| |
| |||||||
Log-Analyse und Auswertung: Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!IWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.11.2011, 13:06
| #1 |
 |  Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I Hallo, ich bin Marcel und habe einen Trojaner. Dieser hat sich gestern im Laufe des Vormittags bemerkbar gemacht da meine Firewall ständig andere Programme blocken wollte. Einmal war es ebay.exe und auch mal Ploizz.exe . Ich hab mir da nicht soviel Gedanken gemacht und gesehen das eine 0kb SVCHOST da ist erstellt in users/mein Name/App Data/ Roaming/Microsoft/ Diese + alle weiteren die das Programm erstellt hat hab ich gelöscht. DANACH am Abend hat mich Windows Defender erst drauf aufmerksam gemacht das TrojanDownloader:Win32/Small.gen!I hier nicht sein sollte. Seitdem ist mein Downspeed auf 350kb anstatt ca 800 (PERMANENT) und der Upstream auf 35 von 75. Hab geschaut ob ichs allein irgendwie lösen kann, aber, hier bin ich nun. Es gab auch zeitgleich mehrere TCP & UDP Flood Angriffe auif meinen Router wenn ich das richtig gelesen habe. Die Logfile ist mit in der Zip in welcher auch Scans sind. Betriebssystem Windows 7 + Avira Professional + Windows Defender + CCleaner & Tweak Me! OTL: Code:
ATTFilter OTL logfile created on: 08.11.2011 11:44:00 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\xxx\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 69,68% Memory free 6,00 Gb Paging File | 4,93 Gb Available in Paging File | 82,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 13,65 Gb Free Space | 5,86% Space Free | Partition Type: NTFS Drive D: | 465,70 Gb Total Space | 5,06 Gb Free Space | 1,09% Space Free | Partition Type: FAT32 Computer Name: xxx | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.08 11:40:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe PRC - [2011.11.08 11:33:51 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe PRC - [2011.11.05 13:37:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.11.05 13:34:56 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.11.05 13:34:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.11.05 13:34:33 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2011.11.05 13:34:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.11.05 13:34:15 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.11.05 13:34:11 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.08.03 12:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.08.01 14:56:42 | 001,821,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2011.07.29 20:31:40 | 001,249,064 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.10.02 13:14:48 | 000,643,592 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe PRC - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2008.09.29 12:15:00 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe PRC - [2008.09.10 12:31:36 | 000,114,688 | ---- | M] (NVIDIA) -- C:\Programme\NVIDIA Corporation\System Update\UpdateCenterService.exe ========== Modules (No Company Name) ========== MOD - [2011.11.08 11:33:51 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.07.24 22:51:32 | 000,299,008 | ---- | M] () -- C:\Programme\IconChanger\IconChng.dll MOD - [2005.07.18 16:46:08 | 000,074,240 | ---- | M] () -- C:\Programme\iPhone Folders\zlibwapi.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (FileZilla Server) SRV - [2011.11.05 13:37:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.11.05 13:34:56 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.11.05 13:34:33 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.11.05 13:34:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.11.05 13:34:11 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2011.10.12 22:30:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.07.29 20:31:40 | 001,249,064 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer) SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.12.28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE) SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.09.29 12:15:00 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2008.09.10 12:31:36 | 000,114,688 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService) SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - [2011.11.05 13:38:12 | 000,111,160 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot) DRV - [2011.11.05 13:38:12 | 000,091,096 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim) DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.03 12:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.07.29 12:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2011.07.29 12:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2011.05.18 07:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.07 06:49:28 | 000,061,824 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCL01132.sys -- (SCL01132) DRV - [2009.10.02 13:14:42 | 000,042,248 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioConectiv_DFU.sys -- (MADFUCONECTIV) DRV - [2009.10.02 13:14:38 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioConectiv.sys -- (MAUSBCONECTIV) DRV - [2009.07.13 23:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.09.29 12:17:06 | 000,029,952 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev) DRV - [2008.09.10 12:28:48 | 000,036,896 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflash.sys -- (NVR0FLASHDev) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 6E 2B 63 8B 71 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.03 16:22:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.07 07:01:44 | 000,000,000 | ---D | M] [2011.06.20 17:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2011.06.20 17:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.11.06 13:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\nxh9q5dv.default\extensions [2011.11.06 02:42:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\nxh9q5dv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.04 23:39:04 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\nxh9q5dv.default\extensions\foxmarks@kei.com [2011.11.05 13:56:20 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\nxh9q5dv.default\extensions\support@lastpass.com [2011.10.25 14:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.25 14:42:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NXH9Q5DV.DEFAULT\EXTENSIONS\{023E9CA0-63F3-47B1-BCB2-9BADF9D9EF28}.XPI () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NXH9Q5DV.DEFAULT\EXTENSIONS\{578E7CAA-210F-4967-A0D3-88FE5B59A39F}.XPI () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NXH9Q5DV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.10.28 19:16:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.09.09 05:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.28 19:16:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.28 19:16:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.28 19:16:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.28 19:16:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.28 19:16:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.28 19:16:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.09.11 07:57:32 | 000,001,411 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4 - HKCU..\Run: [ncid.Net] C:\Programme\ncid.Net\ncid.Net.exe (Gerhard Junker) O4 - HKCU..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O8 - Extra context menu item: &Alles mit BitComet herunterladen - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Mit BitComet herunter&laden - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42C4B1FC-554F-4648-B813-04C89BADD8D0}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C5B3D2D-DB52-402B-AEC3-0285D1BECEC7}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{05978b59-c5d8-11e0-850e-406186c2d919}\Shell - "" = AutoRun O33 - MountPoints2\{05978b59-c5d8-11e0-850e-406186c2d919}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{8f7f0038-9b51-11e0-8582-406186c2d919}\Shell - "" = AutoRun O33 - MountPoints2\{8f7f0038-9b51-11e0-8582-406186c2d919}\Shell\AutoRun\command - "" = J:\autorun\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B8DB38AA-C10B-9756-993B-9481422BFC9C} - Browser Customizations ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: NVIDIA nTune - hkey= - key= - C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.08 11:40:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2011.11.08 00:02:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.11.07 18:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Gerhard Junker [2011.11.07 18:47:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Gerhard_Junker [2011.11.07 18:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ncid.Net [2011.11.07 18:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\ncid.Net [2011.11.07 18:02:01 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Network Monitor 3 [2011.11.07 17:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NET Traffic Meter [2011.11.07 17:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\NET Traffic Meter [2011.11.07 17:38:31 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\NetMeter [2011.11.07 17:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeter [2011.11.07 17:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DeskSoft [2011.11.07 17:25:35 | 000,024,816 | ---- | C] (DeskSoft) -- C:\Windows\System32\drivers\dsnpfd.sys [2011.11.07 17:25:34 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DeskSoft [2011.11.07 15:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axence NetTools Pro 4.0 [2011.11.07 15:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Axence [2011.11.07 08:56:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\gtk-2.0 [2011.11.07 08:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.11.07 08:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2011.11.07 07:42:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\.purple [2011.11.07 07:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin [2011.11.07 03:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2011.11.07 03:52:54 | 000,000,000 | ---D | C] -- C:\Program Settings [2011.11.06 00:08:44 | 000,000,000 | ---D | C] -- C:\Windows\W7SBC [2011.11.05 23:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock [2011.11.05 23:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock [2011.11.05 23:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\foobar2000 [2011.11.05 23:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IconChanger [2011.11.05 23:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\IconChanger [2011.11.05 23:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter [2011.11.05 18:34:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock [2011.11.05 18:33:55 | 000,042,672 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbsys.dll [2011.11.05 18:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock [2011.11.05 18:18:29 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Auslogics [2011.11.05 18:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics [2011.11.05 18:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics [2011.11.05 17:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Setup Files [2011.11.05 16:17:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Verknüpfungen [2011.11.05 15:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\Dr. Hardware 2011 [2011.11.05 14:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakMe! [2011.11.05 14:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\TweakMe! [2011.11.05 14:35:17 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Frameworkx.com [2011.11.05 14:20:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\NeoSmart_Technologies [2011.11.05 14:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies [2011.11.05 14:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\NeoSmart Technologies [2011.11.05 13:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.11.05 13:43:05 | 000,111,160 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys [2011.11.05 13:43:05 | 000,091,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys [2011.11.05 06:01:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Xilisoft [2011.11.05 01:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter [2011.11.05 01:32:47 | 000,307,200 | ---- | C] (FLV.com) -- C:\Windows\System32\TubeFinder.exe [2011.11.05 01:32:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\FreeFLVConverter [2011.11.05 01:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter [2011.11.04 14:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2011.11.03 17:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2 [2011.11.03 16:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet [2011.11.03 16:22:39 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\BitComet [2011.11.03 16:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\BitComet [2011.11.03 10:56:49 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.11.03 10:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.11.03 10:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2011.11.02 17:46:53 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Installer5804 [2011.11.02 17:40:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Installer5848 [2011.11.01 11:18:44 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Outlook-Dateien [2011.11.01 09:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.11.01 09:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011.11.01 09:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.11.01 09:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.10.31 09:36:17 | 009,925,160 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe [2011.10.31 09:36:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass [2011.10.31 09:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass [2011.10.31 09:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\LastPass [2011.10.28 07:18:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\MicroVision Applications [2011.10.28 07:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SureThing [2011.10.28 07:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared [2011.10.28 07:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\SureThing [2011.10.28 07:17:29 | 000,000,000 | ---D | C] -- C:\Windows\MVUNINST [2011.10.25 13:07:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\iZotope [2011.10.23 20:59:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\backup [2011.10.22 23:53:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD} [2011.10.22 23:49:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B} [2011.10.18 11:35:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Avira [2011.10.18 11:35:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.10.18 11:35:05 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.10.18 11:35:05 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.10.18 11:35:05 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2011.10.18 11:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.10.18 11:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011.10.14 00:59:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\TempDIR [2011.10.13 23:59:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlexyDeskop [2011.10.13 23:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\plexydesk [2011.10.13 23:51:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Bump Technologies, Inc [2011.10.13 23:46:52 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Bump Technologies, Inc [2011.10.13 23:41:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx [2011.10.13 21:51:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\MediaMonkey [2011.10.13 21:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\MediaMonkey [2011.10.13 21:37:56 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT [2011.10.13 21:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Partition Master 9.1.0 Home Edition [2011.10.13 21:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS [2011.10.12 22:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone [2011.10.12 22:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone [2011.10.12 22:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone [2011.10.12 18:34:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\GForce [2011.10.12 18:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\GForce [2011.10.12 18:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Arturia [2011.10.12 08:20:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Kontakte Alt ========== Files - Modified Within 30 Days ========== [2011.11.08 11:40:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2011.11.08 11:39:39 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable [2011.11.08 11:39:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.08 11:33:51 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe [2011.11.08 11:23:23 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.08 11:16:17 | 000,020,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.08 