Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner FakeAlert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.11.2011, 12:44   #1
Blumenwiese
 
Trojaner FakeAlert - Standard

Trojaner FakeAlert



Hallo,

heute hat sich ein "Antiviren-Programm" bei mir gemütlich gemacht. Bin derzeit im abgesicherten Modus und habe Malwarebytes drüber scannen lassen.

Hier die Log-Datei:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8159

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

14.11.2011 11:41:42
mbam-log-2011-11-14 (11-41-42).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 190621
Laufzeit: 3 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sIyTmnsPQfX.exe (Trojan.FakeAlert) -> Value: sIyTmnsPQfX.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\siytmnspqfx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\orf1rbdmofdjpb.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\18paam6x8uy32g.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\3093.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\98D7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\guqsxfgvoxlht0.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\wusa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\~!#BF9A.tmp (Trojan.Inject) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\0.4948223278427448.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
         

Hier noch Log-Datein von alten Scans:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7883

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

06.10.2011 13:24:23
mbam-log-2011-10-06 (13-24-23).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 201419
Laufzeit: 7 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6624

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

20.05.2011 11:33:35
mbam-log-2011-05-20 (11-33-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 370370
Laufzeit: 1 Stunde(n), 1 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B922D405-6D13-4A2B-AE89-08A030DA4402}\COMPONENTS\PDFFORGETOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: PDFFORGETOOLBARFF.DLL -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\mozilla firefox\extensions\{b922d405-6d13-4a2b-ae89-08a030da4402}\components\pdfforgetoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6624

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

20.05.2011 10:21:06
mbam-log-2011-05-20 (10-21-06).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 175581
Laufzeit: 3 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 14.11.2011 11:51:47 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\*\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 78,97% Memory free
6,20 Gb Paging File | 5,79 Gb Available in Paging File | 93,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,61 Gb Total Space | 406,05 Gb Free Space | 70,42% Space Free | Partition Type: NTFS
Drive D: | 19,55 Gb Total Space | 13,33 Gb Free Space | 68,19% Space Free | Partition Type: FAT32
 
Computer Name: *-PC | User Name: * | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{182E67FC-4F59-474F-B9C1-9A929ACA6FF3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1F0F7712-BF80-4AEB-8F9C-928CD50811F7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{28947FAA-1985-41AD-9BA6-B944B53BF501}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{355FB103-FD41-4A10-A6C1-7FB164F54612}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5C921513-FA38-41B5-AFBB-D8FAF561C2AE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{69D85F44-B385-4149-BA59-F8A92EA80B44}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6AD37F0C-EC13-4241-B8A3-2073CFE75587}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | 
"{78DD2770-F3A5-4436-B2BC-BA0CBD94A8F7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7A0926A4-F5FB-4A62-8EFD-9D7B1B2D73D4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7BEBADC2-E40A-4B76-9A85-85AB26E20F59}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | 
"{8BB5D3A3-F541-4D00-854C-BDD13980D283}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{90720311-134C-4EF5-9D5D-814DB9EC2496}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{917C7491-0480-45B8-9036-79444CD6CB23}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{971DBBAD-A81D-42BA-A64C-A5DC571A343E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A8B1D00B-5B0D-4DB5-AC29-0408592D2B91}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AA4DABD8-A2AC-4E94-9C76-D46AF7BF9E6D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B7F48FCF-F3CA-480A-AAD4-B7EFB0731D93}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C1270D8B-5EC4-4710-95A6-03E70C263BD4}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | 
"{C58EABCF-525A-448C-8EC3-88E1AE270152}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E3CA773C-C55B-41D4-8F8F-342D63CC18BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E8934A54-F31B-4807-B5AF-AEA04B10B508}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EE73CAD9-BCC6-486E-B444-7A003C1F99AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F1B022FB-A0B8-46ED-99E4-93AA579609A8}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02ED4ACB-F7C6-42FE-A167-4B83FB00F793}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1BFFC4AF-9B13-4A66-84DD-B71A10C2F1F1}" = protocol=6 | dir=in | app=c:\users\*\appdata\local\temp\ins4308\setup\bin\maininst.exe | 
"{1F0B1D74-9CB2-4A10-95D5-31EA94FAEFAD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1F360168-4EEB-4A22-920A-BF70179401CB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{25F9F6B1-C512-4A18-8C8A-48CEE00BF5DC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{38010F0C-9E0C-434E-AA6E-BB0B2648817F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{77619B93-13FC-4027-9635-FC47ED167F1E}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{78E7469C-DD8A-4B64-ADFB-3F7C7EA46041}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8151AF7F-6145-4804-AA7E-5F09C93C02A1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{8A5B0940-5EDA-4CA7-95C9-439067DEDA82}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{943721B8-3FED-4623-93C5-20AED5B22CF0}" = protocol=17 | dir=in | app=c:\users\*\appdata\local\temp\ins4308\setup\bin\maininst.exe | 
"{9F734A5C-EC0A-4782-8B20-1A3D993D6AA6}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{AD1979FD-2837-4573-8F0A-1F874A96BCA1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{B8176040-B066-42FF-84EF-71174CD5CEE9}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{BEA0A3B3-DBE4-44E8-A4AB-20C18015BE1F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB436949-CC95-4F1C-9471-0ECA2D776867}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DC7B8546-71F4-492F-A101-7C107DDA9B35}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FD08C18A-C13B-4844-85AA-6D109830918D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{16AA6523-F560-4DAC-B64D-8E7237B6F345}C:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"TCP Query User{1DCD0280-613B-4811-9E74-DD36F3ACCE32}C:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"TCP Query User{316FB121-4081-441A-B18C-86019EF9E70E}C:\users\*\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\*\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
"TCP Query User{67764990-4DB3-4CAB-A98E-4E9F34D497A1}C:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"TCP Query User{7312BBD5-C7C3-49C3-B913-DA29869DAAE8}C:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"TCP Query User{831B596B-B10B-4F2B-916C-BB72AC8F160F}C:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"TCP Query User{975233EA-C0DD-4D25-8BCD-47278132FB03}C:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"TCP Query User{E853903F-41E6-45D3-A136-7FE411A53898}E:\setup.exe" = protocol=6 | dir=in | app=e:\setup.exe | 
"UDP Query User{1A048BCE-1EC8-4265-8441-86B03DB182BE}C:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{24BA53AC-A94A-46FB-9EEB-008CEB2EC677}C:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{649AEF97-1F1C-4538-9296-4531599888A9}C:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{7AE73B26-2A3E-4C06-96DC-CFF942496D43}C:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{AE1DCDAD-67A1-46E6-BA41-CB402500C593}C:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{CD70A618-C923-4ADB-953F-A55BB91A90DB}C:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{E7E5D31B-6D42-41AD-A16D-D6C31DE1C235}E:\setup.exe" = protocol=17 | dir=in | app=e:\setup.exe | 
"UDP Query User{FECA17D4-82E4-41A0-ADB6-FE99D21A6BF7}C:\users\*\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\*\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0ED47137-C071-46CC-A243-E5E33271E10E}" = Windows Live Sign-in Assistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DDB7A5-00A9-96D3-AF53-AF143CE29CD1}" = Catalyst Control Center InstallProxy
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 25
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{432DEFB9-9C74-A859-1B66-F67530CF1D33}" = Catalyst Control Center Localization German
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73EBF259-D41F-3517-78C6-29F335BD252B}" = Skins
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7AEBD87F-7818-2C67-F0F5-822E0260D002}" = Catalyst Control Center Graphics Full New
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{98129815-2DEB-7E30-8105-65CC9D0E3F0D}" = ccc-utility
"{9992BAC0-E57C-1BBB-8391-3DEC5BFC025B}" = ATI Catalyst Install Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9E752ADC-4903-E12F-8843-743A78CD3CBB}" = ccc-core-static
"{9F9D923C-8BF4-859A-853A-7C4299FD98DD}" = Catalyst Control Center Core Implementation
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BF8DC7F0-DB69-5F15-4871-5B38C95410EA}" = Catalyst Control Center Graphics Light
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1D1D5FE-AF9E-9150-1493-C76A81A69FEE}" = Catalyst Control Center Graphics Full Existing
"{D66BDB75-FBB8-4B4E-5379-B17E7EBD7B1A}" = CCC Help English
"{DC344C96-0A5D-65C7-F0D3-CCBA48DDA190}" = CCC Help German
"{E37C6398-2D75-6EF3-FA55-CF4B92371940}" = Catalyst Control Center Graphics Previews Vista
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"HFRS_is1" = Trend Micro SafeSync
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP-Color LaserJet 2600n" = Color LaserJet 2600n
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Mozilla Thunderbird (6.0.1)" = Mozilla Thunderbird (6.0.1)
"NVIDIA Drivers" = NVIDIA Drivers
"Plugin Marketing Booster_is1" = DATA BECKER Plugin Marketing Booster
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Recuva" = Recuva
"Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series
"SEO Traffic-Booster_is1" = DATA BECKER SEO Traffic-Booster
"shop to date 6.0 pro MultiUser_is1" = DATA BECKER shop to date 6.0 pro MultiUser
"shop to date 7 pro MultiUser_is1" = DATA BECKER shop to date 7 pro MultiUser
"uninstall.exe" = iLinc Client
"VLC media player" = VLC media player 1.0.5
"web2date" = DATA BECKER shop to date 5
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.11.2011 06:22:29 | Computer Name = *-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.11.2011 06:24:21 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.11.2011 06:24:21 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.11.2011 06:24:25 | Computer Name = *-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.11.2011 06:24:37 | Computer Name = *-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
 0x47c6bd1b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x17271727,  Prozess-ID 0x5a8, Anwendungsstartzeit
 01cca2b793788352.
 
