emptied: 51804629 bytes
->Flash cache emptied: 1124 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73050744 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 106334946 bytes
 
Total Files Cleaned = 3.817,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.23.0 log created on 11042011_203802

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000002FAF3A918FB3E955B8 not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Alt 04.11.2011, 21:12   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware Trace, HEUR/HTML.Malware - Standard

Malware Trace, HEUR/HTML.Malware



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.11.2011, 21:24   #13
sternchen222
 
Malware Trace, HEUR/HTML.Malware - Standard

Malware Trace, HEUR/HTML.Malware



Code:
ATTFilter
21:20:06.0903 3968	TDSS rootkit removing tool 2.6.15.0 Nov  3 2011 17:15:49
21:20:06.0926 3968	============================================================
21:20:06.0926 3968	Current date / time: 2011/11/04 21:20:06.0926
21:20:06.0926 3968	SystemInfo:
21:20:06.0926 3968	
21:20:06.0927 3968	OS Version: 6.0.6002 ServicePack: 2.0
21:20:06.0927 3968	Product type: Workstation
21:20:06.0927 3968	ComputerName: PCSO
21:20:06.0927 3968	UserName: user
21:20:06.0927 3968	Windows directory: C:\Windows
21:20:06.0927 3968	System windows directory: C:\Windows
21:20:06.0927 3968	Running under WOW64
21:20:06.0927 3968	Processor architecture: Intel x64
21:20:06.0927 3968	Number of processors: 1
21:20:06.0927 3968	Page size: 0x1000
21:20:06.0927 3968	Boot type: Normal boot
21:20:06.0927 3968	============================================================
21:20:07.0925 3968	Initialize success
21:20:50.0342 3304	============================================================
21:20:50.0342 3304	Scan started
21:20:50.0342 3304	Mode: Manual; SigCheck; TDLFS; 
21:20:50.0342 3304	============================================================
21:20:50.0732 3304	acedrv05        (056faaff049ca7237194065423307189) C:\Windows\system32\drivers\acedrv05.sys
21:20:50.0873 3304	acedrv05 ( UnsignedFile.Multi.Generic ) - warning
21:20:50.0873 3304	acedrv05 - detected UnsignedFile.Multi.Generic (1)
21:20:50.0951 3304	ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
21:20:51.0029 3304	ACPI - ok
21:20:51.0107 3304	adp94xx         (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys
21:20:51.0201 3304	adp94xx - ok
21:20:51.0279 3304	adpahci         (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys
21:20:51.0342 3304	adpahci - ok
21:20:51.0404 3304	adpu160m        (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys
21:20:51.0420 3304	adpu160m - ok
21:20:51.0467 3304	adpu320         (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys
21:20:51.0482 3304	adpu320 - ok
21:20:51.0592 3304	AFD             (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
21:20:51.0701 3304	AFD - ok
21:20:51.0764 3304	agp440          (5ccdd13bc602ae33cd8b62d33c29ab72) C:\Windows\system32\drivers\agp440.sys
21:20:51.0779 3304	agp440 - ok
21:20:51.0810 3304	aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
21:20:51.0826 3304	aic78xx - ok
21:20:51.0873 3304	aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
21:20:51.0873 3304	aliide - ok
21:20:51.0920 3304	amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
21:20:51.0920 3304	amdide - ok
21:20:51.0967 3304	AmdK8           (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
21:20:52.0139 3304	AmdK8 - ok
21:20:52.0248 3304	arc             (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys
21:20:52.0264 3304	arc - ok
21:20:52.0295 3304	arcsas          (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys
21:20:52.0310 3304	arcsas - ok
21:20:52.0373 3304	AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
21:20:52.0435 3304	AsyncMac - ok
21:20:52.0467 3304	atapi           (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
21:20:52.0467 3304	atapi - ok
21:20:52.0545 3304	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
21:20:52.0639 3304	avgntflt - ok
21:20:52.0685 3304	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
21:20:52.0701 3304	avipbb - ok
21:20:52.0795 3304	blbdrive - ok
21:20:52.0842 3304	bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
21:20:52.0889 3304	bowser - ok
21:20:52.0920 3304	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