11:16:17 | 000,020,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.08 11:09:00 | 000,000,843 | ---- | M] () -- C:\Windows\System32\tversity.cookies [2011.11.08 11:08:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.08 07:18:48 | 000,233,472 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.07 22:47:07 | 000,717,336 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.07 22:47:07 | 000,667,932 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.07 22:47:07 | 000,155,856 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.07 22:47:07 | 000,125,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.07 18:47:16 | 000,000,081 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2011.11.07 18:19:03 | 000,003,124 | ---- | M] () -- C:\Users\xxx\Documents\cc_20111107_181859.reg [2011.11.07 17:25:35 | 000,024,816 | ---- | M] (DeskSoft) -- C:\Windows\System32\drivers\dsnpfd.sys [2011.11.07 10:50:13 | 000,013,326 | ---- | M] () -- C:\Users\xxx\Documents\cc_20111107_105010.reg [2011.11.07 08:28:57 | 000,007,608 | ---- | M] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg [2011.11.07 07:39:37 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Pidgin.lnk [2011.11.07 07:04:43 | 000,001,886 | ---- | M] () -- C:\Users\xxx\Documents\cc_20111107_070440.reg [2011.11.06 13:40:46 | 000,001,516 | ---- | M] () -- C:\Users\xxx\Documents\cc_20111106_134043.reg [2011.11.06 10:13:12 | 002,281,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.11.06 10:05:56 | 000,091,306 | ---- | M] () -- C:\Users\xxx\Documents\cc_20111106_100546.reg [2011.11.05 20:51:55 | 000,005,554 | ---- | M] () -- C:\Windows\System32\Utility.xml [2011.11.05 14:08:27 | 000,000,466 | ---- | M] () -- C:\Users\xxx\Documents\bibo.reg [2011.11.05 13:38:12 | 000,111,160 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys [2011.11.05 13:38:12 | 000,091,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys [2011.11.05 02:25:07 | 000,000,176 | ---- | M] () -- C:\Windows\System32\w3data.vss [2011.11.05 02:25:07 | 000,000,176 | ---- | M] () -- C:\Windows\System32\msvcsv60.dll [2011.11.05 02:25:07 | 000,000,176 | ---- | M] () -- C:\Windows\msocreg32.dat [2011.11.03 10:59:16 | 000,000,600 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\winscp.rnd [2011.11.02 14:48:47 | 000,049,382 | ---- | M] () -- C:\Users\xxx\Documents\dragon age 2.rtf [2011.10.31 09:36:17 | 009,925,160 | ---- | M] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe [2011.10.28 07:25:35 | 000,054,444 | ---- | M] () -- C:\Users\xxx\Documents\cordless1.std [2011.10.20 17:04:23 | 001,866,317 | ---- | M] () -- C:\Users\xxx\Documents\IMG_0235.JPG [2011.10.20 17:04:22 | 001,751,155 | ---- | M] () -- C:\Users\xxx\Documents\IMG_0230.JPG [2011.10.20 17:04:22 | 001,708,458 | ---- | M] () -- C:\Users\xxx\Documents\IMG_0231.JPG [2011.10.20 16:58:00 | 000,055,926 | ---- | M] () -- C:\Users\xxx\Documents\Unbenanntes Dokument 2.pdf [2011.10.20 16:58:00 | 000,000,032 | ---- | M] () -- C:\Users\xxx\Documents\Teil 1.3 [2011.10.16 15:10:03 | 000,399,876 | RHS- | M] () -- C:\TOGMY [2011.10.16 15:10:03 | 000,000,000 | RHS- | M] () -- C:\jkcv.ld [2011.10.14 08:42:17 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2011.10.13 21:47:23 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml [2011.10.13 21:47:23 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2011.10.13 21:22:38 | 000,001,119 | -H-- | M] () -- C:\Windows\EPMBatch.ept [2011.10.12 17:57:27 | 000,022,648 | ---- | M] () -- C:\Users\xxx\Documents\cc_20111012_185722.reg [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2011.11.08 11:39:39 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable [2011.11.08 11:33:47 | 000,050,477 | ---- | C] () -- C:\Users\xxx\Desktop\Defogger.exe [2011.11.07 18:47:16 | 000,000,081 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2011.11.07 18:19:01 | 000,003,124 | ---- | C] () -- C:\Users\xxx\Documents\cc_20111107_181859.reg [2011.11.07 10:50:11 | 000,013,326 | ---- | C] () -- C:\Users\xxx\Documents\cc_20111107_105010.reg [2011.11.07 08:28:57 | 000,007,608 | ---- | C] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg [2011.11.07 07:39:37 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Pidgin.lnk [2011.11.07 07:04:42 | 000,001,886 | ---- | C] () -- C:\Users\xxx\Documents\cc_20111107_070440.reg [2011.11.06 13:40:44 | 000,001,516 | ---- | C] () -- C:\Users\xxx\Documents\cc_20111106_134043.reg [2011.11.06 10:05:48 | 000,091,306 | ---- | C] () -- C:\Users\xxx\Documents\cc_20111106_100546.reg [2011.11.05 20:51:55 | 000,005,554 | ---- | C] () -- C:\Windows\System32\Utility.xml [2011.11.05 18:34:05 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll [2011.11.05 14:08:27 | 000,000,466 | ---- | C] () -- C:\Users\xxx\Documents\bibo.reg [2011.11.05 13:42:28 | 000,000,512 | R--- | C] () -- C:\Users\xxx\Documents\HBEDV.KEY [2011.11.05 01:32:44 | 000,208,500 | ---- | C] () -- C:\Windows\System32\ReyXpBasics.tlb [2011.11.05 01:32:43 | 000,364,544 | ---- | C] () -- C:\Windows\System32\PropertyGrid.ocx [2011.11.05 01:32:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ControlSubX.ocx [2011.11.02 17:41:24 | 000,001,361 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk [2011.11.02 14:48:46 | 000,049,382 | ---- | C] () -- C:\Users\xxx\Documents\dragon age 2.rtf [2011.10.28 07:25:35 | 000,054,444 | ---- | C] () -- C:\Users\xxx\Documents\cordless1.std [2011.10.20 17:04:23 | 001,866,317 | ---- | C] () -- C:\Users\xxx\Documents\IMG_0235.JPG [2011.10.20 17:04:22 | 001,751,155 | ---- | C] () -- C:\Users\xxx\Documents\IMG_0230.JPG [2011.10.20 17:04:22 | 001,708,458 | ---- | C] () -- C:\Users\xxx\Documents\IMG_0231.JPG [2011.10.20 16:57:39 | 000,000,032 | ---- | C] () -- C:\Users\xxx\Documents\Teil 1.3 [2011.10.20 16:57:34 | 000,055,926 | ---- | C] () -- C:\Users\xxx\Documents\Unbenanntes Dokument 2.pdf [2011.10.16 15:10:03 | 000,000,000 | RHS- | C] () -- C:\jkcv.ld [2011.10.16 15:10:02 | 000,399,876 | RHS- | C] () -- C:\TOGMY [2011.10.14 08:42:15 | 000,000,001 | -HS- | C] () -- C:\BOOTNXT [2011.10.13 21:19:26 | 000,001,119 | -H-- | C] () -- C:\Windows\EPMBatch.ept [2011.10.13 21:13:10 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2011.10.13 21:13:09 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2011.10.13 21:13:09 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2011.10.13 21:13:09 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2011.10.13 21:13:09 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2011.10.12 21:56:35 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml [2011.10.12 21:56:35 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2011.10.12 17:57:24 | 000,022,648 | ---- | C] () -- C:\Users\xxx\Documents\cc_20111012_185722.reg [2011.09.26 10:54:25 | 000,000,072 | ---- | C] () -- C:\Windows\SSB.ini [2011.09.25 23:24:05 | 000,000,000 | -H-- | C] () -- C:\Users\xxx\AppData\Roaming\.51BEE852859F7D89.sys [2011.09.25 22:11:27 | 000,000,034 | ---- | C] () -- C:\Windows\System32\mnprxpd2e.bin [2011.09.12 13:19:03 | 000,403,912 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.09.11 08:27:55 | 000,000,600 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\winscp.rnd [2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\ssolekuy.dll [2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\ssoleht.dll [2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\sslibkh.dll [2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\sslibjy.dll [2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\sslibfg.dll [2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\sslibeh.dll [2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\slibff.dll [2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\slibddf.dll [2011.07.16 03:32:06 | 000,678,746 | ---- | C] () -- C:\Windows\unins000.exe [2011.07.16 03:32:05 | 000,021,007 | ---- | C] () -- C:\Windows\unins000.dat [2011.07.07 03:19:44 | 000,000,176 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll [2011.07.07 03:19:44 | 000,000,176 | ---- | C] () -- C:\Windows\msocreg32.dat [2011.07.06 12:06:29 | 000,040,960 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\TweetAdder [2011.07.05 08:42:31 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL [2011.06.27 22:21:31 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys [2011.06.27 22:19:29 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg [2011.06.27 22:19:27 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe [2011.06.27 19:05:28 | 000,058,141 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\SQLite3.dll [2011.06.27 18:53:25 | 001,032,266 | ---- | C] () -- C:\Windows\System32\libmmd.dll [2011.06.27 18:36:27 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll [2011.06.26 20:43:31 | 000,233,472 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.20 18:41:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.06.20 18:40:28 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.20 17:49:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.06.20 17:35:57 | 000,067,584 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\chrtmp [2011.06.20 17:32:53 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.06.20 17:32:52 | 000,644,608 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.06.20 17:32:52 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.06.20 17:32:52 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.06.20 17:27:03 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.06.20 16:47:42 | 000,111,104 | ---- | C] () -- C:\Windows\System32\Uharc.exe [2011.06.20 16:47:42 | 000,008,636 | ---- | C] () -- C:\Windows\System32\modifype.exe [2011.06.20 14:45:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.06.20 14:45:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.12.06 14:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\System32\abgx360.exe [2009.11.17 16:13:12 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2009.11.17 16:11:26 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2009.11.17 16:09:36 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2009.11.17 16:09:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2009.07.28 21:46:36 | 000,717,336 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.28 21:46:36 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.28 21:46:36 | 000,155,856 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.28 21:46:36 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 002,281,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,667,932 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,125,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2005.04.04 19:56:28 | 000,229,536 | -H-- | C] () -- C:\Users\xxx\AppData\Roaming\logs.dat ========== LOP Check ========== [2011.11.08 11:42:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\.purple [2011.07.06 21:09:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ableton [2011.08.16 02:02:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Anvil Studio [2011.11.05 18:18:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Auslogics [2011.11.05 15:52:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\BitComet [2011.10.13 23:46:52 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Bump Technologies, Inc [2011.08.11 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canneverbe Limited [2011.11.07 17:25:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DeskSoft [2011.07.16 02:42:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FabFilter [2011.06.28 18:06:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FlashFXP [2011.06.20 20:45:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Foxit Software [2011.11.05 03:22:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FreeFLVConverter [2011.11.07 08:56:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gtk-2.0 [2011.08.12 06:34:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ImgBurn [2011.08.15 06:30:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Intermedia Software [2011.10.13 04:59:52 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\iZotope [2011.08.08 09:01:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lexware [2011.08.02 09:32:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MAGIX [2011.09.12 00:50:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MotionDSP [2011.08.16 04:55:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Music Recognition [2011.11.07 17:43:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\NetMeter [2011.11.08 08:05:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Notepad++ [2011.07.27 15:46:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SongManager [2011.08.28 01:58:19 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TeamViewer [2011.06.27 18:55:48 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Teragon Audio [2011.06.20 17:49:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Thunderbird [2011.06.20 16:29:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Trillian [2011.07.26 18:52:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software [2011.06.27 18:50:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Waves Audio [2011.09.28 22:30:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\WindSolutions [2011.11.05 06:01:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Xilisoft [2011.11.07 09:38:15 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.07.06 08:04:45 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.10.13 21:37:56 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~BT [2011.11.08 19:47:34 | 000,000,000 | -HSD | M] -- C:\Boot [2011.11.08 03:01:07 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.06.20 15:08:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.11.07 12:29:29 | 000,000,000 | ---D | M] -- C:\Downloads [2011.09.12 21:40:38 | 000,000,000 | ---D | M] -- C:\HP Universal Print Driver [2011.09.14 14:12:01 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.09.12 01:08:33 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.11.07 18:43:03 | 000,000,000 | R--D | M] -- C:\Program Files [2011.11.07 03:52:54 | 000,000,000 | ---D | M] -- C:\Program Settings [2011.11.07 18:47:16 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.06.20 15:08:44 | 000,000,000 | -HSD | M] -- C:\Programme [2011.10.13 22:58:43 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.11.08 11:45:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.09.12 01:05:03 | 000,000,000 | R--D | M] -- C:\Users [2011.11.08 10:08:26 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > "NoAutoRebootWithLoggedOnUsers" = 1 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-07 23:04:42 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:8CE646EE @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:24721E3C < End of report > Marcel |
|
08.11.2011, 15:22
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
__________________ |
|
08.11.2011, 16:35
| #3 |
| | Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I Hallo & Danke für die rasche Antwort
__________________ Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8114
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
08.11.2011 16:26:43
mbam-log-2011-11-08 (16-26-43).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 210983
Laufzeit: 3 Minute(n), 28 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\xxx\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
|
|
08.11.2011, 19:01
| #4 |
| | Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I Hat etwas gedauert ^^ Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ba306feb600c8b44ade34fefa7d73618
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-08 05:53:53
# local_time=2011-11-08 06:53:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 1832761 1832761 0 0
# compatibility_mode=5893 16776573 100 94 4146 72398019 0 0
# compatibility_mode=8192 67108863 100 0 3794 3794 0 0
# scanned=441657
# found=3
# cleaned=0
# scan_time=8005
C:\Users\xxx\AppData\Local\Temp\ICReinstall\cnet_NetTrafficMeter_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Users\xxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4875e6ca-71f85835 a variant of Win32/Injector.KRN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\xxx\Downloads\SoftonicDownloader_fuer_du-meter.exe.part a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
Geändert von ausdemFF (08.11.2011 um 19:53 Uhr) |
|
08.11.2011, 20:09
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!IZitat:
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.11.2011, 15:48
| #6 |
| | Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I Hallo, hab ich wohl überlesen  Hier der Scan: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8122
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
09.11.2011 15:44:13
mbam-log-2011-11-09 (15-44-13).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 477963
Laufzeit: 2 Stunde(n), 42 Minute(n), 8 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\marcel fink\AppData\LocalLow\Sun\Java\deployment\cache\6.0\10\4875e6ca-71f85835 (Trojan.VBKrypt) -> Quarantined and deleted successfully.