Error - 14.11.2011 06:31:01 | Computer Name = *-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.11.2011 06:31:08 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.11.2011 06:31:08 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.11.2011 06:34:07 | Computer Name = *-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 14.11.2011 06:34:13 | Computer Name = *-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 01.07.2010 05:27:00 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2779
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 30.07.2010 07:30:14 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9923
 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error - 01.09.2010 06:49:56 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3039
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2010 04:56:25 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1326
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2010 08:43:22 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13569
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 30.09.2010 08:46:30 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6923
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 04.10.2010 04:56:01 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3401
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 12.10.2010 02:38:50 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 820
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 26.10.2010 08:51:00 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6441
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 28.10.2010 04:55:04 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6405
 seconds with 420 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14.11.2011 06:33:38 | Computer Name = *-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.11.2011 um 11:32:02 unerwartet heruntergefahren.
 
Error - 14.11.2011 06:34:00 | Computer Name = *-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 14.11.2011 06:33:59 | Computer Name = *-PC | Source = netbt | ID = 4321
Description = Der Name "*-PC       :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.119  registriert werden. Der Computer mit IP-Adresse 192.168.2.102
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 14.11.2011 06:33:59 | Computer Name = *-PC | Source = netbt | ID = 4321
Description = Der Name "*-PC       :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.119  registriert werden. Der Computer mit IP-Adresse 192.168.2.102
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 14.11.2011 06:34:07 | Computer Name = *-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 14.11.2011 06:34:08 | Computer Name = *-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 14.11.2011 06:34:09 | Computer Name = *-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 14.11.2011 06:34:10 | Computer Name = *-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 14.11.2011 06:34:14 | Computer Name = *-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 14.11.2011 06:34:14 | Computer Name = *-PC | Source = Service Control Manager | ID = 7026
Description = 
 
[ TuneUp Events ]
Error - 10.10.2011 07:49:55 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-10 13:49:55', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','5388',0)
 
Error - 12.10.2011 04:11:56 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-12 10:11:56', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3732',0)
 
Error - 12.10.2011 04:43:09 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-12 10:43:09', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','5016',0)
 
Error - 12.10.2011 05:07:16 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-12 11:07:16', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','5580',0)
 
Error - 12.10.2011 07:35:27 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-12 13:35:27', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3844',0)
 
Error - 14.10.2011 04:19:58 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-14 10:19:58', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','4260',0)
 
Error - 14.10.2011 04:20:13 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-14 10:20:13', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','2988',0)
 
Error - 18.10.2011 08:41:59 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-18 14:41:59', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3736',0)
 
Error - 19.10.2011 02:31:04 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-19 08:31:04', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3060',0)
 
Error - 26.10.2011 08:29:43 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-26 14:29:43', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3172',0)
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 14.11.2011 11:51:47 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\*\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 78,97% Memory free
6,20 Gb Paging File | 5,79 Gb Available in Paging File | 93,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,61 Gb Total Space | 406,05 Gb Free Space | 70,42% Space Free | Partition Type: NTFS
Drive D: | 19,55 Gb Total Space | 13,33 Gb Free Space | 68,19% Space Free | Partition Type: FAT32
 
Computer Name: *-PC | User Name: * | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.14 11:49:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.01 18:12:42 | 003,730,192 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro SafeSync\hrfscore.exe -- (OnlineStorageService)
SRV - [2011.07.04 19:11:47 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 08:06:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.01 14:12:56 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2011.03.01 14:12:56 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.11.16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.10.13 21:03:54 | 000,187,456 | -H-- | M] (DATA BECKER GmbH & Co KG) [Auto | Stopped] -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2009.07.10 11:23:54 | 000,036,864 | ---- | M] (Realtek) [Auto | Stopped] -- C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.01 18:20:10 | 000,143,120 | ---- | M] (Trend Micro Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hrfsmrx.sys -- (hrfsmrx)
DRV - [2011.07.04 19:11:48 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.04 19:11:48 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.03.10 09:33:48 | 000,526,848 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.09.10 08:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.06.09 12:04:48 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.13 05:41:54 | 004,179,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.09.05 01:01:00 | 000,419,328 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV - [2008.09.05 01:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2008.09.05 01:01:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2007.12.08 07:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007.11.17 19:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.10.12 15:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: foxyseotool@foxyseotool.com:0.8.4
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: senseo@nico*er.de:1.4.3
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.6
FF - prefs.js..extensions.enabledItems: seoquake-plugin-seolinx@seoquake.com:1.0.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.06 11:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.06 10:46:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.04 18:33:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
 
[2010.11.18 11:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2010.11.18 11:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.05.05 10:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.11.11 09:34:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions
[2010.10.29 09:09:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.25 09:21:25 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2009.10.08 11:02:24 | 000,000,000 | ---D | M] (RankQuest SEO Toolbar) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{556d6eb2-aed0-4a4c-98a0-6f1dd597b98b}
[2011.10.06 11:35:55 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2009.10.08 11:05:05 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\seoquake-plugin-seolinx@seoquake.com
[2011.05.20 10:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.01.20 10:18:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.07.03 13:29:44 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2011.05.20 10:37:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.05.20 10:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2009.07.03 13:29:44 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\FOXYSEOTOOL@FOXYSEOTOOL.COM.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\SENSEO@NICO*ER.DE.XPI
[2011.10.06 11:35:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.05.30 00:20:07 | 000,535,840 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCltInstall.dll
[2011.04.14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.06 11:35:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.06 11:35:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.06 11:35:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 11:35:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.06 11:35:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 11:35:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\13.0.782.220\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: iLinc Communications Netscape/Mozilla Install Plugin v 10.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCltInstall.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://ips.poi.de/ips-opdata/operator/69189345/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{389EAD2B-CB3B-4DBE-AF76-B4DDA96042D2}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{676F61E6-2878-4DB0-9FC3-602069A8F55B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{754E2F00-44F8-4003-A773-0E2976769286}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FAD0C66-3017-4A6F-B0FC-39D80FB40CD4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9067AE95-3FC3-4C5A-A0DB-3AB697C7FD83}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{914E0EA0-B606-40E8-BACC-BAC20B424978}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC299F6F-9EAA-4D25-9CE3-E963A17F1F3B}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C47FD66D-8815-4180-BD75-9F637405777B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\Shell\AutoRun\command - "" = G:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.14 11:49:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2011.11.14 11:25:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011.11.10 13:53:35 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Facility
[2011.11.01 10:01:35 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Timelines
[2011.10.25 14:34:29 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Legionellen
[2011.10.17 09:42:14 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.10.17 09:42:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.10.17 09:42:12 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.10.17 09:42:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.10.17 09:42:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[1 C:\Users\*\AppData\Local\*.tmp files -> C:\Users\*\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.14 11:49:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2011.11.14 11:47:09 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\udnnl.sys
[2011.11.14 11:38:27 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.14 11:38:27 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.14 11:38:27 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.14 11:38:27 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.14 11:33:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.14 11:30:40 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2011.11.14 11:30:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.14 11:30:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.14 11:30:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.14 11:28:03 | 000,000,440 | -H-- | M] () -- C:\ProgramData\oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,613 | ---- | M] () -- C:\Users\*\Desktop\System Restore.lnk
[2011.11.14 11:25:11 | 000,000,288 | -H-- | M] () -- C:\ProgramData\~oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~oRf1rBdMoFDJPbr
[2011.11.14 10:47:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.14 10:42:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1121016878-2803726019-2787449478-1000UA.job
[2011.11.10 13:54:23 | 000,040,448 | ---- | M] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.10 08:42:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1121016878-2803726019-2787449478-1000Core.job
[2011.10.27 08:44:28 | 000,004,096 | -H-- | M] () -- C:\Users\Public\Documents\0000055F.LCS
[2011.10.21 17:40:39 | 080,464,399 | ---- | M] () -- C:\Users\*\Documents\gynefix herstellerseite neu 21_10_2011 18_40_31.w2b
[2011.10.20 15:43:17 | 000,023,921 | ---- | M] () -- C:\Users\*\Desktop\google36afa2453f3593ee.html
[2011.10.17 14:03:50 | 000,359,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\*\AppData\Local\*.tmp files -> C:\Users\*\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.14 11:47:09 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\udnnl.sys
[2011.11.14 11:25:11 | 000,000,613 | ---- | C] () -- C:\Users\*\Desktop\System Restore.lnk
[2011.11.14 11:25:11 | 000,000,288 | -H-- | C] () -- C:\ProgramData\~oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~oRf1rBdMoFDJPbr
[2011.11.14 11:24:57 | 000,000,440 | -H-- | C] () -- C:\ProgramData\oRf1rBdMoFDJPb
[2011.10.21 17:40:38 | 080,464,399 | ---- | C] () -- C:\Users\*\Documents\gynefix herstellerseite neu 21_10_2011 18_40_31.w2b
[2011.10.20 15:43:16 | 000,023,921 | ---- | C] () -- C:\Users\*\Desktop\google36afa2453f3593ee.html
[2011.09.28 12:42:00 | 000,000,000 | ---- | C] () -- C:\Users\*\AppData\Local\{028D49B7-4ABC-43E5-985D-38B5923CD516}
[2011.09.27 07:03:33 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.06.21 06:42:38 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2011.05.20 10:55:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.20 10:55:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.03.10 09:34:24 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.01.20 10:19:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.09 07:50:56 | 000,007,512 | ---- | C] () -- C:\Users\*\AppData\Local\d3d9caps.dat
[2010.04.21 08:34:45 | 000,015,917 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2009.08.28 07:35:23 | 000,000,176 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2009.07.28 19:38:04 | 000,040,448 | ---- | C] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.03 13:28:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.06.09 11:58:22 | 000,016,070 | ---- | C] () -- C:\Windows\German2.ini
[2009.06.09 11:58:21 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2009.06.09 11:58:21 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2009.06.05 15:49:15 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2009.06.05 14:37:12 | 011,206,656 | R--- | C] () -- C:\Windows\System32\zhhp_res.dll
[2009.06.05 14:37:12 | 000,749,568 | R--- | C] () -- C:\Windows\System32\agissi.dll
[2009.06.05 14:37:12 | 000,348,160 | R--- | C] () -- C:\Windows\System32\zshp2600.exe
[2009.06.05 14:37:12 | 000,299,008 | R--- | C] () -- C:\Windows\System32\zhhp2600.exe
[2009.06.05 13:09:03 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.01.06 19:15:52 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.01.06 19:15:52 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.01.06 19:15:52 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.01.06 19:15:52 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.01.06 11:32:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.01.06 11:00:22 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.01.06 11:00:22 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.01.06 11:00:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.01.06 11:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.01.06 11:00:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009.01.06 10:26:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.01.21 03:24:13 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,359,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009.10.15 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DasTelefonbuch GelbeSeiten Map&Route
[2010.06.07 14:28:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FRITZ!
[2011.10.06 11:15:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ProtectDisc
[2010.11.18 11:08:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thunderbird
[2010.02.08 09:34:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software
[2009.10.15 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TVG
[2009.07.11 14:41:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zeiterfassung.6E382B54F302B7E9C6B2FE0F7306F12B647405FB.1
[2011.11.14 11:30:40 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.11.14 11:29:02 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.17 10:32:53 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E06AF3D3-5AFE-464C-84A3-8485B5260C55}.job
 