21:20:53.0060 3304	BrFiltLo - ok
21:20:53.0123 3304	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
21:20:53.0170 3304	BrFiltUp - ok
21:20:53.0201 3304	Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
21:20:53.0389 3304	Brserid - ok
21:20:53.0420 3304	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
21:20:53.0498 3304	BrSerWdm - ok
21:20:53.0967 3304	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
21:20:54.0092 3304	BrUsbMdm - ok
21:20:54.0498 3304	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
21:20:54.0576 3304	BrUsbSer - ok
21:20:54.0732 3304	BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
21:20:54.0842 3304	BTHMODEM - ok
21:20:54.0998 3304	cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
21:20:55.0107 3304	cdfs - ok
21:20:55.0264 3304	cdrom           (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
21:20:55.0342 3304	cdrom - ok
21:20:55.0389 3304	circlass        (f28f00596824058bc61d5edf434c9b82) C:\Windows\system32\drivers\circlass.sys
21:20:55.0467 3304	circlass - ok
21:20:55.0514 3304	CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
21:20:55.0576 3304	CLFS - ok
21:20:55.0748 3304	cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
21:20:55.0810 3304	cmdide - ok
21:20:56.0435 3304	Compbatt        (0e77a445640bf310817f60941c50560c) C:\Windows\system32\drivers\compbatt.sys
21:20:56.0467 3304	Compbatt - ok
21:20:56.0498 3304	crcdisk         (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys
21:20:56.0514 3304	crcdisk - ok
21:20:56.0639 3304	DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
21:20:56.0701 3304	DfsC - ok
21:20:56.0748 3304	disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
21:20:56.0764 3304	disk - ok
21:20:56.0826 3304	drmkaud         (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
21:20:56.0873 3304	drmkaud - ok
21:20:56.0904 3304	dump_wmimmc - ok
21:20:56.0967 3304	DXGKrnl         (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
21:20:57.0045 3304	DXGKrnl - ok
21:20:57.0357 3304	E1G60           (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys
21:20:57.0435 3304	E1G60 - ok
21:20:57.0717 3304	Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
21:20:57.0764 3304	Ecache - ok
21:20:57.0873 3304	elxstor         (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys
21:20:57.0920 3304	elxstor - ok
21:20:58.0045 3304	exfat           (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
21:20:58.0092 3304	exfat - ok
21:20:58.0154 3304	fastfat         (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
21:20:58.0201 3304	fastfat - ok
21:20:58.0279 3304	fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
21:20:58.0342 3304	fdc - ok
21:20:58.0420 3304	FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
21:20:58.0467 3304	FileInfo - ok
21:20:58.0514 3304	Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
21:20:58.0576 3304	Filetrace - ok
21:20:58.0654 3304	flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:20:58.0701 3304	flpydisk - ok
21:20:58.0826 3304	FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
21:20:58.0857 3304	FltMgr - ok
21:20:58.0951 3304	Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
21:20:58.0982 3304	Fs_Rec - ok
21:20:59.0060 3304	gagp30kx        (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys
21:20:59.0076 3304	gagp30kx - ok
21:20:59.0185 3304	HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
21:20:59.0248 3304	HdAudAddService - ok
21:20:59.0326 3304	HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:20:59.0404 3304	HDAudBus - ok
21:20:59.0545 3304	HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
21:20:59.0639 3304	HidBth - ok
21:20:59.0842 3304	HidIr           (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
21:20:59.0935 3304	HidIr - ok
21:21:00.0107 3304	HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
21:21:00.0170 3304	HidUsb - ok
21:21:00.0217 3304	HpCISSs         (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys
21:21:00.0232 3304	HpCISSs - ok
21:21:00.0435 3304	HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
21:21:00.0514 3304	HTTP - ok
21:21:00.0607 3304	i2omp           (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys
21:21:00.0623 3304	i2omp - ok
21:21:00.0670 3304	i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
21:21:00.0717 3304	i8042prt - ok