|
|
10.11.2011, 10:06
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
SRV - File not found [On_Demand | Stopped] -- -- (FileZilla Server)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 6E 2B 63 8B 71 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{05978b59-c5d8-11e0-850e-406186c2d919}\Shell - "" = AutoRun
O33 - MountPoints2\{05978b59-c5d8-11e0-850e-406186c2d919}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{8f7f0038-9b51-11e0-8582-406186c2d919}\Shell - "" = AutoRun
O33 - MountPoints2\{8f7f0038-9b51-11e0-8582-406186c2d919}\Shell\AutoRun\command - "" = J:\autorun\autorun.exe
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:24721E3C
:Files
c:\Users\marcel fink\AppData\LocalLow\Sun\Java\deployment\cache\6.0
C:\Users\xxx\Downloads\Softonic*
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.11.2011, 22:05
| #8 |
| | Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!ICode:
ATTFilter All processes killed
========== OTL ==========
Service FileZilla Server stopped successfully!
Service FileZilla Server deleted successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.
C:\Programme\BitComet\tools\BitCometBHO_1.5.4.11.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05978b59-c5d8-11e0-850e-406186c2d919}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05978b59-c5d8-11e0-850e-406186c2d919}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05978b59-c5d8-11e0-850e-406186c2d919}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05978b59-c5d8-11e0-850e-406186c2d919}\ not found.
File "L:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f7f0038-9b51-11e0-8582-406186c2d919}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f7f0038-9b51-11e0-8582-406186c2d919}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f7f0038-9b51-11e0-8582-406186c2d919}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f7f0038-9b51-11e0-8582-406186c2d919}\ not found.
File J:\autorun\autorun.exe not found.
ADS C:\ProgramData\TEMP:8CE646EE deleted successfully.
ADS C:\ProgramData\TEMP:24721E3C deleted successfully.
========== FILES ==========
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\tmp folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\muffin folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\host folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\9 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\8 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\7 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\63 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\62 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\61 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\60 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\6 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\59 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\58 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\57 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\56 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\55 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\54 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\53 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\52 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\51 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\50 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\5 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\49 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\48 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\47 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\46 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\45 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\44 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\43 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\42 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\41 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\40 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\4 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\39 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\38 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\37 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\36 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\35 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\34 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\33 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\32 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\31 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\30 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\3 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\29 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\28 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\27 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\26 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\25 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\24 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\23 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\22 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\21 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\20 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\2 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\19 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\18 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\17 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\16 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\15 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\14 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\13 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\12 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\11 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\10 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\1 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\0 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0 folder moved successfully.
File\Folder C:\Users\xxx\Downloads\Softonic* not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: xxx
->Temp folder emptied: 5794906 bytes
->Temporary Internet Files folder emptied: 17185738 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 187560412 bytes
->Flash cache emptied: 3603 bytes
User: Mcx1-xxx-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 146847 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1065410 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 202,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 11102011_214800
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Sollte es das gewesen sein, was sollt ich behalten von den vielen tools? Ich habe hier auch wieder das UAC angemacht und eure Tipps befolgt zum sicher machen. Hab natürlich auch ne Spende fertig gemacht grad. Ist ja ein Hammer Board. |
|
10.11.2011, 22:07
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.11.2011, 22:37
| #10 |
| | Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I Done: Code:
ATTFilter 22:32:16.0557 5316 TDSS rootkit removing tool 2.6.17.0 Nov 9 2011 16:48:26
22:32:18.0558 5316 ============================================================
22:32:18.0558 5316 Current date / time: 2011/11/10 22:32:18.0558
22:32:18.0558 5316 SystemInfo:
22:32:18.0558 5316
22:32:18.0558 5316 OS Version: 6.1.7601 ServicePack: 1.0
22:32:18.0558 5316 Product type: Workstation
22:32:18.0559 5316 ComputerName: xxx-PC
22:32:18.0559 5316 UserName: xxx
22:32:18.0559 5316 Windows directory: C:\Windows
22:32:18.0559 5316 System windows directory: C:\Windows
22:32:18.0559 5316 Processor architecture: Intel x86
22:32:18.0559 5316 Number of processors: 1
22:32:18.0559 5316 Page size: 0x1000
22:32:18.0559 5316 Boot type: Normal boot
22:32:18.0559 5316 ============================================================
22:32:24.0272 5316 Initialize success
22:34:09.0979 3044 ============================================================
22:34:09.0979 3044 Scan started
22:34:09.0979 3044 Mode: Manual; SigCheck; TDLFS;
22:34:09.0979 3044 ============================================================
22:34:11.0446 3044 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:34:11.0539 3044 1394ohci - ok
22:34:11.0633 3044 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:34:11.0649 3044 ACPI - ok
22:34:11.0711 3044 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:34:11.0789 3044 AcpiPmi - ok
22:34:11.0898 3044 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:34:11.0992 3044 adp94xx - ok
22:34:12.0085 3044 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:34:12.0117 3044 adpahci - ok
22:34:12.0163 3044 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:34:12.0195 3044 adpu320 - ok
22:34:12.0319 3044 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:34:12.0397 3044 AFD - ok
22:34:12.0460 3044 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:34:12.0491 3044 agp440 - ok
22:34:12.0569 3044 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:34:12.0600 3044 aic78xx - ok
22:34:12.0725 3044 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:34:12.0725 3044 aliide - ok
22:34:12.0772 3044 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:34:12.0772 3044 amdagp - ok
22:34:12.0819 3044 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:34:12.0834 3044 amdide - ok
22:34:12.0897 3044 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:34:13.0021 3044 AmdK8 - ok
22:34:13.0131 3044 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:34:13.0146 3044 AmdPPM - ok
22:34:13.0271 3044 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:34:13.0302 3044 amdsata - ok
22:34:13.0396 3044 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:34:13.0427 3044 amdsbs - ok
22:34:13.0474 3044 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:34:13.0505 3044 amdxata - ok
22:34:13.0677 3044 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:34:13.0817 3044 AppID - ok
22:34:13.0989 3044 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:34:14.0004 3044 arc - ok
22:34:14.0051 3044 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:34:14.0082 3044 arcsas - ok
22:34:14.0145 3044 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:34:14.0254 3044 AsyncMac - ok
22:34:14.0347 3044 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:34:14.0347 3044 atapi - ok
22:34:14.0472 3044 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\drivers\atikmdag.sys
22:34:14.0722 3044 atikmdag - ok
22:34:14.0815 3044 avfwim (83d71e1911f235e9c0d2f53d54df3129) C:\Windows\system32\DRIVERS\avfwim.sys
22:34:14.0878 3044 avfwim - ok
22:34:15.0003 3044 avfwot (ae0c5d218e815af8f38670a8c5773e6e) C:\Windows\system32\DRIVERS\avfwot.sys
22:34:15.0018 3044 avfwot - ok
22:34:15.0143 3044 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
22:34:15.0174 3044 avgntflt - ok
22:34:15.0237 3044 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys
22:34:15.0268 3044 avipbb - ok
22:34:15.0361 3044 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
22:34:15.0393 3044 avkmgr - ok
22:34:15.0471 3044 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:34:15.0533 3044 b06bdrv - ok
22:34:15.0627 3044 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:34:15.0705 3044 b57nd60x - ok
22:34:15.0829 3044 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:34:15.0876 3044 Beep - ok
22:34:16.0001 3044 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:34:16.0048 3044 blbdrive - ok
22:34:16.0110 3044 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:34:16.0173 3044 bowser - ok
22:34:16.0266 3044 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:34:16.0297 3044 BrFiltLo - ok
22:34:16.0329 3044 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:34:16.0360 3044 BrFiltUp - ok
22:34:16.0422 3044 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:34:16.0516 3044 Brserid - ok
22:34:16.0594 3044 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:34:16.0641 3044 BrSerWdm - ok
22:34:16.0687 3044 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:34:16.0750 3044 BrUsbMdm - ok
22:34:16.0843 3044 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:34:16.0890 3044 BrUsbSer - ok
22:34:16.0999 3044 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:34:17.0031 3044 BTHMODEM - ok
22:34:17.0109 3044 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:34:17.0171 3044 cdfs - ok
22:34:17.0265 3044 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
22:34:17.0311 3044 cdrom - ok
22:34:17.0374 3044 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:34:17.0405 3044 circlass - ok
22:34:17.0499 3044 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:34:17.0545 3044 CLFS - ok
22:34:17.0670 3044 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:34:17.0733 3044 CmBatt - ok