========== Purity Check ==========
 
 

< End of report >
         
Defogger:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:00 on 14/11/2011 (Reblu)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

GMER:

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-11-14 12:42:18
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000056 WDC_WD64 rev.05.0
Running: knnmbkcs.exe; Driver: C:\Users\*\AppData\Local\Temp\pwlorpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                                                                                                                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay coffret PERSONA découvrez vos jours de fertilité (Artikel 160000674781 endet 29_06_06 181745 MESZ)-Dateien\CADERLXU-Dateien        0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay coffret PERSONA découvrez vos jours de fertilité (Artikel 160000674781 endet 29_06_06 181745 MESZ)-Dateien\eBayISAPI-Dateien       0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay Monitor Persona come nuovo Mai Usato Test Ovulazione (Artikel 7775845278 endet 27_06_06 163044 MESZ)-Dateien\CAFNDE8X-Dateien      0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay Monitor Persona come nuovo Mai Usato Test Ovulazione (Artikel 7775845278 endet 27_06_06 163044 MESZ)-Dateien\eBayISAPI-Dateien     0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay persona - contraccettivo naturale - controllo fertilità (Artikel 9531881472 endet 26_06_06 134950 MESZ)-Dateien\CAQZZZNW-Dateien   0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay persona - contraccettivo naturale - controllo fertilità (Artikel 9531881472 endet 26_06_06 134950 MESZ)-Dateien\eBayISAPI-Dateien  0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay PERSONA - Sistema di contaccezione naturale (Artikel 130012277600 endet 09_08_06 235240 MESZ)-Dateien\CAMGUBYD-Dateien             0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay PERSONA - Sistema di contaccezione naturale (Artikel 130012277600 endet 09_08_06 235240 MESZ)-Dateien\eBayISAPI-Dateien            0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay PERSONA CONTRACCETTIVO NATURALE - CONTROLLO FERTILITÀ (Artikel 180001841273 endet 06_07_06 132912 MESZ)-Dateien\CA3ZTSAX-Dateien   0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay PERSONA CONTRACCETTIVO NATURALE - CONTROLLO FERTILITÀ (Artikel 180001841273 endet 06_07_06 132912 MESZ)-Dateien\eBayISAPI-Dateien  0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay coffret PERSONA découvrez vos jours de fertilité (Artikel 160000674781 endet 29_06_06 181745 MESZ)-Dateien\CADERLXU-Dateien             0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay coffret PERSONA découvrez vos jours de fertilité (Artikel 160000674781 endet 29_06_06 181745 MESZ)-Dateien\eBayISAPI-Dateien            0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay Monitor Persona come nuovo Mai Usato Test Ovulazione (Artikel 7775845278 endet 27_06_06 163044 MESZ)-Dateien\CAFNDE8X-Dateien           0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay Monitor Persona come nuovo Mai Usato Test Ovulazione (Artikel 7775845278 endet 27_06_06 163044 MESZ)-Dateien\eBayISAPI-Dateien          0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay persona - contraccettivo naturale - controllo fertilità (Artikel 9531881472 endet 26_06_06 134950 MESZ)-Dateien\CAQZZZNW-Dateien        0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay persona - contraccettivo naturale - controllo fertilità (Artikel 9531881472 endet 26_06_06 134950 MESZ)-Dateien\eBayISAPI-Dateien       0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay PERSONA CONTRACCETTIVO NATURALE - CONTROLLO FERTILITÀ (Artikel 180001841273 endet 06_07_06 132912 MESZ)-Dateien\CA3ZTSAX-Dateien        0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay PERSONA CONTRACCETTIVO NATURALE - CONTROLLO FERTILITÀ (Artikel 180001841273 endet 06_07_06 132912 MESZ)-Dateien\eBayISAPI-Dateien       0 bytes

---- EOF - GMER 1.0.15 ----
         

Alt 14.11.2011, 15:20   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner FakeAlert - Standard

Trojaner FakeAlert



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 15.11.2011, 08:20   #3
Blumenwiese
 
Trojaner FakeAlert - Standard

Trojaner FakeAlert



Hallo,

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8160

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

14.11.2011 16:46:44
mbam-log-2011-11-14 (16-46-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 399134
Laufzeit: 1 Stunde(n), 19 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7ca3c9cca1a31c46885d44ee0ad86604
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-14 04:32:54
# local_time=2011-11-14 05:32:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775166 100 100 18653 96177592 19186 0
# compatibility_mode=5892 16776573 100 100 13431 158813756 0 0
# compatibility_mode=8192 67108863 100 0 3700 3700 0 0
# scanned=220420
# found=3
# cleaned=0
# scan_time=7346
C:\Program Files\pdfforge Toolbar\SearchSettings.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Users\*\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\57c430d-34fda5a5	Win32/TrojanDownloader.Small.PHM trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\*\Downloads\SoftonicDownloader_fuer_recuva.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
         
__________________

Alt 15.11.2011, 09:33   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner FakeAlert - Standard

Trojaner FakeAlert



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.11.2011, 10:17   #5
Blumenwiese
 
Trojaner FakeAlert - Standard

Trojaner FakeAlert



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.11.2011 09:54:28 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\*\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 81,87% Memory free
6,19 Gb Paging File | 5,85 Gb Available in Paging File | 94,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,61 Gb Total Space | 405,56 Gb Free Space | 70,34% Space Free | Partition Type: NTFS
Drive D: | 19,55 Gb Total Space | 13,33 Gb Free Space | 68,19% Space Free | Partition Type: FAT32
 
Computer Name: *-PC | User Name: * | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.14 11:49:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.01 18:12:42 | 003,730,192 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro SafeSync\hrfscore.exe -- (OnlineStorageService)
SRV - [2011.07.04 19:11:47 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 08:06:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.01 14:12:56 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2011.03.01 14:12:56 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.11.16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.10.13 21:03:54 | 000,187,456 | -H-- | M] (DATA BECKER GmbH & Co KG) [Auto | Stopped] -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2009.07.10 11:23:54 | 000,036,864 | ---- | M] (Realtek) [Auto | Stopped] -- C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.01 18:20:10 | 000,143,120 | ---- | M] (Trend Micro Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hrfsmrx.sys -- (hrfsmrx)
DRV - [2011.07.04 19:11:48 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.04 19:11:48 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.03.10 09:33:48 | 000,526,848 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.09.10 08:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.06.09 12:04:48 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.13 05:41:54 | 004,179,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.09.05 01:01:00 | 000,419,328 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV - [2008.09.05 01:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2008.09.05 01:01:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2007.12.08 07:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007.11.17 19:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.10.12 15:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: foxyseotool@foxyseotool.com:0.8.4
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: senseo@nicosteiner.de:1.4.3
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.6
FF - prefs.js..extensions.enabledItems: seoquake-plugin-seolinx@seoquake.com:1.0.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.06 11:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.06 10:46:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.04 18:33:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
 