21:21:00.0764 3304	iaStorV         (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys
21:21:00.0779 3304	iaStorV - ok
21:21:00.0842 3304	iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
21:21:00.0857 3304	iirsp - ok
21:21:00.0920 3304	IntcAzAudAddService - ok
21:21:00.0967 3304	intelide        (36a266c673812878996f72b200203fbb) C:\Windows\system32\drivers\intelide.sys
21:21:00.0998 3304	intelide - ok
21:21:01.0029 3304	intelppm        (cd802075728e514548841dcc3f8b0220) C:\Windows\system32\DRIVERS\intelppm.sys
21:21:01.0107 3304	intelppm - ok
21:21:01.0154 3304	IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:21:01.0201 3304	IpFilterDriver - ok
21:21:01.0217 3304	IpInIp - ok
21:21:01.0264 3304	IPMIDRV         (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys
21:21:01.0326 3304	IPMIDRV - ok
21:21:01.0435 3304	IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
21:21:01.0514 3304	IPNAT - ok
21:21:01.0654 3304	irda            (86583188c7157ffda249529423fc3e6f) C:\Windows\system32\DRIVERS\irda.sys
21:21:01.0717 3304	irda - ok
21:21:01.0764 3304	IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
21:21:01.0810 3304	IRENUM - ok
21:21:01.0951 3304	irsir           (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
21:21:01.0998 3304	irsir - ok
21:21:02.0045 3304	isapnp          (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys
21:21:02.0060 3304	isapnp - ok
21:21:02.0154 3304	iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
21:21:02.0170 3304	iScsiPrt - ok
21:21:02.0232 3304	iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
21:21:02.0248 3304	iteatapi - ok
21:21:02.0279 3304	iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
21:21:02.0310 3304	iteraid - ok
21:21:02.0342 3304	kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
21:21:02.0373 3304	kbdclass - ok
21:21:02.0467 3304	kbdhid          (2b08052372c1f0dffc31cdd6e5abc4b5) C:\Windows\system32\DRIVERS\kbdhid.sys
21:21:02.0545 3304	kbdhid - ok
21:21:02.0685 3304	KSecDD          (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
21:21:02.0764 3304	KSecDD - ok
21:21:02.0967 3304	ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
21:21:03.0045 3304	ksthunk - ok
21:21:03.0139 3304	lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
21:21:03.0201 3304	lltdio - ok
21:21:03.0264 3304	LSI_FC          (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys
21:21:03.0279 3304	LSI_FC - ok
21:21:03.0310 3304	LSI_SAS         (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys
21:21:03.0326 3304	LSI_SAS - ok
21:21:03.0357 3304	LSI_SCSI        (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys
21:21:03.0389 3304	LSI_SCSI - ok
21:21:03.0529 3304	luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
21:21:03.0592 3304	luafv - ok
21:21:03.0639 3304	megasas         (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys
21:21:03.0654 3304	megasas - ok
21:21:03.0717 3304	Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
21:21:03.0779 3304	Modem - ok
21:21:03.0842 3304	monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
21:21:03.0935 3304	monitor - ok
21:21:04.0045 3304	mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
21:21:04.0060 3304	mouclass - ok
21:21:04.0139 3304	mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
21:21:04.0170 3304	mouhid - ok
21:21:04.0232 3304	MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
21:21:04.0264 3304	MountMgr - ok
21:21:04.0295 3304	mpio            (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys
21:21:04.0326 3304	mpio - ok
21:21:04.0389 3304	mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
21:21:04.0435 3304	mpsdrv - ok
21:21:04.0529 3304	Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
21:21:04.0545 3304	Mraid35x - ok
21:21:04.0576 3304	MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
21:21:04.0639 3304	MRxDAV - ok
21:21:04.0701 3304	mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:21:04.0748 3304	mrxsmb - ok
21:21:04.0810 3304	mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:21:04.0873 3304	mrxsmb10 - ok
21:21:04.0935 3304	mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:21:04.0982 3304	mrxsmb20 - ok
21:21:05.0029 3304	msahci          (eeadf970795148bfbb1db3abcc89c16b) C:\Windows\system32\drivers\msahci.sys
21:21:05.0045 3304	msahci - ok