22:34:17.0795 3044 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:34:17.0795 3044 cmdide - ok
22:34:17.0857 3044 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
22:34:17.0920 3044 CNG - ok
22:34:17.0998 3044 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:34:18.0045 3044 Compbatt - ok
22:34:18.0091 3044 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:34:18.0154 3044 CompositeBus - ok
22:34:18.0263 3044 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:34:18.0294 3044 crcdisk - ok
22:34:18.0435 3044 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
22:34:18.0497 3044 CSC - ok
22:34:18.0575 3044 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
22:34:18.0669 3044 dc3d - ok
22:34:18.0762 3044 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:34:18.0856 3044 DfsC - ok
22:34:18.0981 3044 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:34:19.0027 3044 discache - ok
22:34:19.0121 3044 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:34:19.0152 3044 Disk - ok
22:34:19.0246 3044 dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
22:34:19.0293 3044 dot4 - ok
22:34:19.0371 3044 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:34:19.0417 3044 Dot4Print - ok
22:34:19.0464 3044 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
22:34:19.0511 3044 dot4usb - ok
22:34:19.0620 3044 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:34:19.0667 3044 drmkaud - ok
22:34:19.0761 3044 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:34:19.0792 3044 DXGKrnl - ok
22:34:19.0917 3044 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:34:20.0057 3044 ebdrv - ok
22:34:20.0166 3044 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
22:34:20.0197 3044 ElbyCDIO - ok
22:34:20.0260 3044 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:34:20.0291 3044 elxstor - ok
22:34:20.0369 3044 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
22:34:20.0447 3044 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
22:34:20.0447 3044 epmntdrv - detected UnsignedFile.Multi.Generic (1)
22:34:20.0541 3044 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:34:20.0587 3044 ErrDev - ok
22:34:20.0712 3044 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
22:34:20.0743 3044 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
22:34:20.0743 3044 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
22:34:20.0821 3044 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:34:20.0884 3044 exfat - ok
22:34:20.0993 3044 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:34:21.0055 3044 fastfat - ok
22:34:21.0133 3044 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:34:21.0180 3044 fdc - ok
22:34:21.0243 3044 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:34:21.0274 3044 FileInfo - ok
22:34:21.0336 3044 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:34:21.0383 3044 Filetrace - ok
22:34:21.0477 3044 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:34:21.0508 3044 flpydisk - ok
22:34:21.0539 3044 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:34:21.0586 3044 FltMgr - ok
22:34:21.0664 3044 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:34:21.0695 3044 FsDepends - ok
22:34:21.0742 3044 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
22:34:21.0773 3044 Fs_Rec - ok
22:34:21.0835 3044 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:34:21.0898 3044 fvevol - ok
22:34:21.0991 3044 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:34:22.0023 3044 gagp30kx - ok
22:34:22.0085 3044 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:34:22.0116 3044 GEARAspiWDM - ok
22:34:22.0241 3044 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:34:22.0319 3044 hcw85cir - ok
22:34:22.0413 3044 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:34:22.0444 3044 HdAudAddService - ok
22:34:22.0506 3044 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:34:22.0522 3044 HDAudBus - ok
22:34:22.0569 3044 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:34:22.0600 3044 HidBatt - ok
22:34:22.0647 3044 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:34:22.0693 3044 HidBth - ok
22:34:22.0771 3044 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:34:22.0818 3044 HidIr - ok
22:34:22.0943 3044 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:34:22.0959 3044 HidUsb - ok
22:34:23.0037 3044 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:34:23.0068 3044 HpSAMD - ok
22:34:23.0130 3044 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:34:23.0224 3044 HTTP - ok
22:34:23.0317 3044 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:34:23.0349 3044 hwpolicy - ok
22:34:23.0395 3044 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:34:23.0442 3044 i8042prt - ok
22:34:23.0536 3044 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:34:23.0583 3044 iaStorV - ok
22:34:23.0629 3044 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:34:23.0661 3044 iirsp - ok
22:34:23.0723 3044 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:34:23.0754 3044 intelide - ok
22:34:23.0817 3044 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:34:23.0863 3044 intelppm - ok
22:34:23.0973 3044 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:34:24.0066 3044 IpFilterDriver - ok
22:34:24.0191 3044 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:34:24.0238 3044 IPMIDRV - ok
22:34:24.0300 3044 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:34:24.0347 3044 IPNAT - ok
22:34:24.0456 3044 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:34:24.0534 3044 IRENUM - ok
22:34:24.0597 3044 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:34:24.0612 3044 isapnp - ok
22:34:24.0659 3044 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:34:24.0706 3044 iScsiPrt - ok
22:34:24.0815 3044 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:34:24.0846 3044 kbdclass - ok
22:34:24.0909 3044 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
22:34:24.0940 3044 kbdhid - ok
22:34:25.0002 3044 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
22:34:25.0033 3044 KSecDD - ok
22:34:25.0080 3044 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
22:34:25.0127 3044 KSecPkg - ok
22:34:25.0221 3044 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:34:25.0283 3044 lltdio - ok
22:34:25.0377 3044 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:34:25.0408 3044 LSI_FC - ok
22:34:25.0470 3044 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:34:25.0501 3044 LSI_SAS - ok
22:34:25.0564 3044 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:34:25.0595 3044 LSI_SAS2 - ok
22:34:25.0657 3044 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:34:25.0689 3044 LSI_SCSI - ok
22:34:25.0751 3044 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:34:25.0829 3044 luafv - ok
22:34:25.0891 3044 MADFUCONECTIV (ee28e121821a2b1aed99cff4eba72fb0) C:\Windows\system32\DRIVERS\MAudioConectiv_DFU.sys
22:34:25.0923 3044 MADFUCONECTIV - ok
22:34:25.0969 3044 MAUSBCONECTIV (c266d86b15bcd1a1b1e2633c15ac9212) C:\Windows\system32\DRIVERS\MAudioConectiv.sys
22:34:25.0969 3044 MAUSBCONECTIV - ok
22:34:26.0063 3044 MBAMSwissArmy - ok
22:34:26.0110 3044 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:34:26.0141 3044 megasas - ok
22:34:26.0203 3044 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:34:26.0266 3044 MegaSR - ok
22:34:26.0375 3044 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:34:26.0422 3044 Modem - ok
22:34:26.0515 3044 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:34:26.0547 3044 monitor - ok
22:34:26.0593 3044 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:34:26.0625 3044 mouclass - ok
22:34:26.0703 3044 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:34:26.0749 3044 mouhid - ok
22:34:26.0812 3044 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:34:26.0827 3044 mountmgr - ok
22:34:26.0905 3044 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:34:26.0937 3044 mpio - ok
22:34:27.0030 3044 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:34:27.0077 3044 mpsdrv - ok
22:34:27.0124 3044 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:34:27.0202 3044 MRxDAV - ok
22:34:27.0295 3044 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:34:27.0358 3044 mrxsmb - ok
22:34:27.0451 3044 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:34:27.0514 3044 mrxsmb10 - ok
22:34:27.0561 3044 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:34:27.0607 3044 mrxsmb20 - ok
22:34:27.0701 3044 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:34:27.0732 3044 msahci - ok
22:34:27.0795 3044 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:34:27.0841 3044 msdsm - ok
22:34:27.0935 3044 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:34:27.0982 3044 Msfs - ok
22:34:28.0029 3044 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:34:28.0091 3044 mshidkmdf - ok
22:34:28.0153 3044 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:34:28.0185 3044 msisadrv - ok
22:34:28.0263 3044 MSI_MSIBIOS_010507 - ok
22:34:28.0356 3044 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:34:28.0419 3044 MSKSSRV - ok
22:34:28.0512 3044 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:34:28.0575 3044 MSPCLOCK - ok
22:34:28.0621 3044 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:34:28.0668 3044 MSPQM - ok
22:34:28.0731 3044 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:34:28.0762 3044 MsRPC - ok
22:34:28.0840 3044 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:34:28.0855 3044 mssmbios - ok
22:34:28.0918 3044 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:34:28.0980 3044 MSTEE - ok
22:34:29.0074 3044 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:34:29.0121 3044 MTConfig - ok
22:34:29.0167 3044 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:34:29.0214 3044 Mup - ok
22:34:29.0277 3044 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:34:29.0339 3044 NativeWifiP - ok
22:34:29.0417 3044 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:34:29.0464 3044 NDIS - ok
22:34:29.0526 3044 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:34:29.0589 3044 NdisCap - ok
22:34:29.0667 3044 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:34:29.0729 3044 NdisTapi - ok
22:34:29.0791 3044 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:34:29.0854 3044 Ndisuio - ok
22:34:29.0916 3044 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:34:29.0947 3044 NdisWan - ok
22:34:30.0025 3044 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:34:30.0088 3044 NDProxy - ok
22:34:30.0150 3044 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:34:30.0213 3044 NetBIOS - ok
22:34:30.0291 3044 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:34:30.0337 3044 NetBT - ok
22:34:30.0462 3044 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:34:30.0509 3044 nfrd960 - ok
22:34:30.0634 3044 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:34:30.0696 3044 Npfs - ok
22:34:30.0805 3044 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:34:30.0852 3044 nsiproxy - ok
22:34:30.0930 3044 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:34:31.0039 3044 Ntfs - ok
22:34:31.0086 3044 NTIOLib_1_0_4 - ok
22:34:31.0211 3044 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys
22:34:31.0242 3044 NuidFltr - ok
22:34:31.0305 3044 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:34:31.0367 3044 Null - ok
22:34:31.0617 3044 nvlddmkm (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:34:31.0975 3044 nvlddmkm - ok
22:34:32.0022 3044 NVR0Dev (d396332f9d7b71c10b3b83da030690f0) C:\Windows\nvoclock.sys
22:34:32.0069 3044 NVR0Dev ( UnsignedFile.Multi.Generic ) - warning
22:34:32.0069 3044 NVR0Dev - detected UnsignedFile.Multi.Generic (1)
22:34:32.0100 3044 NVR0FLASHDev (318c9b917f6080f5dcc34d889bb42113) C:\Windows\nvflash.sys
22:34:32.0116 3044 NVR0FLASHDev - ok
22:34:32.0209 3044 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:34:32.0241 3044 nvraid - ok
22:34:32.0303 3044 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:34:32.0319 3044 nvstor - ok
22:34:32.0397 3044 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:34:32.0428 3044 nv_agp - ok
22:34:32.0506 3044 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:34:32.0521 3044 ohci1394 - ok
22:34:32.0631 3044 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:34:32.0662 3044 Parport - ok
22:34:32.0724 3044 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
22:34:32.0755 3044 partmgr - ok
22:34:32.0833 3044 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:34:32.0880 3044 Parvdm - ok
22:34:32.0927 3044 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:34:32.0958 3044 pci - ok
22:34:33.0021 3044 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:34:33.0021 3044 pciide - ok