[2010.11.18 11:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2010.11.18 11:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.05.05 10:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.11.11 09:34:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions
[2010.10.29 09:09:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.25 09:21:25 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2009.10.08 11:02:24 | 000,000,000 | ---D | M] (RankQuest SEO Toolbar) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{556d6eb2-aed0-4a4c-98a0-6f1dd597b98b}
[2011.10.06 11:35:55 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2009.10.08 11:05:05 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\seoquake-plugin-seolinx@seoquake.com
[2011.05.20 10:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.01.20 10:18:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.07.03 13:29:44 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2011.05.20 10:37:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.05.20 10:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2009.07.03 13:29:44 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\FOXYSEOTOOL@FOXYSEOTOOL.COM.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\SENSEO@NICOSTEINER.DE.XPI
[2011.10.06 11:35:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.05.30 00:20:07 | 000,535,840 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCltInstall.dll
[2011.04.14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.06 11:35:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.06 11:35:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.06 11:35:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 11:35:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.06 11:35:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 11:35:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\13.0.782.220\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: iLinc Communications Netscape/Mozilla Install Plugin v 10.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCltInstall.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://ips.poi.de/ips-opdata/operator/69189345/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{389EAD2B-CB3B-4DBE-AF76-B4DDA96042D2}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{676F61E6-2878-4DB0-9FC3-602069A8F55B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{754E2F00-44F8-4003-A773-0E2976769286}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FAD0C66-3017-4A6F-B0FC-39D80FB40CD4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9067AE95-3FC3-4C5A-A0DB-3AB697C7FD83}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{914E0EA0-B606-40E8-BACC-BAC20B424978}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC299F6F-9EAA-4D25-9CE3-E963A17F1F3B}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C47FD66D-8815-4180-BD75-9F637405777B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\Shell\AutoRun\command - "" = G:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.14 17:22:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.11.14 15:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.14 11:49:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2011.11.14 11:25:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011.11.10 13:53:35 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Facility
[2011.11.01 10:01:35 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Timelines
[2011.10.25 14:34:29 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Legionellen
[1 C:\Users\*\AppData\Local\*.tmp files -> C:\Users\*\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.15 08:09:38 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.15 08:09:38 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.15 08:09:38 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.15 08:09:38 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.15 08:05:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.14 17:22:06 | 000,007,512 | ---- | M] () -- C:\Users\*\AppData\Local\d3d9caps.dat
[2011.11.14 12:01:29 | 000,302,592 | ---- | M] () -- C:\Users\*\Desktop\knnmbkcs.exe
[2011.11.14 11:59:33 | 000,000,000 | ---- | M] () -- C:\Users\*\defogger_reenable
[2011.11.14 11:59:04 | 000,050,477 | ---- | M] () -- C:\Users\*\Desktop\Defogger.exe
[2011.11.14 11:49:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2011.11.14 11:30:40 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2011.11.14 11:30:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.14 11:30:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.14 11:30:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.14 11:28:03 | 000,000,440 | -H-- | M] () -- C:\ProgramData\oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,613 | ---- | M] () -- C:\Users\*\Desktop\System Restore.lnk
[2011.11.14 11:25:11 | 000,000,288 | -H-- | M] () -- C:\ProgramData\~oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~oRf1rBdMoFDJPbr
[2011.11.14 10:47:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.14 10:42:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1121016878-2803726019-2787449478-1000UA.job
[2011.11.10 13:54:23 | 000,040,448 | ---- | M] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.10 08:42:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1121016878-2803726019-2787449478-1000Core.job
[2011.10.27 08:44:28 | 000,004,096 | -H-- | M] () -- C:\Users\Public\Documents\0000055F.LCS
[2011.10.21 17:40:39 | 080,464,399 | ---- | M] () -- C:\Users\*\Documents\gynefix herstellerseite neu 21_10_2011 18_40_31.w2b
[2011.10.20 15:43:17 | 000,023,921 | ---- | M] () -- C:\Users\*\Desktop\google36afa2453f3593ee.html
[2011.10.17 14:03:50 | 000,359,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\*\AppData\Local\*.tmp files -> C:\Users\*\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.14 12:01:29 | 000,302,592 | ---- | C] () -- C:\Users\*\Desktop\knnmbkcs.exe
[2011.11.14 11:59:33 | 000,000,000 | ---- | C] () -- C:\Users\*\defogger_reenable
[2011.11.14 11:59:13 | 000,050,477 | ---- | C] () -- C:\Users\*\Desktop\Defogger.exe
[2011.11.14 11:25:11 | 000,000,613 | ---- | C] () -- C:\Users\*\Desktop\System Restore.lnk
[2011.11.14 11:25:11 | 000,000,288 | -H-- | C] () -- C:\ProgramData\~oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~oRf1rBdMoFDJPbr
[2011.11.14 11:24:57 | 000,000,440 | -H-- | C] () -- C:\ProgramData\oRf1rBdMoFDJPb
[2011.10.21 17:40:38 | 080,464,399 | ---- | C] () -- C:\Users\*\Documents\gynefix herstellerseite neu 21_10_2011 18_40_31.w2b
[2011.10.20 15:43:16 | 000,023,921 | ---- | C] () -- C:\Users\*\Desktop\google36afa2453f3593ee.html
[2011.09.28 12:42:00 | 000,000,000 | ---- | C] () -- C:\Users\*\AppData\Local\{028D49B7-4ABC-43E5-985D-38B5923CD516}
[2011.09.27 07:03:33 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.06.21 06:42:38 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2011.05.20 10:55:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.20 10:55:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.03.10 09:34:24 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.01.20 10:19:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.09 07:50:56 | 000,007,512 | ---- | C] () -- C:\Users\*\AppData\Local\d3d9caps.dat
[2010.04.21 08:34:45 | 000,015,917 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2009.08.28 07:35:23 | 000,000,176 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2009.07.28 19:38:04 | 000,040,448 | ---- | C] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.03 13:28:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.06.09 11:58:22 | 000,016,070 | ---- | C] () -- C:\Windows\German2.ini
[2009.06.09 11:58:21 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2009.06.09 11:58:21 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2009.06.05 15:49:15 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2009.06.05 14:37:12 | 011,206,656 | R--- | C] () -- C:\Windows\System32\zhhp_res.dll
[2009.06.05 14:37:12 | 000,749,568 | R--- | C] () -- C:\Windows\System32\agissi.dll
[2009.06.05 14:37:12 | 000,348,160 | R--- | C] () -- C:\Windows\System32\zshp2600.exe
[2009.06.05 14:37:12 | 000,299,008 | R--- | C] () -- C:\Windows\System32\zhhp2600.exe
[2009.06.05 13:09:03 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.01.06 19:15:52 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.01.06 19:15:52 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.01.06 19:15:52 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.01.06 19:15:52 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.01.06 11:32:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.01.06 11:00:22 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.01.06 11:00:22 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.01.06 11:00:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.01.06 11:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.01.06 11:00:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009.01.06 10:26:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.01.21 03:24:13 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,359,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009.10.15 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DasTelefonbuch GelbeSeiten Map&Route
[2010.06.07 14:28:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FRITZ!
[2011.10.06 11:15:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ProtectDisc
[2010.11.18 11:08:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thunderbird
[2010.02.08 09:34:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software
[2009.10.15 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TVG
[2009.07.11 14:41:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zeiterfassung.6E382B54F302B7E9C6B2FE0F7306F12B647405FB.1
[2011.11.14 11:30:40 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.11.14 11:29:02 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.17 10:32:53 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E06AF3D3-5AFE-464C-84A3-8485B5260C55}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.07.11 09:44:07 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Adobe
[2010.02.10 14:02:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Apple Computer
[2009.06.05 13:26:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ATI
[2011.07.14 08:00:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Avira
[2009.06.17 20:27:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Corel
[2009.10.15 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DasTelefonbuch GelbeSeiten Map&Route
[2011.04.21 08:16:36 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\dvdcss
[2010.06.07 14:28:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FRITZ!
[2009.06.16 10:28:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Google
[2009.06.05 13:26:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Identities
[2009.06.05 13:26:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Macromedia
[2011.05.20 09:16:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Media Center Programs
[2011.01.26 09:56:08 | 000,000,000 | --SD | M] -- C:\Users\*\AppData\Roaming\Microsoft
[2009.06.16 13:38:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Mozilla
[2009.07.07 10:50:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nero
[2011.10.06 11:15:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ProtectDisc
[2011.11.03 15:31:18 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Skype
[2011.11.03 12:38:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\skypePM
[2010.11.18 11:08:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thunderbird
[2010.02.08 09:34:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software
[2009.10.15 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TVG
[2010.05.17 21:17:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\U3
[2011.11.11 12:05:15 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\vlc
[2010.05.17 12:39:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\WinRAR
[2009.07.11 14:41:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zeiterfassung.6E382B54F302B7E9C6B2FE0F7306F12B647405FB.1
 
< %APPDATA%\*.exe /s >
[2009.07.22 16:28:36 | 000,477,976 | ---- | M] (Protect GmbH) -- C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\PDLicenseHelperBroker.exe
[2011.03.24 17:27:39 | 000,059,043 | ---- | M] () -- C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\uninst.exe
[2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Users\*\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 09:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\*\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.12.08 07:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=1A649B87A7B7C1220A2B16B121F2198E -- C:\Windows\System32\drivers\nvstor32.sys
[2007.12.08 07:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=1A649B87A7B7C1220A2B16B121F2198E -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_933da2ea\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---


Alt 15.11.2011, 11:41   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner FakeAlert - Standard

Trojaner FakeAlert



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
[2009.07.03 13:29:44 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009.07.03 13:29:44 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\Shell\AutoRun\command - "" = G:\pushinst.exe
[2011.11.14 11:25:11 | 000,000,288 | -H-- | C] () -- C:\ProgramData\~oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~oRf1rBdMoFDJPbr
[2011.11.14 11:24:57 | 000,000,440 | -H-- | C] () -- C:\ProgramData\oRf1rBdMoFDJPb
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> Trojaner FakeAlert

Alt 15.11.2011, 13:10   #7
Blumenwiese
 
Trojaner FakeAlert - Standard

Trojaner FakeAlert



Hallo cosinus,

nach dem Fix hat sich keine Log-Datei geöffnet und ich hatte nur noch die Möglichkeit für einen Neustart und die OTL.txt auf dem Desktop ist die, die ich vormals gepostet hatte.