21:21:05.0092 3304	msdsm           (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys
21:21:05.0107 3304	msdsm - ok
21:21:05.0170 3304	Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
21:21:05.0217 3304	Msfs - ok
21:21:05.0389 3304	msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
21:21:05.0404 3304	msisadrv - ok
21:21:05.0467 3304	MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
21:21:05.0529 3304	MSKSSRV - ok
21:21:05.0560 3304	MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
21:21:05.0607 3304	MSPCLOCK - ok
21:21:05.0639 3304	MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
21:21:05.0685 3304	MSPQM - ok
21:21:05.0842 3304	MsRPC           (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
21:21:05.0889 3304	MsRPC - ok
21:21:06.0014 3304	mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
21:21:06.0029 3304	mssmbios - ok
21:21:06.0154 3304	MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
21:21:06.0248 3304	MSTEE - ok
21:21:06.0279 3304	Mup             (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
21:21:06.0295 3304	Mup - ok
21:21:06.0404 3304	NativeWifiP     (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
21:21:06.0467 3304	NativeWifiP - ok
21:21:06.0576 3304	NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
21:21:06.0607 3304	NDIS - ok
21:21:06.0764 3304	NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
21:21:06.0842 3304	NdisTapi - ok
21:21:06.0873 3304	Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
21:21:06.0935 3304	Ndisuio - ok
21:21:06.0998 3304	NdisWan         (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
21:21:07.0045 3304	NdisWan - ok
21:21:07.0092 3304	NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
21:21:07.0139 3304	NDProxy - ok
21:21:07.0279 3304	NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
21:21:07.0357 3304	NetBIOS - ok
21:21:07.0404 3304	netbt           (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
21:21:07.0467 3304	netbt - ok
21:21:07.0560 3304	nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
21:21:07.0576 3304	nfrd960 - ok
21:21:07.0701 3304	npf             (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
21:21:07.0701 3304	npf - ok
21:21:07.0748 3304	Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
21:21:07.0795 3304	Npfs - ok
21:21:07.0810 3304	NPPTNT2 - ok
21:21:07.0873 3304	nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
21:21:07.0920 3304	nsiproxy - ok
21:21:08.0045 3304	Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
21:21:08.0139 3304	Ntfs - ok
21:21:08.0295 3304	Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
21:21:08.0357 3304	Null - ok
21:21:08.0451 3304	NVENETFD        (cf2a023f422ce6e43302b139e4b87b05) C:\Windows\system32\DRIVERS\nvmfdx64.sys
21:21:08.0514 3304	NVENETFD - ok
21:21:09.0217 3304	nvlddmkm        (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:21:09.0920 3304	nvlddmkm - ok
21:21:10.0045 3304	NVNET           (cf2a023f422ce6e43302b139e4b87b05) C:\Windows\system32\DRIVERS\nvmfdx64.sys
21:21:10.0076 3304	NVNET - ok
21:21:10.0139 3304	nvraid          (840eeb44dc49317a6161961f7682cd99) C:\Windows\system32\drivers\nvraid.sys
21:21:10.0154 3304	nvraid - ok
21:21:10.0185 3304	nvstor          (94c5334040a5d500897f4c5fd12aeede) C:\Windows\system32\drivers\nvstor.sys
21:21:10.0201 3304	nvstor - ok
21:21:10.0232 3304	nvstor64        (e87e17e9fd94ee9f0dbde4b6ad882f26) C:\Windows\system32\DRIVERS\nvstor64.sys
21:21:10.0248 3304	nvstor64 - ok
21:21:10.0295 3304	nv_agp          (aa1b6c86a4763502e20b65c025f39bad) C:\Windows\system32\drivers\nv_agp.sys
21:21:10.0310 3304	nv_agp - ok
21:21:10.0326 3304	NwlnkFlt - ok
21:21:10.0357 3304	NwlnkFwd - ok
21:21:10.0404 3304	ohci1394        (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
21:21:10.0467 3304	ohci1394 - ok
21:21:10.0529 3304	Parport         (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
21:21:10.0560 3304	Parport - ok
21:21:10.0607 3304	partmgr         (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
21:21:10.0623 3304	partmgr - ok
21:21:10.0670 3304	pci             (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
21:21:10.0701 3304	pci - ok
21:21:10.0732 3304	pciide          (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
21:21:10.0748 3304	pciide - ok
21:21:10.0779 3304	pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