22:34:33.0067 3044 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:34:33.0099 3044 pcmcia - ok
22:34:33.0192 3044 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:34:33.0223 3044 pcw - ok
22:34:33.0286 3044 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:34:33.0395 3044 PEAUTH - ok
22:34:33.0535 3044 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
22:34:33.0535 3044 Point32 - ok
22:34:33.0598 3044 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:34:33.0660 3044 PptpMiniport - ok
22:34:33.0754 3044 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:34:33.0785 3044 Processor - ok
22:34:33.0910 3044 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:34:33.0941 3044 Psched - ok
22:34:34.0019 3044 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:34:34.0113 3044 ql2300 - ok
22:34:34.0191 3044 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:34:34.0222 3044 ql40xx - ok
22:34:34.0269 3044 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:34:34.0315 3044 QWAVEdrv - ok
22:34:34.0378 3044 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:34:34.0425 3044 RasAcd - ok
22:34:34.0518 3044 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:34:34.0581 3044 RasAgileVpn - ok
22:34:34.0674 3044 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:34:34.0737 3044 Rasl2tp - ok
22:34:34.0846 3044 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:34:34.0893 3044 RasPppoe - ok
22:34:34.0971 3044 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:34:35.0033 3044 RasSstp - ok
22:34:35.0080 3044 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:34:35.0127 3044 rdbss - ok
22:34:35.0189 3044 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:34:35.0220 3044 rdpbus - ok
22:34:35.0267 3044 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:34:35.0314 3044 RDPCDD - ok
22:34:35.0392 3044 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
22:34:35.0439 3044 RDPDR - ok
22:34:35.0517 3044 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:34:35.0563 3044 RDPENCDD - ok
22:34:35.0610 3044 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:34:35.0673 3044 RDPREFMP - ok
22:34:35.0766 3044 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
22:34:35.0797 3044 RdpVideoMiniport - ok
22:34:35.0875 3044 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
22:34:35.0891 3044 RDPWD - ok
22:34:35.0985 3044 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:34:36.0016 3044 rdyboost - ok
22:34:36.0141 3044 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:34:36.0187 3044 rspndr - ok
22:34:36.0234 3044 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
22:34:36.0281 3044 RTL8167 - ok
22:34:36.0359 3044 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
22:34:36.0421 3044 s3cap - ok
22:34:36.0515 3044 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:34:36.0531 3044 sbp2port - ok
22:34:36.0593 3044 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:34:36.0640 3044 scfilter - ok
22:34:36.0765 3044 SCL01132 (7a0db9bc5b3e9cdf3b53a67ebdd8a5db) C:\Windows\system32\DRIVERS\SCL01132.sys
22:34:36.0796 3044 SCL01132 - ok
22:34:36.0889 3044 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:34:36.0936 3044 secdrv - ok
22:34:37.0045 3044 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:34:37.0061 3044 Serenum - ok
22:34:37.0108 3044 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:34:37.0155 3044 Serial - ok
22:34:37.0248 3044 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:34:37.0279 3044 sermouse - ok
22:34:37.0342 3044 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:34:37.0389 3044 sffdisk - ok
22:34:37.0467 3044 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:34:37.0513 3044 sffp_mmc - ok
22:34:37.0576 3044 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:34:37.0623 3044 sffp_sd - ok
22:34:37.0685 3044 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:34:37.0732 3044 sfloppy - ok
22:34:37.0810 3044 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:34:37.0810 3044 sisagp - ok
22:34:37.0872 3044 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:34:37.0888 3044 SiSRaid2 - ok
22:34:37.0935 3044 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:34:37.0981 3044 SiSRaid4 - ok
22:34:38.0044 3044 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:34:38.0091 3044 Smb - ok
22:34:38.0200 3044 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:34:38.0231 3044 spldr - ok
22:34:38.0340 3044 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:34:38.0418 3044 srv - ok
22:34:38.0481 3044 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:34:38.0543 3044 srv2 - ok
22:34:38.0605 3044 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:34:38.0668 3044 srvnet - ok
22:34:38.0793 3044 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:34:38.0839 3044 ssmdrv - ok
22:34:38.0886 3044 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:34:38.0917 3044 stexstor - ok
22:34:39.0011 3044 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
22:34:39.0027 3044 storflt - ok
22:34:39.0058 3044 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
22:34:39.0073 3044 storvsc - ok
22:34:39.0105 3044 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:34:39.0105 3044 swenum - ok
22:34:39.0183 3044 Synth3dVsc - ok
22:34:39.0261 3044 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
22:34:39.0385 3044 Tcpip - ok
22:34:39.0526 3044 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
22:34:39.0557 3044 TCPIP6 - ok
22:34:39.0619 3044 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:34:39.0666 3044 tcpipreg - ok
22:34:39.0760 3044 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:34:39.0822 3044 TDPIPE - ok
22:34:39.0900 3044 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
22:34:39.0931 3044 TDTCP - ok
22:34:39.0994 3044 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:34:40.0041 3044 tdx - ok
22:34:40.0150 3044 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:34:40.0181 3044 TermDD - ok
22:34:40.0321 3044 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:34:40.0368 3044 tssecsrv - ok
22:34:40.0431 3044 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:34:40.0493 3044 TsUsbFlt - ok
22:34:40.0555 3044 tsusbhub - ok
22:34:40.0618 3044 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:34:40.0680 3044 tunnel - ok
22:34:40.0789 3044 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:34:40.0836 3044 uagp35 - ok
22:34:40.0899 3044 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:34:40.0945 3044 udfs - ok
22:34:41.0008 3044 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:34:41.0023 3044 uliagpkx - ok
22:34:41.0070 3044 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
22:34:41.0117 3044 umbus - ok
22:34:41.0211 3044 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:34:41.0257 3044 UmPass - ok
22:34:41.0320 3044 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
22:34:41.0382 3044 USBAAPL - ok
22:34:41.0460 3044 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
22:34:41.0523 3044 usbaudio - ok
22:34:41.0585 3044 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:34:41.0632 3044 usbccgp - ok
22:34:41.0725 3044 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:34:41.0741 3044 usbcir - ok
22:34:41.0788 3044 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:34:41.0819 3044 usbehci - ok
22:34:41.0897 3044 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:34:41.0944 3044 usbhub - ok
22:34:41.0975 3044 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
22:34:42.0006 3044 usbohci - ok
22:34:42.0053 3044 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:34:42.0100 3044 usbprint - ok
22:34:42.0147 3044 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:34:42.0193 3044 USBSTOR - ok
22:34:42.0240 3044 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
22:34:42.0271 3044 usbuhci - ok
22:34:42.0318 3044 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
22:34:42.0381 3044 VClone - ok
22:34:42.0459 3044 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:34:42.0474 3044 vdrvroot - ok
22:34:42.0537 3044 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:34:42.0583 3044 vga - ok
22:34:42.0661 3044 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:34:42.0708 3044 VgaSave - ok
22:34:42.0786 3044 VGPU - ok
22:34:42.0833 3044 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:34:42.0849 3044 vhdmp - ok
22:34:42.0911 3044 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:34:42.0911 3044 viaagp - ok
22:34:42.0958 3044 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:34:42.0989 3044 ViaC7 - ok
22:34:43.0051 3044 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:34:43.0083 3044 viaide - ok
22:34:43.0145 3044 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
22:34:43.0192 3044 vmbus - ok
22:34:43.0223 3044 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
22:34:43.0254 3044 VMBusHID - ok
22:34:43.0285 3044 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:34:43.0317 3044 volmgr - ok
22:34:43.0379 3044 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:34:43.0395 3044 volmgrx - ok
22:34:43.0441 3044 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:34:43.0504 3044 volsnap - ok
22:34:43.0566 3044 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:34:43.0582 3044 vsmraid - ok
22:34:43.0644 3044 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
22:34:43.0660 3044 vwifibus - ok
22:34:43.0738 3044 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:34:43.0800 3044 WacomPen - ok
22:34:43.0863 3044 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:34:43.0909 3044 WANARP - ok
22:34:43.0925 3044 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:34:43.0941 3044 Wanarpv6 - ok
22:34:44.0050 3044 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:34:44.0050 3044 Wd - ok
22:34:44.0097 3044 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:34:44.0143 3044 Wdf01000 - ok
22:34:44.0284 3044 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:34:44.0331 3044 WfpLwf - ok
22:34:44.0409 3044 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:34:44.0424 3044 WIMMount - ok
22:34:44.0502 3044 winusb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\winusb.sys
22:34:44.0549 3044 winusb - ok
22:34:44.0627 3044 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:34:44.0643 3044 WmiAcpi - ok
22:34:44.0767 3044 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:34:44.0830 3044 ws2ifsl - ok
22:34:44.0908 3044 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:34:44.0939 3044 WudfPf - ok
22:34:45.0017 3044 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:34:45.0064 3044 WUDFRd - ok
22:34:45.0111 3044 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:34:45.0173 3044 \Device\Harddisk0\DR0 - ok
22:34:45.0173 3044 MBR (0x1B8) (c06575b18b90345ce86ab291b56db94d) \Device\Harddisk1\DR1
22:34:45.0423 3044 \Device\Harddisk1\DR1 - ok
22:34:45.0423 3044 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
22:34:59.0010 3044 \Device\Harddisk2\DR2 - ok
22:34:59.0010 3044 Boot (0x1200) (082efc9b48237b95b4522a53a43a879a) \Device\Harddisk0\DR0\Partition0
22:34:59.0010 3044 \Device\Harddisk0\DR0\Partition0 - ok
22:34:59.0026 3044 Boot (0x1200) (e76bb398c7fa517656528f53fca37d72) \Device\Harddisk2\DR2\Partition0
22:34:59.0026 3044 \Device\Harddisk2\DR2\Partition0 - ok
22:34:59.0026 3044 ============================================================
22:34:59.0026 3044 Scan finished
22:34:59.0026 3044 ============================================================
22:34:59.0041 2468 Detected object count: 3
22:34:59.0041 2468 Actual detected object count: 3
22:35:22.0379 2468 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:22.0379 2468 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:22.0379 2468 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:22.0379 2468 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:22.0379 2468 NVR0Dev ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:22.0379 2468 NVR0Dev ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
11.11.2011, 10:00
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.11.2011, 20:55
| #12 |
| | Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I Hallo, bitte sehr: [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 11-11-11.06 - xxx 11.11.2011 20:39:03.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3071.1968 [GMT 1:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\xxx\AppData\Local\TempDIR
c:\users\xxx\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\xxx\AppData\Roaming\chrtmp
c:\users\xxx\AppData\Roaming\SQLite3.dll
c:\windows\iun6002.exe
c:\windows\system32\msvcsv60.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-11 bis 2011-11-11 ))))))))))))))))))))))))))))))
.
.