Ist die irgendwo archiviert oder können wir auch so weiter machen?

Alt 15.11.2011, 13:31   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner FakeAlert - Standard

Trojaner FakeAlert



Schau in den Ordner C:\_OTL nach
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.11.2011, 13:40   #9
Blumenwiese
 
Trojaner FakeAlert - Standard

Trojaner FakeAlert



Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\skin folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\locale\EN-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\ not found.
File I:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{088d9884-a746-11de-a692-002185c49f05}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{088d9884-a746-11de-a692-002185c49f05}\ not found.
File F:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\ not found.
File I:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80d15e22-71d9-11de-b623-002185c49f05}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80d15e22-71d9-11de-b623-002185c49f05}\ not found.
File G:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97f527cc-ecd4-11df-b06b-002185c49f05}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97f527cc-ecd4-11df-b06b-002185c49f05}\ not found.
File F:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4011230-4d15-11df-ac73-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4011230-4d15-11df-ac73-806e6f6e6963}\ not found.
File G:\pushinst.exe not found.
C:\ProgramData\~oRf1rBdMoFDJPb moved successfully.
C:\ProgramData\~oRf1rBdMoFDJPbr moved successfully.
C:\ProgramData\oRf1rBdMoFDJPb moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 748874162 bytes
->Temporary Internet Files folder emptied: 7211374 bytes
->FireFox cache emptied: 46797725 bytes
->Flash cache emptied: 1855 bytes
 
User: Gast Shop2Date
->Temp folder emptied: 763393363 bytes
->Temporary Internet Files folder emptied: 24412210 bytes
->FireFox cache emptied: 173867923 bytes
->Flash cache emptied: 6761 bytes
 
User: Public
 
User: *
->Temp folder emptied: 4387377 bytes
->Temporary Internet Files folder emptied: 984307209 bytes
->Java cache emptied: 20581789 bytes
->FireFox cache emptied: 231710870 bytes
->Google Chrome cache emptied: 143776119 bytes
->Flash cache emptied: 63624 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6238058 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3.009,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 11152011_115238
         

Alt 15.11.2011, 13:59   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner FakeAlert - Standard

Trojaner FakeAlert



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.11.2011, 14:24   #11
Blumenwiese
 