21:21:10.0810 3304	pcmcia - ok
21:21:10.0857 3304	PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
21:21:10.0967 3304	PEAUTH - ok
21:21:11.0139 3304	PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
21:21:11.0185 3304	PptpMiniport - ok
21:21:11.0217 3304	Processor       (6bc78e5f12cbb74e7930aaaa4a0db387) C:\Windows\system32\drivers\processr.sys
21:21:11.0295 3304	Processor - ok
21:21:11.0373 3304	PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
21:21:11.0404 3304	PSched - ok
21:21:11.0451 3304	ql2300          (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys
21:21:11.0545 3304	ql2300 - ok
21:21:11.0592 3304	ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
21:21:11.0607 3304	ql40xx - ok
21:21:11.0654 3304	QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
21:21:11.0701 3304	QWAVEdrv - ok
21:21:11.0748 3304	RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
21:21:11.0795 3304	RasAcd - ok
21:21:11.0889 3304	Rasl2tp         (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:21:11.0935 3304	Rasl2tp - ok
21:21:11.0998 3304	RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
21:21:12.0060 3304	RasPppoe - ok
21:21:12.0107 3304	RasSstp         (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
21:21:12.0123 3304	RasSstp - ok
21:21:12.0170 3304	rdbss           (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
21:21:12.0217 3304	rdbss - ok
21:21:12.0264 3304	RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:21:12.0295 3304	RDPCDD - ok
21:21:12.0357 3304	rdpdr           (2d98dda8edce73df99854bf3692ccc87) C:\Windows\system32\drivers\rdpdr.sys
21:21:12.0451 3304	rdpdr - ok
21:21:12.0498 3304	RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
21:21:12.0545 3304	RDPENCDD - ok
21:21:12.0592 3304	RDPWD           (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
21:21:12.0639 3304	RDPWD - ok
21:21:12.0748 3304	rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
21:21:12.0810 3304	rspndr - ok
21:21:12.0857 3304	s0016bus        (ea268bce30691c2dd24f02e617fd2eb5) C:\Windows\system32\DRIVERS\s0016bus.sys
21:21:12.0873 3304	s0016bus - ok
21:21:12.0920 3304	s0016mdfl       (f5f9deb89996d333ef976624d37e24e3) C:\Windows\system32\DRIVERS\s0016mdfl.sys
21:21:12.0920 3304	s0016mdfl - ok
21:21:12.0967 3304	s0016mdm        (c17ce2aee67480febcc36eccb54c0be8) C:\Windows\system32\DRIVERS\s0016mdm.sys
21:21:12.0982 3304	s0016mdm - ok
21:21:13.0029 3304	s0016mgmt       (cc267f04c54c5ec5b7bd658d7628469f) C:\Windows\system32\DRIVERS\s0016mgmt.sys
21:21:13.0045 3304	s0016mgmt - ok
21:21:13.0107 3304	s0016nd5        (30a35bbce09d9fe67482fd62c61911fc) C:\Windows\system32\DRIVERS\s0016nd5.sys
21:21:13.0107 3304	s0016nd5 - ok
21:21:13.0139 3304	s0016obex       (ca394dcc38579c7ad82e83ee64d798a0) C:\Windows\system32\DRIVERS\s0016obex.sys
21:21:13.0154 3304	s0016obex - ok
21:21:13.0185 3304	s0016unic       (eb267ccea84e6e8598d92f73332ac67b) C:\Windows\system32\DRIVERS\s0016unic.sys
21:21:13.0217 3304	s0016unic - ok
21:21:13.0295 3304	s1018bus        (301fba4594fb5c0a469299a65106b4aa) C:\Windows\system32\DRIVERS\s1018bus.sys
21:21:13.0310 3304	s1018bus - ok
21:21:13.0357 3304	s1018mdfl       (d1d7c744f79710357e60fc04d125ed01) C:\Windows\system32\DRIVERS\s1018mdfl.sys
21:21:13.0357 3304	s1018mdfl - ok
21:21:13.0404 3304	s1018mdm        (7dbe12cccd837d4266b2ddd80a329c09) C:\Windows\system32\DRIVERS\s1018mdm.sys
21:21:13.0420 3304	s1018mdm - ok
21:21:13.0529 3304	s1018mgmt       (065ff5e62d2d18a6d93fd925546cd549) C:\Windows\system32\DRIVERS\s1018mgmt.sys
21:21:13.0545 3304	s1018mgmt - ok
21:21:13.0592 3304	s1018nd5        (5101d815bdf0d667e3d5f0ea727caaee) C:\Windows\system32\DRIVERS\s1018nd5.sys
21:21:13.0607 3304	s1018nd5 - ok
21:21:13.0639 3304	s1018obex       (13f220c65b444ac9bda49dacfc3230bb) C:\Windows\system32\DRIVERS\s1018obex.sys
21:21:13.0654 3304	s1018obex - ok
21:21:13.0685 3304	s1018unic       (ce7d8bce80211d8a35f6bd7a87791860) C:\Windows\system32\DRIVERS\s1018unic.sys
21:21:13.0701 3304	s1018unic - ok
21:21:13.0748 3304	s3017bus        (d6e1d780fe3fe014ccac83c2cf961067) C:\Windows\system32\DRIVERS\s3017bus.sys
21:21:13.0764 3304	s3017bus - ok
21:21:13.0826 3304	sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
21:21:13.0842 3304	sbp2port - ok
21:21:13.0904 3304	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:21:13.0967 3304	secdrv - ok