2011-11-11 17:15 . 2011-11-11 17:15 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B0CC4C8-53FC-40A4-B5F1-0E9C92E1C51B}\offreg.dll
2011-11-11 17:15 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B0CC4C8-53FC-40A4-B5F1-0E9C92E1C51B}\mpengine.dll
2011-11-11 02:22 . 2011-11-11 02:22 -------- d-----w- c:\program files\ZDF
2011-11-11 02:11 . 2011-11-11 02:11 -------- d-----w- c:\program files\maxdome - Online Videothek
2011-11-11 02:03 . 2011-11-11 02:03 -------- d-----w- c:\program files\BMWi
2011-11-11 01:32 . 2011-11-11 01:32 -------- d-----w- c:\program files\n-tv
2011-11-11 01:32 . 2011-11-11 01:32 -------- d-----w- c:\program files\BILD
2011-11-10 20:48 . 2011-11-10 20:48 -------- d-----w- C:\_OTL
2011-11-10 12:23 . 2011-11-10 12:23 -------- d-----w- c:\users\Public\Transcode360
2011-11-10 12:23 . 2011-11-11 01:05 -------- d-----w- c:\program files\Transcode360
2011-11-10 12:14 . 2011-11-10 12:14 -------- d-----w- c:\program files\MediaBrowser
2011-11-10 12:14 . 2011-11-11 17:14 -------- d-----w- c:\programdata\MediaBrowser
2011-11-10 11:43 . 2011-11-10 11:43 -------- d-----w- c:\users\Mcx1-xxx-PC
2011-11-10 10:50 . 2011-11-10 10:50 -------- d-----w- c:\users\xxx\AppData\Roaming\BID
2011-11-10 07:34 . 2011-11-10 07:35 -------- d-----w- c:\program files\Jtag Tool
2011-11-10 01:09 . 2011-11-10 01:09 1092400 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-09 16:27 . 2011-11-09 16:28 -------- d-----w- c:\program files\Gavotte RamDisk
2011-11-09 07:19 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 07:19 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 07:18 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 15:37 . 2011-11-08 15:37 -------- d-----w- c:\program files\ESET
2011-11-08 15:10 . 2011-11-08 15:10 -------- d-----w- c:\users\xxx\AppData\Roaming\Malwarebytes
2011-11-08 15:09 . 2011-11-08 15:09 -------- d-----w- c:\programdata\Malwarebytes
2011-11-08 15:09 . 2011-11-08 15:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-08 15:09 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-07 17:47 . 2011-11-07 17:47 -------- d-----w- c:\programdata\Gerhard Junker
2011-11-07 17:47 . 2011-11-07 17:47 -------- d-----w- c:\users\xxx\AppData\Local\Gerhard_Junker
2011-11-07 17:43 . 2011-11-09 14:52 -------- d-----w- c:\program files\ncid.Net
2011-11-07 17:43 . 2011-11-07 17:48 -------- d-----w- c:\programdata\ncid.Net
2011-11-07 16:48 . 2011-11-07 16:55 -------- d-----w- c:\program files\NET Traffic Meter
2011-11-07 16:38 . 2011-11-07 16:43 -------- d-----w- c:\users\xxx\AppData\Roaming\NetMeter
2011-11-07 16:38 . 2011-11-07 16:44 -------- d-----w- c:\program files\NetMeter
2011-11-07 16:26 . 2011-11-07 16:26 -------- d-----w- c:\programdata\DeskSoft
2011-11-07 16:25 . 2011-11-07 16:25 24816 ----a-w- c:\windows\system32\drivers\dsnpfd.sys
2011-11-07 16:25 . 2011-11-07 16:25 -------- d-----w- c:\users\xxx\AppData\Roaming\DeskSoft
2011-11-07 14:05 . 2011-11-07 14:05 -------- d-----w- c:\program files\Axence
2011-11-07 07:56 . 2011-11-07 07:56 -------- d-----w- c:\users\xxx\AppData\Roaming\gtk-2.0
2011-11-07 07:38 . 2011-11-07 08:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-07 07:36 . 2011-11-07 13:51 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-11-07 06:42 . 2011-11-11 19:33 -------- d-----w- c:\users\xxx\AppData\Roaming\.purple
2011-11-07 06:39 . 2011-11-07 06:39 -------- d-----w- c:\program files\Pidgin
2011-11-07 02:54 . 2011-11-07 02:54 -------- d-----w- c:\program files\MSECache
2011-11-07 02:52 . 2011-11-07 02:52 -------- d-----w- C:\Program Settings
2011-11-05 23:08 . 2011-11-05 23:08 -------- d-----w- c:\windows\W7SBC
2011-11-05 23:08 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer_edit_w7sbc.exe
2011-11-05 23:08 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer_backup_w7sbc.exe
2011-11-05 22:58 . 2011-11-05 22:59 -------- d-----w- c:\program files\RocketDock
2011-11-05 22:58 . 2011-11-05 22:58 -------- d-----w- c:\program files\IconChanger
2011-11-05 22:57 . 2011-11-07 06:00 -------- d-----w- c:\program files\Rainmeter
2011-11-05 17:34 . 2010-06-07 13:59 57904 ----a-w- c:\windows\system32\wbload.dll
2011-11-05 17:33 . 2008-04-26 14:14 42672 ----a-w- c:\windows\system32\wbsys.dll
2011-11-05 17:33 . 2011-11-05 17:33 -------- d-----w- c:\program files\Stardock
2011-11-05 17:18 . 2011-11-05 17:18 -------- d-----w- c:\users\xxx\AppData\Roaming\Auslogics
2011-11-05 17:18 . 2011-11-05 17:18 -------- d-----w- c:\program files\Auslogics
2011-11-05 16:55 . 2011-11-05 16:55 -------- d-----w- c:\program files\Setup Files
2011-11-05 14:27 . 2011-11-06 09:01 -------- d-----w- c:\program files\Dr. Hardware 2011
2011-11-05 13:46 . 2011-11-05 13:52 -------- d-----w- c:\program files\TweakMe!
2011-11-05 13:35 . 2011-11-05 13:35 -------- d-----w- c:\users\xxx\AppData\Local\Frameworkx.com
2011-11-05 13:20 . 2011-11-05 13:20 -------- d-----w- c:\users\xxx\AppData\Local\NeoSmart_Technologies
2011-11-05 13:17 . 2011-11-05 13:17 -------- d-----w- c:\program files\NeoSmart Technologies
2011-11-05 12:43 . 2011-11-05 12:38 91096 ----a-w- c:\windows\system32\drivers\avfwim.sys
2011-11-05 12:43 . 2011-11-05 12:38 111160 ----a-w- c:\windows\system32\drivers\avfwot.sys
2011-11-05 05:01 . 2011-11-05 05:01 -------- d-----w- c:\users\xxx\AppData\Roaming\Xilisoft
2011-11-05 00:32 . 2011-08-05 14:59 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2011-11-05 00:32 . 2009-06-19 18:51 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2011-11-05 00:32 . 2009-06-19 18:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2011-11-05 00:32 . 2009-06-19 18:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2011-11-05 00:32 . 2009-06-19 18:51 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2011-11-05 00:32 . 2009-06-19 18:51 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2011-11-05 00:32 . 2009-06-19 18:51 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2011-11-05 00:32 . 2011-11-05 02:22 -------- d-----w- c:\users\xxx\AppData\Roaming\FreeFLVConverter
2011-11-05 00:32 . 2011-11-05 00:33 -------- d-----w- c:\program files\Free FLV Converter
2011-11-05 00:32 . 2009-06-19 18:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2011-11-05 00:32 . 2009-06-19 18:51 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
2011-11-03 16:55 . 2011-11-03 16:55 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-11-03 15:22 . 2011-11-05 14:52 -------- d-----w- c:\users\xxx\AppData\Roaming\BitComet
2011-11-03 15:22 . 2011-11-03 15:22 -------- d-----w- c:\program files\BitComet
2011-11-03 09:34 . 2011-11-03 09:34 -------- d-----w- c:\program files\Microsoft Silverlight
2011-11-02 16:46 . 2011-11-02 16:46 -------- d-----w- c:\users\xxx\AppData\Local\Installer5804
2011-11-02 16:40 . 2011-11-02 16:40 -------- d-----w- c:\users\xxx\AppData\Local\Installer5848
2011-11-01 08:05 . 2011-11-01 08:05 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-11-01 08:05 . 2011-11-01 08:05 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-11-01 08:05 . 2011-11-01 08:05 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-11-01 08:05 . 2011-11-01 08:05 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-11-01 08:05 . 2011-11-01 08:05 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-11-01 08:05 . 2011-11-01 08:05 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-11-01 08:05 . 2011-11-01 08:05 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-11-01 08:05 . 2011-11-01 08:05 -------- d-----w- c:\program files\QuickTime
2011-11-01 08:02 . 2011-11-01 08:02 -------- d-----w- c:\program files\iPod
2011-10-31 08:36 . 2011-10-31 08:36 9925160 ----a-w- c:\program files\Common Files\lpuninstall.exe
2011-10-31 08:36 . 2011-10-31 08:36 -------- d-----w- c:\program files\LastPass
2011-10-28 06:18 . 2011-10-28 06:18 -------- d-----w- c:\users\xxx\AppData\Local\MicroVision Applications
2011-10-28 06:17 . 2011-10-28 06:17 -------- d-----w- c:\program files\Common Files\SureThing Shared
2011-10-28 06:17 . 2011-10-28 06:17 -------- d-----w- c:\program files\SureThing
2011-10-28 06:17 . 2011-10-28 06:17 -------- d-----w- c:\windows\MVUNINST
2011-10-28 06:17 . 2002-01-05 01:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-10-28 06:17 . 1996-08-24 10:11 289552 ----a-w- c:\windows\system32\temp.001
2011-10-28 06:17 . 1993-10-14 16:51 28672 ----a-w- c:\windows\system32\temp.000
2011-10-25 13:42 . 2011-10-03 03:06 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-22 22:53 . 2011-10-22 22:54 -------- dc-h--w- c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2011-10-22 22:49 . 2011-10-22 22:49 -------- dc-h--w- c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2011-10-18 10:35 . 2011-10-18 10:35 -------- d-----w- c:\users\xxx\AppData\Roaming\Avira
2011-10-18 10:35 . 2011-10-11 13:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-18 10:35 . 2011-10-11 13:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-18 10:35 . 2011-10-11 13:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-18 10:34 . 2011-11-05 12:43 -------- d-----w- c:\programdata\Avira
2011-10-18 10:34 . 2011-10-18 10:34 -------- d-----w- c:\program files\Avira
2011-10-16 17:55 . 2011-10-16 17:55 18139008 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2011-10-14 00:01 . 2010-11-20 12:17 941568 ----a-w- c:\windows\system32\mblctr.exe
2011-10-14 00:00 . 2010-11-20 12:21 750080 ----a-w- c:\windows\system32\sdcpl.dll
2011-10-13 23:59 . 2009-07-14 01:16 379904 ----a-w- c:\windows\system32\pnpui.dll
2011-10-13 23:59 . 2010-11-20 12:20 2494464 ----a-w- c:\windows\system32\netshell.dll
2011-10-13 23:59 . 2009-07-14 01:06 9053696 ----a-w- c:\windows\system32\mmres.dll
2011-10-13 23:59 . 2009-07-14 01:06 705536 ----a-w- c:\windows\system32\imagesp1.dll
2011-10-13 23:59 . 2009-07-14 01:15 56320 ----a-w- c:\windows\system32\hotplug.dll
2011-10-13 23:59 . 2010-11-20 12:18 744448 ----a-w- c:\windows\system32\ActionCenter.dll
2011-10-13 22:59 . 2011-10-13 23:01 -------- d-----w- c:\program files\plexydesk
2011-10-13 22:51 . 2011-10-13 22:51 -------- d-----w- c:\users\xxx\AppData\Local\Bump Technologies, Inc
2011-10-13 20:51 . 2011-11-03 09:58 -------- d-----w- c:\users\xxx\AppData\Local\MediaMonkey
2011-10-13 20:51 . 2011-11-03 09:58 -------- d-----w- c:\program files\MediaMonkey
2011-10-13 20:37 . 2011-10-13 20:37 -------- d-----w- C:\$WINDOWS.~BT
2011-10-13 20:13 . 2011-07-29 11:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2011-10-13 20:13 . 2011-09-09 16:23 2469760 ----a-w- c:\windows\system32\BootMan.exe
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 12:09 . 2011-08-09 04:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 03:06 . 2011-06-20 16:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-25 22:24 . 2011-09-25 22:24 0 ---ha-w- c:\users\xxx\AppData\Roaming\.51BEE852859F7D89.sys
2011-09-25 22:12 . 2011-09-25 22:12 49152 ----a-r- c:\users\xxx\AppData\Roaming\Microsoft\Installer\{2D314071-26CD-47EA-A01E-82FADDE951C5}\LiquidInstrument.exe_2D31407126CD47EAA01E82FADDE951C5.exe
2011-08-30 22:05 . 2011-08-30 22:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-11-09 20:22 . 2011-08-09 03:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pidgin"="c:\program files\Pidgin\pidgin.exe" [2011-08-20 48618]
"ncid.Net"="c:\program files\ncid.Net\ncid.Net.exe" [2011-11-03 984064]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-09-29 106496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-10-02 643592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-11-05 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Media Browser Service.lnk - c:\program files\MediaBrowser\MediaBrowser\MediaBrowserService.exe [2011-10-17 135168]
Media Browser.lnk - c:\windows\ehome\ehshell.exe [2009-7-14 100864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2008-09-29 11:14 106496 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 136176]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [x]
R3 MSSQL$JTLWAWI;SQL Server (JTLWAWI);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SCL01132;SCL011 Contactless Reader;c:\windows\system32\DRIVERS\SCL01132.sys [2010-05-07 61824]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2011-11-05 111160]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2011-11-05 616400]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-11-05 342480]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-11-05 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-11-05 463824]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2011-11-05 91096]
S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
S3 MADFUCONECTIV;Service for M-Audio Conectiv DFU;c:\windows\system32\DRIVERS\MAudioConectiv_DFU.sys [2009-10-02 42248]
S3 MAUSBCONECTIV;Service for M-Audio Conectiv;c:\windows\system32\DRIVERS\MAudioConectiv.sys [2009-10-02 158344]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 13:15]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 13:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Alles mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: BID Link Explorer: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: BID: Link in Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: BID: Seite in &Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: BID: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: BID: Öffne diesen &Link - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Mit BitComet herunter&laden - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\nxh9q5dv.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- Dateityp-Verknüpfung -------
.