Trojaner FakeAlert - Standard

Trojaner FakeAlert



Code:
ATTFilter
14:20:55.0081 0692	TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
14:20:55.0223 0692	============================================================
14:20:55.0223 0692	Current date / time: 2011/11/15 14:20:55.0223
14:20:55.0223 0692	SystemInfo:
14:20:55.0223 0692	
14:20:55.0223 0692	OS Version: 6.0.6002 ServicePack: 2.0
14:20:55.0223 0692	Product type: Workstation
14:20:55.0223 0692	ComputerName: *-PC
14:20:55.0224 0692	UserName: *
14:20:55.0224 0692	Windows directory: C:\Windows
14:20:55.0224 0692	System windows directory: C:\Windows
14:20:55.0224 0692	Processor architecture: Intel x86
14:20:55.0224 0692	Number of processors: 4
14:20:55.0224 0692	Page size: 0x1000
14:20:55.0224 0692	Boot type: Safe boot with network
14:20:55.0224 0692	============================================================
14:20:55.0693 0692	Initialize success
14:21:57.0900 1008	============================================================
14:21:57.0900 1008	Scan started
14:21:57.0900 1008	Mode: Manual; SigCheck; TDLFS; 
14:21:57.0900 1008	============================================================
14:21:58.0924 1008	ACEDRV09        (ec818aed40e3359fe49ddb1700151e56) C:\Windows\system32\drivers\ACEDRV09.sys
14:21:59.0101 1008	ACEDRV09 - ok
14:21:59.0229 1008	acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
14:21:59.0242 1008	acedrv11 - ok
14:21:59.0273 1008	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:21:59.0288 1008	ACPI - ok
14:21:59.0361 1008	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:21:59.0379 1008	adp94xx - ok
14:21:59.0405 1008	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:21:59.0420 1008	adpahci - ok
14:21:59.0447 1008	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:21:59.0458 1008	adpu160m - ok
14:21:59.0476 1008	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:21:59.0487 1008	adpu320 - ok
14:21:59.0559 1008	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:21:59.0655 1008	AFD - ok
14:21:59.0697 1008	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:21:59.0707 1008	agp440 - ok
14:21:59.0751 1008	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:21:59.0760 1008	aic78xx - ok
14:21:59.0809 1008	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:21:59.0817 1008	aliide - ok
14:21:59.0875 1008	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:21:59.0884 1008	amdagp - ok
14:21:59.0930 1008	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:21:59.0939 1008	amdide - ok
14:21:59.0978 1008	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:22:00.0123 1008	AmdK7 - ok
14:22:00.0157 1008	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:22:00.0217 1008	AmdK8 - ok
14:22:00.0249 1008	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:22:00.0259 1008	arc - ok
14:22:00.0297 1008	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:22:00.0306 1008	arcsas - ok
14:22:00.0329 1008	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:22:00.0369 1008	AsyncMac - ok
14:22:00.0428 1008	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:22:00.0438 1008	atapi - ok
14:22:00.0545 1008	atikmdag        (7fe1176c2d6031d914ca8e69c0047f18) C:\Windows\system32\DRIVERS\atikmdag.sys
14:22:01.0112 1008	atikmdag - ok
14:22:01.0212 1008	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
14:22:01.0219 1008	avgio - ok
14:22:01.0307 1008	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
14:22:01.0314 1008	avgntflt - ok
14:22:01.0362 1008	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
14:22:01.0371 1008	avipbb - ok
14:22:01.0445 1008	avmeject        (263cf9d248fd5e020a1333ed4f7eaa88) C:\Windows\system32\drivers\avmeject.sys
14:22:01.0467 1008	avmeject ( UnsignedFile.Multi.Generic ) - warning
14:22:01.0467 1008	avmeject - detected UnsignedFile.Multi.Generic (1)
14:22:01.0520 1008	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:22:01.0549 1008	Beep - ok
14:22:01.0681 1008	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:22:01.0716 1008	blbdrive - ok
14:22:01.0799 1008	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:22:01.0851 1008	bowser - ok
14:22:01.0887 1008	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:22:02.0007 1008	BrFiltLo - ok
14:22:02.0068 1008	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:22:02.0101 1008	BrFiltUp - ok
14:22:02.0135 1008	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:22:02.0287 1008	Brserid - ok
14:22:02.0314 1008	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:22:02.0378 1008	BrSerWdm - ok
14:22:02.0491 1008	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:22:02.0580 1008	BrUsbMdm - ok
14:22:02.0606 1008	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:22:02.0681 1008	BrUsbSer - ok
14:22:02.0732 1008	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:22:02.0777 1008	BTHMODEM - ok
14:22:02.0800 1008	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:22:02.0859 1008	cdfs - ok
14:22:02.0876 1008	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:22:02.0894 1008	cdrom - ok
14:22:02.0926 1008	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:22:02.0959 1008	circlass - ok
14:22:02.0981 1008	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:22:02.0995 1008	CLFS - ok
14:22:03.0080 1008	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:22:03.0088 1008	cmdide - ok
14:22:03.0129 1008	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
14:22:03.0139 1008	Compbatt - ok
14:22:03.0161 1008	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:22:03.0171 1008	crcdisk - ok
14:22:03.0188 1008	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:22:03.0249 1008	Crusoe - ok
14:22:03.0413 1008	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:22:03.0446 1008	DfsC - ok
14:22:03.0515 1008	DgiVecp - ok
14:22:03.0549 1008	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:22:03.0561 1008	disk - ok
14:22:03.0691 1008	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:22:03.0771 1008	drmkaud - ok
14:22:03.0855 1008	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:22:03.0945 1008	DXGKrnl - ok
14:22:04.0065 1008	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:22:04.0215 1008	E1G60 - ok
14:22:04.0363 1008	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:22:04.0374 1008	Ecache - ok
14:22:04.0564 1008	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:22:04.0580 1008	elxstor - ok
14:22:04.0737 1008	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:22:04.0807 1008	ErrDev - ok
14:22:05.0018 1008	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:22:05.0310 1008	exfat - ok
14:22:05.0481 1008	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:22:05.0511 1008	fastfat - ok
14:22:05.0677 1008	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:22:05.0714 1008	fdc - ok
14:22:05.0859 1008	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:22:05.0868 1008	FileInfo - ok
14:22:06.0022 1008	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:22:06.0068 1008	Filetrace - ok
14:22:06.0242 1008	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:22:06.0312 1008	flpydisk - ok
14:22:06.0487 1008	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:22:06.0500 1008	FltMgr - ok
14:22:06.0649 1008	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:22:06.0671 1008	Fs_Rec - ok
14:22:06.0808 1008	FWLANUSB        (ff12fa487265da2ac7de4be53f72ff1a) C:\Windows\system32\DRIVERS\fwlanusb.sys
14:22:06.0846 1008	FWLANUSB - ok
14:22:07.0048 1008	fwlanusbn       (1020078208b455e8134b584e845c6abf) C:\Windows\system32\DRIVERS\fwlanusbn.sys
14:22:07.0137 1008	fwlanusbn - ok
14:22:07.0217 1008	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:22:07.0226 1008	gagp30kx - ok
14:22:07.0342 1008	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:22:07.0347 1008	GEARAspiWDM - ok
14:22:07.0542 1008	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
14:22:07.0645 1008	HdAudAddService - ok
14:22:07.0818 1008	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:22:07.0882 1008	HDAudBus - ok
14:22:07.0976 1008	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:22:08.0016 1008	HidBth - ok
14:22:08.0146 1008	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:22:08.0255 1008	HidIr - ok
14:22:08.0407 1008	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:22:08.0455 1008	HidUsb - ok
14:22:08.0561 1008	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:22:08.0570 1008	HpCISSs - ok
14:22:08.0703 1008	hrfsmrx         (65b0826d92806c8a14caa8a2833349be) C:\Windows\System32\Drivers\hrfsmrx.sys
14:22:08.0713 1008	hrfsmrx - ok
14:22:08.0754 1008	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:22:08.0791 1008	HTTP - ok
14:22:08.0884 1008	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:22:08.0893 1008	i2omp - ok
14:22:08.0930 1008	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:22:08.0948 1008	i8042prt - ok
14:22:08.0970 1008	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:22:08.0982 1008	iaStorV - ok
14:22:09.0023 1008	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:22:09.0033 1008	iirsp - ok
14:22:09.0159 1008	IntcAzAudAddService (2e06052066ce4489cdfbfb8329ea52b1) C:\Windows\system32\drivers\RTKVHDA.sys
14:22:09.0319 1008	IntcAzAudAddService - ok
14:22:09.0454 1008	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:22:09.0462 1008	intelide - ok
14:22:09.0522 1008	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:22:09.0561 1008	intelppm - ok
14:22:09.0642 1008	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:22:09.0705 1008	IpFilterDriver - ok
14:22:09.0803 1008	IpInIp - ok
14:22:09.0839 1008	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:22:09.0862 1008	IPMIDRV - ok
14:22:09.0915 1008	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:22:09.0939 1008	IPNAT - ok
14:22:09.0984 1008	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:22:10.0021 1008	IRENUM - ok
14:22:10.0072 1008	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:22:10.0080 1008	isapnp - ok
14:22:10.0167 1008	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:22:10.0179 1008	iScsiPrt - ok
14:22:10.0281 1008	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:22:10.0290 1008	iteatapi - ok
14:22:10.0363 1008	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:22:10.0371 1008	iteraid - ok
14:22:10.0509 1008	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:22:10.0517 1008	kbdclass - ok
14:22:10.0636 1008	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
14:22:10.0699 1008	kbdhid - ok
14:22:10.0846 1008	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
14:22:10.0865 1008	KSecDD - ok
14:22:11.0087 1008	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:22:11.0187 1008	lltdio - ok
14:22:11.0347 1008	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:22:11.0357 1008	LSI_FC - ok
14:22:11.0418 1008	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:22:11.0427 1008	LSI_SAS - ok
14:22:11.0478 1008	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:22:11.0488 1008	LSI_SCSI - ok
14:22:11.0554 1008	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:22:11.0655 1008	luafv - ok
14:22:11.0783 1008	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:22:11.0792 1008	megasas - ok
14:22:11.0942 1008	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:22:11.0977 1008	MegaSR - ok
14:22:12.0115 1008	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:22:12.0157 1008	Modem - ok
14:22:12.0307 1008	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:22:12.0350 1008	monitor - ok
14:22:12.0473 1008	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:22:12.0482 1008	mouclass - ok
14:22:12.0597 1008	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:22:12.0629 1008	mouhid - ok
14:22:12.0727 1008	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:22:12.0737 1008	MountMgr - ok
14:22:12.0839 1008	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:22:12.0849 1008	mpio - ok
14:22:13.0004 1008	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:22:13.0082 1008	mpsdrv - ok
14:22:13.0193 1008	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:22:13.0202 1008	Mraid35x - ok
14:22:13.0246 1008	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:22:13.0321 1008	MRxDAV - ok
14:22:13.0436 1008	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:22:13.0459 1008	mrxsmb - ok
14:22:13.0584 1008	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:22:13.0612 1008	mrxsmb10 - ok
14:22:13.0732 1008	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:22:13.0744 1008	mrxsmb20 - ok
14:22:13.0898 1008	msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
14:22:13.0907 1008	msahci - ok
14:22:14.0070 1008	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:22:14.0079 1008	msdsm - ok
14:22:14.0224 1008	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:22:14.0274 1008	Msfs - ok
14:22:14.0403 1008	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:22:14.0411 1008	msisadrv - ok
14:22:14.0534 1008	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:22:14.0602 1008	MSKSSRV - ok
14:22:14.0841 1008	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:22:14.0864 1008	MSPCLOCK - ok