21:21:14.0029 3304	Serenum         (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
21:21:14.0076 3304	Serenum - ok
21:21:14.0107 3304	Serial          (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
21:21:14.0170 3304	Serial - ok
21:21:14.0217 3304	sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
21:21:14.0279 3304	sermouse - ok
21:21:14.0342 3304	sffdisk         (541b32f8d6b2dcb92ec43bab267e79ea) C:\Windows\system32\drivers\sffdisk.sys
21:21:14.0404 3304	sffdisk - ok
21:21:14.0451 3304	sffp_mmc        (446e7cca3325c7e0ae0fde7f73cdd9c2) C:\Windows\system32\drivers\sffp_mmc.sys
21:21:14.0529 3304	sffp_mmc - ok
21:21:14.0576 3304	sffp_sd         (67edc221348911e895af51c57d9a3725) C:\Windows\system32\drivers\sffp_sd.sys
21:21:14.0639 3304	sffp_sd - ok
21:21:14.0685 3304	sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
21:21:14.0764 3304	sfloppy - ok
21:21:14.0826 3304	SiSRaid2        (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys
21:21:14.0842 3304	SiSRaid2 - ok
21:21:14.0873 3304	SiSRaid4        (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys
21:21:14.0889 3304	SiSRaid4 - ok
21:21:14.0951 3304	Smb             (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
21:21:15.0014 3304	Smb - ok
21:21:15.0092 3304	spldr           (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
21:21:15.0107 3304	spldr - ok
21:21:15.0185 3304	sptd            (9ab59cf736981ed1f83c6ab5faa8ba5c) C:\Windows\System32\Drivers\sptd.sys
21:21:15.0264 3304	sptd - ok
21:21:15.0373 3304	srv             (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
21:21:15.0467 3304	srv - ok
21:21:15.0545 3304	srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
21:21:15.0592 3304	srv2 - ok
21:21:15.0639 3304	srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
21:21:15.0685 3304	srvnet - ok
21:21:15.0764 3304	StillCam        (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
21:21:15.0826 3304	StillCam - ok
21:21:15.0889 3304	swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
21:21:15.0889 3304	swenum - ok
21:21:15.0935 3304	Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
21:21:15.0951 3304	Symc8xx - ok
21:21:15.0982 3304	Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
21:21:15.0998 3304	Sym_hi - ok
21:21:16.0045 3304	Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
21:21:16.0060 3304	Sym_u3 - ok
21:21:16.0154 3304	Tcpip           (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
21:21:16.0279 3304	Tcpip - ok
21:21:16.0357 3304	Tcpip6          (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
21:21:16.0404 3304	Tcpip6 - ok
21:21:16.0467 3304	tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
21:21:16.0498 3304	tcpipreg - ok
21:21:16.0545 3304	TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
21:21:16.0607 3304	TDPIPE - ok
21:21:16.0654 3304	TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
21:21:16.0701 3304	TDTCP - ok
21:21:16.0748 3304	tdx             (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
21:21:16.0779 3304	tdx - ok
21:21:16.0826 3304	TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
21:21:16.0842 3304	TermDD - ok
21:21:16.0951 3304	tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:21:16.0998 3304	tssecsrv - ok
21:21:17.0060 3304	tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
21:21:17.0092 3304	tunmp - ok
21:21:17.0185 3304	tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
21:21:17.0232 3304	tunnel - ok
21:21:17.0264 3304	uagp35          (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\drivers\uagp35.sys
21:21:17.0279 3304	uagp35 - ok
21:21:17.0342 3304	udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
21:21:17.0404 3304	udfs - ok
21:21:17.0467 3304	uliagpkx        (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys
21:21:17.0482 3304	uliagpkx - ok
21:21:17.0514 3304	uliahci         (6030b68e86a30d1b315b51c4d7778b16) C:\Windows\system32\drivers\uliahci.sys
21:21:17.0529 3304	uliahci - ok
21:21:17.0560 3304	UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
21:21:17.0576 3304	UlSata - ok
21:21:17.0607 3304	ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
21:21:17.0623 3304	ulsata2 - ok
21:21:17.0670 3304	umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
21:21:17.0732 3304	umbus - ok