.txt=Notepad++_file
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-BID Drop Box - c:\program files\Bulk Image Downloader\BIDDropBox.exe
AddRemove-PSP_Nitro - c:\windows\iun6002.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3208466087-60621075-3746657911-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{721F34D6-177E-0B5A-100D-6F2E2FB2D6A9}*]
"hagdjmlmbgfojoff"=hex:6a,61,61,63,69,67,69,6a,6e,65,6d,64,63,6b,6d,68,6f,64,
6f,65,00,d4
"iamcdoknakfgojhdhg"=hex:6a,61,61,63,6e,61,6a,6a,67,6f,66,67,6e,62,6f,6f,61,6d,
6c,6d,00,00
.
[HKEY_USERS\S-1-5-21-3208466087-60621075-3746657911-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A225EC91-5397-517E-C9B1-973E71617067}*]
"iaecmhkjhjfchkkjhp"=hex:6b,61,69,64,6e,69,6d,67,6a,61,62,65,6e,67,6d,68,66,63,
6b,61,66,65,00,00
"hakbgomlhamfaklm"=hex:6b,61,69,64,6e,69,6d,67,6a,61,62,65,6e,67,6d,68,66,63,
6b,61,66,65,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic\{1246792F-C12E-81AE-FE96-35D2FC917677}*_]
"fr"="078D534A595D51"
"lr"="078D4C40445D51"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-11 20:51:58
ComboFix-quarantined-files.txt 2011-11-11 19:51
.
Vor Suchlauf: 9 Verzeichnis(se), 15.784.644.608 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 15.696.977.920 Bytes frei
.
- - End Of File - - 900F9AEFA343D44E6B605B5B9E1DC5B8
|
|
11.11.2011, 21:20
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter Dirlook::
c:\users\xxx\AppData\Roaming\BID
c:\windows\W7SBC
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.11.2011, 00:11
| #14 |
| | Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I Auch erledigt [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 11-11-11.06 - xxx 11.11.2011 23:20:09.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3071.2024 [GMT 1:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\xxx\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-11 bis 2011-11-11 ))))))))))))))))))))))))))))))
.
.
2011-11-11 22:29 . 2011-11-11 22:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-11 22:29 . 2011-11-11 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-11 21:15 . 2011-11-11 21:15 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B0CC4C8-53FC-40A4-B5F1-0E9C92E1C51B}\offreg.dll
2011-11-11 19:52 . 2011-11-11 22:29 -------- d-----w- c:\users\xxx\AppData\Local\temp
2011-11-11 17:15 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B0CC4C8-53FC-40A4-B5F1-0E9C92E1C51B}\mpengine.dll
2011-11-11 02:22 . 2011-11-11 02:22 -------- d-----w- c:\program files\ZDF
2011-11-11 02:11 . 2011-11-11 02:11 -------- d-----w- c:\program files\maxdome - Online Videothek
2011-11-11 02:03 . 2011-11-11 02:03 -------- d-----w- c:\program files\BMWi
2011-11-11 01:32 . 2011-11-11 01:32 -------- d-----w- c:\program files\n-tv
2011-11-11 01:32 . 2011-11-11 01:32 -------- d-----w- c:\program files\BILD
2011-11-10 20:48 . 2011-11-10 20:48 -------- d-----w- C:\_OTL
2011-11-10 12:23 . 2011-11-10 12:23 -------- d-----w- c:\users\Public\Transcode360
2011-11-10 12:14 . 2011-11-11 21:30 -------- d-----w- c:\programdata\MediaBrowser
2011-11-10 11:43 . 2011-11-10 11:43 -------- d-----w- c:\users\Mcx1-xxx-PC
2011-11-10 10:50 . 2011-11-10 10:50 -------- d-----w- c:\users\xxx\AppData\Roaming\BID
2011-11-10 07:34 . 2011-11-10 07:35 -------- d-----w- c:\program files\Jtag Tool
2011-11-10 01:09 . 2011-11-10 01:09 1092400 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-09 16:27 . 2011-11-09 16:28 -------- d-----w- c:\program files\Gavotte RamDisk
2011-11-09 07:19 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 07:19 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 07:18 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 15:37 . 2011-11-08 15:37 -------- d-----w- c:\program files\ESET
2011-11-08 15:10 . 2011-11-08 15:10 -------- d-----w- c:\users\xxx\AppData\Roaming\Malwarebytes
2011-11-08 15:09 . 2011-11-08 15:09 -------- d-----w- c:\programdata\Malwarebytes
2011-11-08 15:09 . 2011-11-08 15:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-08 15:09 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-07 17:47 . 2011-11-07 17:47 -------- d-----w- c:\programdata\Gerhard Junker
2011-11-07 17:47 . 2011-11-07 17:47 -------- d-----w- c:\users\xxx\AppData\Local\Gerhard_Junker
2011-11-07 17:43 . 2011-11-09 14:52 -------- d-----w- c:\program files\ncid.Net
2011-11-07 17:43 . 2011-11-07 17:48 -------- d-----w- c:\programdata\ncid.Net
2011-11-07 16:48 . 2011-11-07 16:55 -------- d-----w- c:\program files\NET Traffic Meter
2011-11-07 16:38 . 2011-11-07 16:43 -------- d-----w- c:\users\xxx\AppData\Roaming\NetMeter
2011-11-07 16:38 . 2011-11-07 16:44 -------- d-----w- c:\program files\NetMeter
2011-11-07 16:26 . 2011-11-07 16:26 -------- d-----w- c:\programdata\DeskSoft
2011-11-07 16:25 . 2011-11-07 16:25 24816 ----a-w- c:\windows\system32\drivers\dsnpfd.sys
2011-11-07 16:25 . 2011-11-07 16:25 -------- d-----w- c:\users\xxx\AppData\Roaming\DeskSoft
2011-11-07 14:05 . 2011-11-07 14:05 -------- d-----w- c:\program files\Axence
2011-11-07 07:56 . 2011-11-07 07:56 -------- d-----w- c:\users\xxx\AppData\Roaming\gtk-2.0
2011-11-07 07:38 . 2011-11-07 08:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-07 07:36 . 2011-11-07 13:51 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-11-07 06:42 . 2011-11-11 22:28 -------- d-----w- c:\users\xxx\AppData\Roaming\.purple
2011-11-07 06:39 . 2011-11-07 06:39 -------- d-----w- c:\program files\Pidgin
2011-11-07 02:54 . 2011-11-07 02:54 -------- d-----w- c:\program files\MSECache
2011-11-07 02:52 . 2011-11-07 02:52 -------- d-----w- C:\Program Settings
2011-11-05 23:08 . 2011-11-05 23:08 -------- d-----w- c:\windows\W7SBC
2011-11-05 23:08 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer_edit_w7sbc.exe
2011-11-05 23:08 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer_backup_w7sbc.exe
2011-11-05 22:58 . 2011-11-05 22:59 -------- d-----w- c:\program files\RocketDock
2011-11-05 22:58 . 2011-11-05 22:58 -------- d-----w- c:\program files\IconChanger
2011-11-05 22:57 . 2011-11-07 06:00 -------- d-----w- c:\program files\Rainmeter
2011-11-05 17:34 . 2010-06-07 13:59 57904 ----a-w- c:\windows\system32\wbload.dll
2011-11-05 17:33 . 2008-04-26 14:14 42672 ----a-w- c:\windows\system32\wbsys.dll
2011-11-05 17:33 . 2011-11-05 17:33 -------- d-----w- c:\program files\Stardock
2011-11-05 17:18 . 2011-11-05 17:18 -------- d-----w- c:\users\xxx\AppData\Roaming\Auslogics
2011-11-05 17:18 . 2011-11-05 17:18 -------- d-----w- c:\program files\Auslogics
2011-11-05 16:55 . 2011-11-05 16:55 -------- d-----w- c:\program files\Setup Files
2011-11-05 14:27 . 2011-11-06 09:01 -------- d-----w- c:\program files\Dr. Hardware 2011
2011-11-05 13:46 . 2011-11-05 13:52 -------- d-----w- c:\program files\TweakMe!