14:22:14.0953 1008	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:22:14.0986 1008	MSPQM - ok
14:22:15.0076 1008	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:22:15.0089 1008	MsRPC - ok
14:22:15.0205 1008	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:22:15.0213 1008	mssmbios - ok
14:22:15.0307 1008	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:22:15.0344 1008	MSTEE - ok
14:22:15.0502 1008	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:22:15.0511 1008	Mup - ok
14:22:15.0690 1008	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:22:15.0881 1008	NativeWifiP - ok
14:22:16.0003 1008	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:22:16.0025 1008	NDIS - ok
14:22:16.0108 1008	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:22:16.0144 1008	NdisTapi - ok
14:22:16.0168 1008	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:22:16.0194 1008	Ndisuio - ok
14:22:16.0226 1008	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:22:16.0253 1008	NdisWan - ok
14:22:16.0355 1008	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:22:16.0388 1008	NDProxy - ok
14:22:16.0401 1008	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:22:16.0425 1008	NetBIOS - ok
14:22:16.0459 1008	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:22:16.0492 1008	netbt - ok
14:22:16.0532 1008	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:22:16.0540 1008	nfrd960 - ok
14:22:16.0592 1008	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:22:16.0611 1008	Npfs - ok
14:22:16.0629 1008	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:22:16.0665 1008	nsiproxy - ok
14:22:16.0737 1008	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:22:16.0885 1008	Ntfs - ok
14:22:16.0954 1008	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:22:17.0009 1008	ntrigdigi - ok
14:22:17.0031 1008	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:22:17.0062 1008	Null - ok
14:22:17.0105 1008	NVENETFD        (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:22:17.0152 1008	NVENETFD - ok
14:22:17.0207 1008	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:22:17.0219 1008	nvraid - ok
14:22:17.0257 1008	nvsmu           (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\DRIVERS\nvsmu.sys
14:22:17.0310 1008	nvsmu - ok
14:22:17.0328 1008	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:22:17.0336 1008	nvstor - ok
14:22:17.0384 1008	nvstor32        (1a649b87a7b7c1220a2b16b121f2198e) C:\Windows\system32\DRIVERS\nvstor32.sys
14:22:17.0392 1008	nvstor32 - ok
14:22:17.0440 1008	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:22:17.0451 1008	nv_agp - ok
14:22:17.0459 1008	NwlnkFlt - ok
14:22:17.0485 1008	NwlnkFwd - ok
14:22:17.0530 1008	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:22:17.0561 1008	ohci1394 - ok
14:22:17.0601 1008	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:22:17.0654 1008	Parport - ok
14:22:17.0710 1008	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:22:17.0720 1008	partmgr - ok
14:22:17.0765 1008	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:22:17.0806 1008	Parvdm - ok
14:22:17.0889 1008	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:22:17.0900 1008	pci - ok
14:22:17.0923 1008	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:22:17.0932 1008	pciide - ok
14:22:17.0993 1008	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:22:18.0004 1008	pcmcia - ok
14:22:18.0058 1008	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:22:18.0224 1008	PEAUTH - ok
14:22:18.0283 1008	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:22:18.0317 1008	PptpMiniport - ok
14:22:18.0391 1008	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:22:18.0413 1008	Processor - ok
14:22:18.0510 1008	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:22:18.0534 1008	PSched - ok
14:22:18.0612 1008	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:22:18.0949 1008	ql2300 - ok
14:22:19.0183 1008	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:22:19.0194 1008	ql40xx - ok
14:22:19.0618 1008	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:22:19.0702 1008	QWAVEdrv - ok
14:22:19.0910 1008	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:22:20.0109 1008	RasAcd - ok
14:22:20.0285 1008	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:22:20.0323 1008	Rasl2tp - ok
14:22:20.0425 1008	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:22:20.0457 1008	RasPppoe - ok
14:22:20.0694 1008	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:22:20.0705 1008	RasSstp - ok
14:22:21.0056 1008	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:22:21.0078 1008	rdbss - ok
14:22:21.0487 1008	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:22:21.0529 1008	RDPCDD - ok
14:22:21.0587 1008	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:22:21.0615 1008	rdpdr - ok
14:22:21.0687 1008	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:22:21.0717 1008	RDPENCDD - ok
14:22:21.0768 1008	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
14:22:21.0791 1008	RDPWD - ok
14:22:21.0868 1008	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:22:21.0890 1008	rspndr - ok
14:22:21.0947 1008	RTL8192su       (9b666e157b7221d64074d5726a4edf4f) C:\Windows\system32\DRIVERS\RTL8192su.sys
14:22:21.0984 1008	RTL8192su - ok
14:22:22.0023 1008	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:22:22.0032 1008	sbp2port - ok
14:22:22.0088 1008	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:22:22.0141 1008	secdrv - ok
14:22:22.0256 1008	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
14:22:22.0299 1008	Serenum - ok
14:22:22.0365 1008	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
14:22:22.0393 1008	Serial - ok
14:22:22.0462 1008	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:22:22.0536 1008	sermouse - ok
14:22:22.0693 1008	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:22:22.0711 1008	sffdisk - ok
14:22:22.0797 1008	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:22:22.0841 1008	sffp_mmc - ok
14:22:22.0973 1008	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:22:22.0995 1008	sffp_sd - ok
14:22:23.0130 1008	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:22:23.0185 1008	sfloppy - ok
14:22:23.0336 1008	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:22:23.0345 1008	sisagp - ok
14:22:23.0540 1008	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:22:23.0549 1008	SiSRaid2 - ok
14:22:23.0738 1008	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:22:23.0747 1008	SiSRaid4 - ok
14:22:23.0874 1008	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:22:23.0904 1008	Smb - ok
14:22:24.0092 1008	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:22:24.0100 1008	spldr - ok
14:22:24.0395 1008	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:22:24.0458 1008	srv - ok
14:22:24.0730 1008	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:22:24.0758 1008	srv2 - ok
14:22:24.0961 1008	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:22:24.0973 1008	srvnet - ok
14:22:25.0101 1008	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
14:22:25.0106 1008	ssmdrv - ok
14:22:25.0343 1008	SSPORT          (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
14:22:25.0405 1008	SSPORT ( UnsignedFile.Multi.Generic ) - warning
14:22:25.0405 1008	SSPORT - detected UnsignedFile.Multi.Generic (1)
14:22:25.0547 1008	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:22:25.0554 1008	swenum - ok
14:22:25.0658 1008	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:22:25.0667 1008	Symc8xx - ok
14:22:25.0796 1008	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:22:25.0804 1008	Sym_hi - ok
14:22:25.0966 1008	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:22:25.0974 1008	Sym_u3 - ok
14:22:26.0084 1008	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
14:22:26.0192 1008	Tcpip - ok
14:22:26.0305 1008	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
14:22:26.0392 1008	Tcpip6 - ok
14:22:26.0613 1008	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:22:26.0640 1008	tcpipreg - ok
14:22:26.0846 1008	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:22:26.0870 1008	TDPIPE - ok
14:22:26.0969 1008	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:22:26.0994 1008	TDTCP - ok
14:22:27.0135 1008	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:22:27.0162 1008	tdx - ok
14:22:27.0226 1008	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:22:27.0235 1008	TermDD - ok
14:22:27.0348 1008	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:22:27.0387 1008	tssecsrv - ok
14:22:27.0589 1008	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:22:27.0766 1008	tunmp - ok
14:22:27.0895 1008	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:22:27.0919 1008	tunnel - ok
14:22:28.0004 1008	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:22:28.0013 1008	uagp35 - ok
14:22:28.0098 1008	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:22:28.0118 1008	udfs - ok
14:22:28.0245 1008	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:22:28.0253 1008	uliagpkx - ok
14:22:28.0336 1008	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:22:28.0349 1008	uliahci - ok
14:22:28.0496 1008	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:22:28.0506 1008	UlSata - ok
14:22:28.0598 1008	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:22:28.0609 1008	ulsata2 - ok
14:22:28.0727 1008	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:22:28.0762 1008	umbus - ok
14:22:29.0232 1008	usbccgp         (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
14:22:29.0292 1008	usbccgp - ok
14:22:29.0593 1008	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:22:29.0657 1008	usbcir - ok
14:22:29.0978 1008	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:22:30.0033 1008	usbehci - ok
14:22:30.0194 1008	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:22:30.0270 1008	usbhub - ok
14:22:30.0561 1008	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
14:22:30.0591 1008	usbohci - ok
14:22:30.0821 1008	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:22:30.0970 1008	usbprint - ok
14:22:31.0252 1008	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:22:31.0324 1008	USBSTOR - ok
14:22:31.0477 1008	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:22:31.0522 1008	usbuhci - ok
14:22:31.0732 1008	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:22:31.0767 1008	vga - ok
14:22:31.0921 1008	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:22:31.0950 1008	VgaSave - ok
14:22:32.0129 1008	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:22:32.0139 1008	viaagp - ok
14:22:32.0331 1008	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:22:32.0382 1008	ViaC7 - ok
14:22:32.0518 1008	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:22:32.0528 1008	viaide - ok
14:22:32.0791 1008	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:22:32.0987 1008	volmgr - ok
14:22:33.0146 1008	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:22:33.0378 1008	volmgrx - ok
14:22:33.0514 1008	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:22:33.0529 1008	volsnap - ok
14:22:34.0067 1008	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:22:34.0078 1008	vsmraid - ok
14:22:34.0162 1008	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:22:34.0232 1008	WacomPen - ok
14:22:34.0379 1008	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:22:34.0432 1008	Wanarp - ok
14:22:34.0501 1008	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:22:34.0519 1008	Wanarpv6 - ok
14:22:34.0803 1008	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:22:34.0812 1008	Wd - ok
14:22:35.0073 1008	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:22:35.0197 1008	Wdf01000 - ok
14:22:35.0475 1008	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:22:35.0491 1008	WmiAcpi - ok
14:22:35.0792 1008	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:22:35.0820 1008	ws2ifsl - ok
14:22:36.0016 1008	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:22:36.0060 1008	WUDFRd - ok
14:22:36.0142 1008	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:22:36.0480 1008	\Device\Harddisk0\DR0 - ok
14:22:36.0496 1008	Boot (0x1200)   (377c0b20a792b3fd5328271b55efc9ab) \Device\Harddisk0\DR0\Partition0
14:22:36.0497 1008	\Device\Harddisk0\DR0\Partition0 - ok
14:22:36.0522 1008	Boot (0x1200)   (4433ca861d078d3a093871e153cb19e2) \Device\Harddisk0\DR0\Partition1
14:22:36.0522 1008	\Device\Harddisk0\DR0\Partition1 - ok
14:22:36.0523 1008	============================================================
14:22:36.0523 1008	Scan finished
14:22:36.0523 1008	============================================================
14:22:36.0547 1556	Detected object count: 2
14:22:36.0547 1556	Actual detected object count: 2
14:22:49.0207 1556	avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:49.0207 1556	avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:22:49.0208 1556	SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:49.0208 1556	SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 15.11.2011, 14:40   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner FakeAlert - Standard