21:21:17.0795 3304	usbccgp         (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
21:21:17.0826 3304	usbccgp - ok
21:21:17.0857 3304	usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
21:21:17.0935 3304	usbcir - ok
21:21:17.0998 3304	usbehci         (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
21:21:18.0045 3304	usbehci - ok
21:21:18.0107 3304	usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
21:21:18.0154 3304	usbhub - ok
21:21:18.0185 3304	usbohci         (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
21:21:18.0217 3304	usbohci - ok
21:21:18.0279 3304	usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
21:21:18.0310 3304	usbprint - ok
21:21:18.0357 3304	usbscan         (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
21:21:18.0404 3304	usbscan - ok
21:21:18.0451 3304	USBSTOR         (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:21:18.0482 3304	USBSTOR - ok
21:21:18.0514 3304	usbuhci         (7bf55d2538740b25936e93553e5d190d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:21:18.0592 3304	usbuhci - ok
21:21:18.0654 3304	vga             (2998dc48905e9b4821ad8fd75b3e070c) C:\Windows\system32\DRIVERS\vgapnp.sys
21:21:18.0717 3304	vga - ok
21:21:18.0764 3304	VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
21:21:18.0826 3304	VgaSave - ok
21:21:18.0857 3304	viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
21:21:18.0873 3304	viaide - ok
21:21:18.0904 3304	volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
21:21:18.0920 3304	volmgr - ok
21:21:18.0982 3304	volmgrx         (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
21:21:19.0014 3304	volmgrx - ok
21:21:19.0076 3304	volsnap         (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
21:21:19.0107 3304	volsnap - ok
21:21:19.0154 3304	vsmraid         (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys
21:21:19.0170 3304	vsmraid - ok
21:21:19.0232 3304	WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
21:21:19.0295 3304	WacomPen - ok
21:21:19.0357 3304	Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
21:21:19.0389 3304	Wanarp - ok
21:21:19.0404 3304	Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
21:21:19.0435 3304	Wanarpv6 - ok
21:21:19.0482 3304	Wd              (59b501b0a04c9672142b7ffa2bdbf663) C:\Windows\system32\drivers\wd.sys
21:21:19.0498 3304	Wd - ok
21:21:19.0576 3304	Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
21:21:19.0623 3304	Wdf01000 - ok
21:21:19.0779 3304	WmiAcpi         (ae34218455d5dc12d1e45de85f160346) C:\Windows\system32\drivers\wmiacpi.sys
21:21:19.0842 3304	WmiAcpi - ok
21:21:19.0935 3304	WpdUsb          (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
21:21:19.0967 3304	WpdUsb - ok
21:21:20.0045 3304	ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
21:21:20.0092 3304	ws2ifsl - ok
21:21:20.0201 3304	WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:21:20.0248 3304	WUDFRd - ok
21:21:20.0310 3304	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
21:21:22.0857 3304	\Device\Harddisk0\DR0 - ok
21:21:22.0889 3304	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
21:21:22.0951 3304	\Device\Harddisk1\DR1 - ok
21:21:22.0967 3304	Boot (0x1200)   (90d929beddac5898365126191c00e7a7) \Device\Harddisk0\DR0\Partition0
21:21:22.0967 3304	\Device\Harddisk0\DR0\Partition0 - ok
21:21:22.0998 3304	Boot (0x1200)   (241c17551ce1b961e8d0134eda53dcb4) \Device\Harddisk0\DR0\Partition1
21:21:22.0998 3304	\Device\Harddisk0\DR0\Partition1 - ok
21:21:23.0014 3304	Boot (0x1200)   (c72bd5f223d04729eda4534dbc4c69e0) \Device\Harddisk1\DR1\Partition0
21:21:23.0014 3304	\Device\Harddisk1\DR1\Partition0 - ok
21:21:23.0045 3304	Boot (0x1200)   (a18c3cf2493d8ab7653a08709f0c26cb) \Device\Harddisk1\DR1\Partition1
21:21:23.0045 3304	\Device\Harddisk1\DR1\Partition1 - ok
21:21:23.0060 3304	============================================================
21:21:23.0060 3304	Scan finished
21:21:23.0060 3304	============================================================
21:21:23.0076 0824	Detected object count: 1
21:21:23.0076 0824	Actual detected object count: 1
21:21:35.0576 0824	acedrv05 ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:35.0576 0824	acedrv05 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 04.11.2011, 21:27   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware Trace, HEUR/HTML.Malware - Standard