2011-11-05 13:35 . 2011-11-05 13:35 -------- d-----w- c:\users\xxx\AppData\Local\Frameworkx.com
2011-11-05 13:20 . 2011-11-05 13:20 -------- d-----w- c:\users\xxx\AppData\Local\NeoSmart_Technologies
2011-11-05 13:17 . 2011-11-05 13:17 -------- d-----w- c:\program files\NeoSmart Technologies
2011-11-05 12:43 . 2011-11-05 12:38 91096 ----a-w- c:\windows\system32\drivers\avfwim.sys
2011-11-05 12:43 . 2011-11-05 12:38 111160 ----a-w- c:\windows\system32\drivers\avfwot.sys
2011-11-05 05:01 . 2011-11-05 05:01 -------- d-----w- c:\users\xxx\AppData\Roaming\Xilisoft
2011-11-05 00:32 . 2011-08-05 14:59 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2011-11-05 00:32 . 2009-06-19 18:51 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2011-11-05 00:32 . 2009-06-19 18:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2011-11-05 00:32 . 2009-06-19 18:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2011-11-05 00:32 . 2009-06-19 18:51 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2011-11-05 00:32 . 2009-06-19 18:51 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2011-11-05 00:32 . 2009-06-19 18:51 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2011-11-05 00:32 . 2011-11-05 02:22 -------- d-----w- c:\users\xxx\AppData\Roaming\FreeFLVConverter
2011-11-05 00:32 . 2011-11-05 00:33 -------- d-----w- c:\program files\Free FLV Converter
2011-11-05 00:32 . 2009-06-19 18:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2011-11-05 00:32 . 2009-06-19 18:51 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
2011-11-03 16:55 . 2011-11-03 16:55 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-11-03 15:22 . 2011-11-05 14:52 -------- d-----w- c:\users\xxx\AppData\Roaming\BitComet
2011-11-03 15:22 . 2011-11-03 15:22 -------- d-----w- c:\program files\BitComet
2011-11-03 09:34 . 2011-11-03 09:34 -------- d-----w- c:\program files\Microsoft Silverlight
2011-11-02 16:46 . 2011-11-02 16:46 -------- d-----w- c:\users\xxx\AppData\Local\Installer5804
2011-11-02 16:40 . 2011-11-02 16:40 -------- d-----w- c:\users\xxx\AppData\Local\Installer5848
2011-11-01 08:05 . 2011-11-01 08:05 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-11-01 08:05 . 2011-11-01 08:05 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-11-01 08:05 . 2011-11-01 08:05 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-11-01 08:05 . 2011-11-01 08:05 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-11-01 08:05 . 2011-11-01 08:05 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-11-01 08:05 . 2011-11-01 08:05 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-11-01 08:05 . 2011-11-01 08:05 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-11-01 08:05 . 2011-11-01 08:05 -------- d-----w- c:\program files\QuickTime
2011-11-01 08:02 . 2011-11-01 08:02 -------- d-----w- c:\program files\iPod
2011-10-31 08:36 . 2011-10-31 08:36 9925160 ----a-w- c:\program files\Common Files\lpuninstall.exe
2011-10-31 08:36 . 2011-10-31 08:36 -------- d-----w- c:\program files\LastPass
2011-10-28 06:18 . 2011-10-28 06:18 -------- d-----w- c:\users\xxx\AppData\Local\MicroVision Applications
2011-10-28 06:17 . 2011-10-28 06:17 -------- d-----w- c:\program files\Common Files\SureThing Shared
2011-10-28 06:17 . 2011-10-28 06:17 -------- d-----w- c:\program files\SureThing
2011-10-28 06:17 . 2011-10-28 06:17 -------- d-----w- c:\windows\MVUNINST
2011-10-28 06:17 . 2002-01-05 01:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-10-28 06:17 . 1996-08-24 10:11 289552 ----a-w- c:\windows\system32\temp.001
2011-10-28 06:17 . 1993-10-14 16:51 28672 ----a-w- c:\windows\system32\temp.000
2011-10-25 13:42 . 2011-10-03 03:06 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-22 22:53 . 2011-10-22 22:54 -------- dc-h--w- c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2011-10-22 22:49 . 2011-10-22 22:49 -------- dc-h--w- c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2011-10-18 10:35 . 2011-10-18 10:35 -------- d-----w- c:\users\xxx\AppData\Roaming\Avira
2011-10-18 10:35 . 2011-10-11 13:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-18 10:35 . 2011-10-11 13:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-18 10:35 . 2011-10-11 13:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-18 10:34 . 2011-11-05 12:43 -------- d-----w- c:\programdata\Avira
2011-10-18 10:34 . 2011-10-18 10:34 -------- d-----w- c:\program files\Avira
2011-10-16 17:55 . 2011-10-16 17:55 18139008 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2011-10-14 00:01 . 2010-11-20 12:17 941568 ----a-w- c:\windows\system32\mblctr.exe
2011-10-14 00:00 . 2010-11-20 12:21 750080 ----a-w- c:\windows\system32\sdcpl.dll
2011-10-13 23:59 . 2009-07-14 01:16 379904 ----a-w- c:\windows\system32\pnpui.dll
2011-10-13 23:59 . 2010-11-20 12:20 2494464 ----a-w- c:\windows\system32\netshell.dll
2011-10-13 23:59 . 2009-07-14 01:06 9053696 ----a-w- c:\windows\system32\mmres.dll
2011-10-13 23:59 . 2009-07-14 01:06 705536 ----a-w- c:\windows\system32\imagesp1.dll
2011-10-13 23:59 . 2009-07-14 01:15 56320 ----a-w- c:\windows\system32\hotplug.dll
2011-10-13 23:59 . 2010-11-20 12:18 744448 ----a-w- c:\windows\system32\ActionCenter.dll
2011-10-13 22:59 . 2011-10-13 23:01 -------- d-----w- c:\program files\plexydesk
2011-10-13 22:51 . 2011-10-13 22:51 -------- d-----w- c:\users\xxx\AppData\Local\Bump Technologies, Inc
2011-10-13 20:51 . 2011-11-03 09:58 -------- d-----w- c:\users\xxx\AppData\Local\MediaMonkey
2011-10-13 20:51 . 2011-11-03 09:58 -------- d-----w- c:\program files\MediaMonkey
2011-10-13 20:37 . 2011-10-13 20:37 -------- d-----w- C:\$WINDOWS.~BT
2011-10-13 20:13 . 2011-07-29 11:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 12:09 . 2011-08-09 04:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 03:06 . 2011-06-20 16:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-25 22:24 . 2011-09-25 22:24 0 ---ha-w- c:\users\xxx\AppData\Roaming\.51BEE852859F7D89.sys
2011-09-25 22:12 . 2011-09-25 22:12 49152 ----a-r- c:\users\xxx\AppData\Roaming\Microsoft\Installer\{2D314071-26CD-47EA-A01E-82FADDE951C5}\LiquidInstrument.exe_2D31407126CD47EAA01E82FADDE951C5.exe
2011-08-30 22:05 . 2011-08-30 22:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-11-09 20:22 . 2011-08-09 03:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\xxx\AppData\Roaming\BID ----
.
2011-11-10 10:51 . 2011-11-10 10:53 4422 ----a-w- c:\users\xxx\AppData\Roaming\BID\Log\BID.LOG
2011-11-10 10:50 . 2011-11-10 11:36 29786 ----a-w- c:\users\xxx\AppData\Roaming\BID\bim.ini
.
---- Directory of c:\windows\W7SBC ----
.
2011-11-05 23:08 . 2011-11-05 23:08 35046 ----a-w- c:\windows\W7SBC\cur.bmp
2011-11-05 23:08 . 2011-11-05 23:08 65 ----a-w- c:\windows\W7SBC\res.ini
2011-11-05 23:08 . 2011-11-05 23:08 160 ----a-w- c:\windows\W7SBC\res.log
2011-11-05 23:08 . 2011-11-05 23:08 238 ----a-w- c:\windows\W7SBC\restore.bat
2011-11-05 23:08 . 2011-11-05 23:08 218 ----a-w- c:\windows\W7SBC\change.bat
2011-11-05 23:08 . 2011-11-05 23:08 755 ----a-w- c:\windows\W7SBC\scr
2011-11-05 23:08 . 2011-11-05 23:08 822272 ----a-w- c:\windows\W7SBC\res.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-11_19.48.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-20 15:27 . 2011-11-11 21:19 52158 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-11-11 21:19 43594 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-20 14:16 . 2011-11-11 21:19 15512 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3208466087-60621075-3746657911-1002_UserData.bin
- 2011-06-20 13:48 . 2011-11-11 19:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-20 13:48 . 2011-11-11 21:15 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-20 13:48 . 2011-11-11 19:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-20 13:48 . 2011-11-11 21:15 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2011-11-11 21:15 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2011-11-11 19:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-20 14:09 . 2011-11-11 21:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-20 14:09 . 2011-11-11 17:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2011-11-11 21:19 81216 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-06-20 14:09 . 2011-11-11 21:17 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-20 14:09 . 2011-11-11 17:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-20 14:09 . 2011-11-11 17:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-20 14:09 . 2011-11-11 21:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-20 14:15 . 2011-11-11 22:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-20 14:15 . 2011-11-11 19:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-20 14:15 . 2011-11-11 19:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-20 14:15 . 2011-11-11 22:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-11 21:15 . 2011-11-11 21:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-11 17:10 . 2011-11-11 17:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-11 21:15 . 2011-11-11 21:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-11 17:10 . 2011-11-11 17:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:47 . 2011-11-11 21:09 835280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2011-11-11 03:38 835280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:34 . 2011-11-11 21:18 5981801 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:34 . 2011-11-09 16:50 5981801 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-11-10 12:48 . 2011-11-11 21:09 1052544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-11-10 12:48 . 2011-11-11 03:38 1052544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-09 16:43 . 2011-11-11 21:09 7230372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3208466087-60621075-3746657911-1002-8192.dat
+ 2011-07-28 03:10 . 2011-11-11 21:09 8649220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3208466087-60621075-3746657911-1002-12288.dat
- 2011-07-28 03:10 . 2011-11-09 15:03 8649220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3208466087-60621075-3746657911-1002-12288.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pidgin"="c:\program files\Pidgin\pidgin.exe" [2011-08-20 48618]
"ncid.Net"="c:\program files\ncid.Net\ncid.Net.exe" [2011-11-03 984064]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-09-29 106496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-10-02 643592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-11-05 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2008-09-29 11:14 106496 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 136176]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [x]
R3 MSSQL$JTLWAWI;SQL Server (JTLWAWI);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SCL01132;SCL011 Contactless Reader;c:\windows\system32\DRIVERS\SCL01132.sys [2010-05-07 61824]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2011-11-05 111160]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2011-11-05 616400]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-11-05 342480]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-11-05 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-11-05 463824]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2011-11-05 91096]
S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
S3 MADFUCONECTIV;Service for M-Audio Conectiv DFU;c:\windows\system32\DRIVERS\MAudioConectiv_DFU.sys [2009-10-02 42248]
S3 MAUSBCONECTIV;Service for M-Audio Conectiv;c:\windows\system32\DRIVERS\MAudioConectiv.sys [2009-10-02 158344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 13:15]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 13:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Alles mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: BID Link Explorer: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: BID: Link in Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: BID: Seite in &Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: BID: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: BID: Öffne diesen &Link - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Mit BitComet herunter&laden - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\nxh9q5dv.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3208466087-60621075-3746657911-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{721F34D6-177E-0B5A-100D-6F2E2FB2D6A9}*]
"hagdjmlmbgfojoff"=hex:6a,61,61,63,69,67,69,6a,6e,65,6d,64,63,6b,6d,68,6f,64,
6f,65,00,d4
"iamcdoknakfgojhdhg"=hex:6a,61,61,63,6e,61,6a,6a,67,6f,66,67,6e,62,6f,6f,61,6d,
6c,6d,00,00
.
[HKEY_USERS\S-1-5-21-3208466087-60621075-3746657911-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A225EC91-5397-517E-C9B1-973E71617067}*]
"iaecmhkjhjfchkkjhp"=hex:6b,61,69,64,6e,69,6d,67,6a,61,62,65,6e,67,6d,68,66,63,
6b,61,66,65,00,00
"hakbgomlhamfaklm"=hex:6b,61,69,64,6e,69,6d,67,6a,61,62,65,6e,67,6d,68,66,63,
6b,61,66,65,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic\{1246792F-C12E-81AE-FE96-35D2FC917677}*_]
"fr"="078D534A595D51"
"lr"="078D4C40445D51"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-11 23:31:53
ComboFix-quarantined-files.txt 2011-11-11 22:31
ComboFix2.txt 2011-11-11 19:54
.
Vor Suchlauf: 14 Verzeichnis(se), 13.989.175.296 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 13.909.458.944 Bytes frei
.
- - End Of File - - 006F126DF472882EE38027C88E150C85
|
|
12.11.2011, 13:01
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I |
| .com, alternate, antivir, avira, bho, bonjour, c:\windows\system32\rundll32.exe, defender, document, downloader, excel.exe, explorer, firefox, firewall, format, helper, home, internet, internet langsam, langs, logfile, monitor, msvcrt, nvlddmkm.sys, plug-in, registry, rundll, senden, server, svchost, svchost.exe, tcp, udp, version=1.0, webcheck, win32/small.gen!i, windows, winlogon.exe |
Linear-Darstellung