Trojaner FakeAlert



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.11.2011, 15:03   #13
Blumenwiese
 
Trojaner FakeAlert - Standard

Trojaner FakeAlert



[code]

anCombofix Logfile:
Code:
ATTFilter
ComboFix 11-11-15.01 - * 15.11.2011  14:57:02.1.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.2309 [GMT 1:00]
ausgeführt von:: c:\users\*\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20111114112950.125597
c:\users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-15 bis 2011-11-15  ))))))))))))))))))))))))))))))
.
.
2011-11-15 14:00 . 2011-11-15 14:00	--------	d-----w-	c:\users\*\AppData\Local\temp
2011-11-15 11:00 . 2011-11-15 11:00	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8B898B3-213A-4605-8EC4-4C6E523A6F8F}\offreg.dll
2011-11-15 10:52 . 2011-11-15 10:52	--------	d-----w-	C:\_OTL
2011-11-14 16:22 . 2011-11-14 16:22	--------	d-----w-	c:\windows\Sun
2011-11-14 14:28 . 2011-11-14 14:28	--------	d-----w-	c:\program files\ESET
2011-11-11 07:58 . 2011-10-07 03:48	6668624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8B898B3-213A-4605-8EC4-4C6E523A6F8F}\mpengine.dll
2011-11-09 08:06 . 2011-10-17 11:41	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 08:06 . 2011-09-20 21:02	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 08:06 . 2011-09-30 15:57	707584	----a-w-	c:\program files\Common Files\System\wab32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-28 11:42 . 2011-09-28 11:42	0	----a-w-	c:\users\*\AppData\Local\BITE860.tmp
2011-09-27 05:56 . 2011-05-17 13:06	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 13:30 . 2011-10-14 07:04	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-09-05 06:37 . 2011-09-05 06:37	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-09-05 06:37 . 2011-09-05 06:37	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-09-05 06:37 . 2011-09-05 06:37	161792	----a-w-	c:\windows\system32\msls31.dll
2011-09-05 06:37 . 2011-09-05 06:37	86528	----a-w-	c:\windows\system32\iesysprep.dll
2011-09-05 06:37 . 2011-09-05 06:37	63488	----a-w-	c:\windows\system32\tdc.ocx
2011-09-05 06:37 . 2011-09-05 06:37	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-09-05 06:37 . 2011-09-05 06:37	367104	----a-w-	c:\windows\system32\html.iec
2011-09-05 06:37 . 2011-09-05 06:37	74752	----a-w-	c:\windows\system32\iesetup.dll
2011-09-05 06:37 . 2011-09-05 06:37	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-09-05 06:37 . 2011-09-05 06:37	23552	----a-w-	c:\windows\system32\licmgr10.dll
2011-09-05 06:37 . 2011-09-05 06:37	152064	----a-w-	c:\windows\system32\wextract.exe
2011-09-05 06:37 . 2011-09-05 06:37	150528	----a-w-	c:\windows\system32\iexpress.exe
2011-09-05 06:37 . 2011-09-05 06:37	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2011-09-05 06:37 . 2011-09-05 06:37	35840	----a-w-	c:\windows\system32\imgutil.dll
2011-09-05 06:37 . 2011-09-05 06:37	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2011-09-05 06:37 . 2011-09-05 06:37	11776	----a-w-	c:\windows\system32\mshta.exe
2011-09-05 06:37 . 2011-09-05 06:37	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-09-05 06:37 . 2011-09-05 06:37	101888	----a-w-	c:\windows\system32\admparse.dll
2011-08-31 15:00 . 2011-05-20 08:16	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15 . 2011-10-14 07:03	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-14 07:03	563712	----a-w-	c:\windows\system32\oleaut32.dll
2011-08-25 16:14 . 2011-10-14 07:03	238080	----a-w-	c:\windows\system32\oleacc.dll
2011-08-25 13:31 . 2011-10-14 07:03	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2011-10-06 10:35 . 2011-05-23 07:07	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoReadonly]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2C}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2C}]
2011-08-01 17:19	1104656	----a-w-	c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSynced]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]
2011-08-01 17:19	1104656	----a-w-	c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSyncing]
@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]
2011-08-01 17:19	1104656	----a-w-	c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoUnavailable]
@="{06F5F772-99DF-4191-9AED-3037B0DF154B}"
[HKEY_CLASSES_ROOT\CLSID\{06F5F772-99DF-4191-9AED-3037B0DF154B}]
2011-08-01 17:19	1104656	----a-w-	c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-05 39408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 6281760]
"Skytel"="Skytel.exe" [2008-09-09 1833504]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-10-14 20480]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 11\Register\registration.exe" [2005-02-17 315392]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-06-12 998400]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2010-06-07 618496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\users\*\Desktop\OTL.exe" [2011-11-14 584192]
.
c:\users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
OneNote Inhaltsverzeichnis.onetoc2 [2010-1-7 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Trend Micro SafeSync.lnk - c:\program files\Trend Micro SafeSync\HrfsClient.exe [2011-9-4 2210576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"Google Update"="c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-06-09 110304]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [2009-10-13 187456]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R2 Realtek11nSU;Realtek11nSU;c:\program files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2009-07-10 36864]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-09-10 5120]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2008-09-05 4352]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2008-09-05 265088]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2008-09-05 419328]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 hrfsmrx;hrfsmrx;c:\windows\System32\Drivers\hrfsmrx.sys [2011-08-01 143120]
R3 OnlineStorageService;OnlineStorageService;c:\program files\Trend Micro SafeSync\hrfscore.exe [2011-08-01 3730192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2011-03-10 526848]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 10621496
*Deregistered* - 10621496
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-14 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 12:00]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 09:57]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 09:57]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121016878-2803726019-2787449478-1000Core.job
- c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-26 07:17]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121016878-2803726019-2787449478-1000UA.job
- c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-26 07:17]
.
2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{E06AF3D3-5AFE-464C-84A3-8485B5260C55}.job
- c:\windows\system32\msfeedssync.exe [2011-09-05 06:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = fritz.box;192.168.178.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.2.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/operator/69189345/objects/jordan.cab
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\v1uhkq63.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
AddRemove-web2date - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-11-15 15:00
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1816)
c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
Zeit der Fertigstellung: 2011-11-15  15:01:31
ComboFix-quarantined-files.txt  2011-11-15 14:01
.
Vor Suchlauf: 9 Verzeichnis(se), 438.373.535.744 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 437.246.844.928 Bytes frei
.
- - End Of File - - D26410FD281C8B168AB013981498C966
         
--- --- ---

Alt 15.11.2011, 15:38   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner FakeAlert - Standard

Trojaner FakeAlert



Zitat:
Boot type: Safe boot with network
Warum machst du eigentlich ALLES im angesicherten Modus mit Netzwerktreibern?
Soweit nicht anders erwähnt, solltest du möglichst alles im normalen Modus machen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.11.2011, 08:33   #15
Blumenwiese
 
Trojaner FakeAlert - Standard

Trojaner FakeAlert



Naja,

im normalen Modus haute mir der Trojaner das System zusammen bis zu einem Bluescreen. Ich konnte ja nicht mal Malwarebytes ausführen zu Anfang. Daher schien mir das als sichere Variante, um zu scannen und zu posten.

Was soll ich nun machen? Wie gehts weiter? Bin nun im normalen Modus.

Antwort

Themen zu Trojaner FakeAlert
antiviren-programm, autorun, avira, becker, bonjour, error, excel, exploit.drop.2, festplatte, firefox, flash player, format, google, google chrome, home, install.exe, intranet, ip-adresse, log-datei, logfile, microsoft office word, mozilla, mozilla thunderbird, pdfforge toolbar, realtek, recuva, registry, rogue.fakealert, rundll, scan, sched.exe, security, server, shell32.dll, software, svchost.exe, tcp, trojan.inject, trojaner, usb, version=1.0, vista



Ähnliche Themen: Trojaner FakeAlert


  1. Trojaner FakeAlert-WinWebSec!env.h in e-mail versteckt
    Plagegeister aller Art und deren Bekämpfung - 17.11.2012 (17)
  2. Trojaner ZeroAccess + FakeAlert
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (28)
  3. Trojaner (?) HTM/FakeAlert
    Plagegeister aller Art und deren Bekämpfung - 22.04.2012 (31)
  4. Bundespolizei Trojaner. HTML/FakeAlert.AP
    Plagegeister aller Art und deren Bekämpfung - 18.04.2012 (32)
  5. BKA/UCash-100EUR-Trojaner (htlm/fakealert AP)
    Log-Analyse und Auswertung - 06.04.2012 (13)
  6. Trojaner fakealert - Hauptbenutzerkonto weg
    Plagegeister aller Art und deren Bekämpfung - 08.09.2011 (3)
  7. FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
    Plagegeister aller Art und deren Bekämpfung - 02.09.2011 (45)
  8. rootkit Trojaner FakeAlert!grb auf Windows XP Notebook
    Log-Analyse und Auswertung - 18.07.2011 (24)
  9. FakeAlert!fakealert-REP virus
    Plagegeister aller Art und deren Bekämpfung - 06.06.2011 (22)
  10. Trojaner trojan.fakeAlert blendet Desktop und Dateien aus
    Log-Analyse und Auswertung - 08.05.2011 (17)
  11. Trojaner.FakeAlert wurde angeblich schon gelöscht
    Plagegeister aller Art und deren Bekämpfung - 21.02.2011 (9)
  12. Problem mit fwq.exe/FakeAlert Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.06.2010 (24)
  13. wie werde ich ihn los und was will er von mir: Trojaner TR/Fakealert.198144
    Plagegeister aller Art und deren Bekämpfung - 21.05.2010 (8)
  14. Trojaner: SHeur3.WGQ, Trojaner: Cryptic.NN, ,FakeAlert
    Plagegeister aller Art und deren Bekämpfung - 16.05.2010 (5)
  15. Trojaner TR/fakealert.144384
    Plagegeister aller Art und deren Bekämpfung - 15.08.2009 (3)
  16. Trojaner.Fakealert - Legt meinen PC lahm
    Plagegeister aller Art und deren Bekämpfung - 19.02.2009 (20)
  17. Trojaner TR/Crypt.XPACK.Gen und FakeAlert
    Mülltonne - 30.07.2008 (0)

Zum Thema Trojaner FakeAlert - Hallo, heute hat sich ein "Antiviren-Programm" bei mir gemütlich gemacht. Bin derzeit im abgesicherten Modus und habe Malwarebytes drüber scannen lassen. Hier die Log-Datei: Code: Alles auswählen Aufklappen ATTFilter Malwarebytes' - Trojaner FakeAlert...
Archiv
Du betrachtest: Trojaner FakeAlert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.