Malware Trace, HEUR/HTML.Malware



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.11.2011, 22:32   #15
sternchen222
 
Malware Trace, HEUR/HTML.Malware - Standard

Malware Trace, HEUR/HTML.Malware



Es hat nicht richtig mit Combofix geklappt. Ich hab das Programm wie beschrieben durchlaufen lassen. 50 Stufen wurden angezeigt und zwischendurch stand zwei Mal die Meldung "Failed to get data for "Enable LVA". Es kam keine Meldung, dass ein Log-File erstellt wird. Unter C:\Combofix\ finde ich zwar eins, hat aber nur folgenden Inhalt:

Code:
ATTFilter
ComboFix 11-11-04.04 - user 04.11.2011  22:00:04.1.1 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1791.809 [GMT 1:00]
ausgeführt von:: C:\Users\So\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
         
Zum Schluss kam, dass der PC nicht manuell neu gestartet werden soll. Er ist dann von allein gebootet. Nachdem ich mich angemeldet habe, öffnete sich wieder das Combofix-Fenster und das ist auf dem Bildschirm wild hin und her gesprungen. Ich habe 15 Minuten gewartet, ob was passiert, danach versucht, zu beenden. War schwierig, ging aber. Danach neu gestartet, gleiches Problem. Habe Combofix erneut ausgeführt, wieder derselbe Vorgang.

Weißt du, was hier schief gelaufen ist?
Ich seh, da steht, dass Avira und Windows Defender an ist. Avira hatte ich vorher deaktiviert. Auch wenn beides aus ist, funktioniert es nicht.

Ich wünsche schon mal eine gute Nacht

Geändert von sternchen222 (04.11.2011 um 22:57 Uhr)

Antwort

Themen zu Malware Trace, HEUR/HTML.Malware
aktiv, aktualisieren, aktuelle, avira, firefox, foren, hallo zusammen, heur/html.malware, installiert, langsam, lösung, malware, malwarebytes, mausklick, meldungen, otl-log, pferd, probleme, quarantäne, spyware, surfen, trojanische, trojanische pferd, verseucht, version, virus



Ähnliche Themen: Malware Trace, HEUR/HTML.Malware


  1. AntiVir hat Malware gefunden; HEUR/HTML.Malware
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (3)
  2. HEUR/HTML.Malware - Heuristic
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (14)
  3. HEUR/HTML.Malware von AV bei IE
    Plagegeister aller Art und deren Bekämpfung - 09.07.2010 (1)
  4. TR/Agent.AR,TR/Click.Klik,HEUR/HTML.Malware,HTML/Crypted.Gen, dwwin.exe, drwtsu32.exe
    Plagegeister aller Art und deren Bekämpfung - 25.05.2010 (1)
  5. werde Malware nicht los z.B. HEUR/HTML.Malware [heuristic
    Log-Analyse und Auswertung - 31.03.2010 (10)
  6. Malware Problem HEUR/HTML.Malware
    Log-Analyse und Auswertung - 29.03.2010 (1)
  7. HEUR/HTML.Malware
    Plagegeister aller Art und deren Bekämpfung - 20.11.2009 (28)
  8. heur/html.malware
    Plagegeister aller Art und deren Bekämpfung - 05.08.2009 (1)
  9. TR/Rootkit.Gen & HTML/Infected.WebPage.Gen' & HEUR/HTML.Malware gefunden
    Log-Analyse und Auswertung - 25.06.2009 (31)
  10. EXP/ASF.GetCodec.Gen,HEUR/HTML.Malware,TR/Dropper.Gen,HEUR/HTML.Malware
    Plagegeister aller Art und deren Bekämpfung - 10.04.2009 (17)
  11. HEUR/HTML.Malware
    Plagegeister aller Art und deren Bekämpfung - 19.01.2009 (1)
  12. HEUR/HTML.Malware infiziert?!?!
    Mülltonne - 21.12.2008 (0)
  13. HEUR.HTML/Malware
    Mülltonne - 15.12.2008 (0)
  14. HEUR/HTML.Malware
    Mülltonne - 10.12.2008 (2)
  15. Spy Eraser findet Adware.CWS, Malware - Avira findet HEUR/HTML.Malware
    Log-Analyse und Auswertung - 20.10.2008 (1)
  16. HEUR/HTML Malware, .vbs ????
    Plagegeister aller Art und deren Bekämpfung - 22.06.2008 (4)
  17. Heur/HTML Malware
    Log-Analyse und Auswertung - 28.05.2008 (12)

Zum Thema Malware Trace, HEUR/HTML.Malware - Hallo zusammen, seit längerer Zeit bekomme ich immer wieder Virenfunde von Avira gemeldet. Ich habe mich damit begnügt, diese mit einem Mausklick zu entfernen. Wenn ich mir die History so - Malware Trace, HEUR/HTML.Malware...
Archiv
Du betrachtest: Malware Trace, HEUR/HTML.Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.