| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
31.12.2011, 00:53
| #1 |
 |  Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix! Ich hab wohl leider auch den Virus bei dem der Bildschirm schwarz-durchsichtig wird und in der Mitte die der Schriftzug (s. Titel) kommt. Unten ist dann ein Button und man kann sich "freikaufen". LEIDER hat ein Freund von mir gerade schon Combofix aufgeführt NACHDEM ich hier gelesen hatte, das man es nie tun soll ohne vorher einen Fachmann zu fragen. Er kennt sich zwar auch ein bisschen aus, habe jetzt aber trotzdem Angst. Nun hoffe ich, ich habe meinen PC nicht völlig zerstört. Anbei die Combofix.txt und OTLs nach der Combofix Ausführung DANKE im Voraus!! Geändert von Kampffische2 (31.12.2011 um 01:44 Uhr) |
|
02.01.2012, 14:44
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix! Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
02.01.2012, 23:40
| #3 |
| | Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix! Hey,
__________________vielen Dank für die ausführliche Antwort. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.02.04 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Schaka :: SCHAKA-PC [Administrator] Schutz: Aktiviert 02.01.2012 20:29:04 mbam-log-2012-01-02 (20-29-04).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 318809 Laufzeit: 1 Stunde(n), 6 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bbfd7d58a35769479cc052ebf4b26a20
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-02 10:36:24
# local_time=2012-01-02 11:36:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1538 16774142 20 3 13236915 154091221 0 0
# compatibility_mode=5893 16776573 100 94 3773 77169322 0 0
# compatibility_mode=8192 67108863 100 0 4544 4544 0 0
# scanned=163874
# found=3
# cleaned=0
# scan_time=5673
C:\Qoobox\Quarantine\C\Users\Schaka\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe.vir a variant of Win32/Kryptik.YHX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Schaka\Downloads\RegistryReviverSetup.exe a variant of Win32/RegistryReviver application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Schaka\Downloads\SoftonicDownloader_fuer_adobe-flash-player.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
|
|
03.01.2012, 18:18
| #4 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix!Zitat:
CF ist ein sehr mächtiges Tool, das niemals ohne Anweisung ausgeführt werden sollte! hast du das Log davon noch? Zitat:
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. Zitat:
a) Registry: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen. Zerstörst Du die Registry, zerstörst Du Windows. b) Softonic: Lass die Finger von dieser Seite. Da ist immer irgendein Müll wie Toolbars oder der sinnlose Softonic Downloader drin. Warum lädst du die Software nicht von der Seite des Herstellers oder notfalls bei chip.de?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.01.2012, 22:30
| #5 |
| | Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix! Combofix: Code:
ATTFilter ComboFix 11-12-30.02 - Schaka 31.12.2011 0:29.1.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.2038.1390 [GMT 1:00]
ausgeführt von:: c:\users\Schaka\Downloads\ComboFix.exe
AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Schaka\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-28 bis 2011-12-30 ))))))))))))))))))))))))))))))
.
.
2011-12-30 23:40 . 2011-12-30 23:41 -------- d-----w- c:\users\Schaka\AppData\Local\temp
2011-12-30 23:40 . 2011-12-30 23:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-30 23:16 . 2011-12-30 23:16 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F4D4E4A-A663-4060-8BCC-318B5EE9BC14}\offreg.dll
2011-12-30 22:56 . 2011-12-30 22:56 -------- d-----w- c:\program files\Common Files\Java
2011-12-30 20:56 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F4D4E4A-A663-4060-8BCC-318B5EE9BC14}\mpengine.dll
2011-12-14 14:35 . 2011-11-24 04:23 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 14:35 . 2011-11-05 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 14:35 . 2011-10-15 05:48 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 14:35 . 2011-10-26 04:25 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 14:35 . 2011-10-26 04:42 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 14:35 . 2011-10-26 04:42 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 10:27 . 2011-05-17 12:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 04:54 . 2010-10-21 21:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-09 19:03 . 2011-04-30 14:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"Malwarebytes' Anti-Malware (reboot)"="d:\malwarebytes' anti-malware\mbam.exe" [2010-12-20 963976]
"TrojanScanner"="d:\trojan remover\Trjscan.exe" [2010-07-05 1167296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2011-1-12 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2011-04-28 126024]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 136176]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2011-08-01 143624]
R2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2011-04-28 99400]
R2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2011-04-28 111176]
R2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2011-04-28 112712]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 136176]
R3 SCR33x USB Smart Card Reader;SCR33x USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR33X2K.sys [2005-08-25 45568]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2010-01-06 57856]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 STC2DFU;STCII DFU Adapter;c:\windows\system32\DRIVERS\Stc2Dfu.SYS [2004-10-24 7796]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-27 1343400]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 09:12]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 09:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
HKCU-Run-iexploer.exe - c:\users\Schaka\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-31 00:43:26
ComboFix-quarantined-files.txt 2011-12-30 23:43
.
Vor Suchlauf: 8 Verzeichnis(se), 19.158.126.592 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 19.053.461.504 Bytes frei
.
- - End Of File - - B7E5F88445760E3567EE2D6A33A8E2CA
Es gibt noch wesentlich ältere logs von malewarbytes, sollten die auch relevant sein kann ich sie gern noch posten. Das hier ist jetzt der erste, den ich bzgl. des genannten Problems gemacht habe. Danach kam nur noch der von oben. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6412
Windows 6.1.7600
Internet Explorer 9.0.8112.16421
31.12.2011 16:42:34
mbam-log-2011-12-31 (16-42-33).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 300077
Laufzeit: 58 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
04.01.2012, 17:41
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix! Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix! |
|
04.01.2012, 21:03
| #7 |
| | Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix!Code:
ATTFilter OTL logfile created on: 04.01.2012 18:10:26 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Schaka\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,93% Memory free 3,98 Gb Paging File | 3,00 Gb Available in Paging File | 75,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 18,97 Gb Free Space | 27,19% Space Free | Partition Type: NTFS Drive D: | 66,27 Gb Total Space | 58,38 Gb Free Space | 88,08% Space Free | Partition Type: NTFS Computer Name: SCHAKA-PC | User Name: Schaka | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.31 01:36:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Schaka\Downloads\OTL.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.10.17 16:03:07 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.79\GoogleCrashHandler.exe PRC - [2011.04.28 13:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSUNMain.exe PRC - [2011.04.28 12:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.11.17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2008.07.29 18:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Modules (No Company Name) ========== MOD - [2008.07.29 18:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Win32 Services (SafeList) ========== SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.04.28 12:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain) SRV - [2010.12.21 06:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.07.28 00:53:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009.11.17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.08.01 12:23:23 | 000,143,624 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt) DRV - [2011.04.28 12:57:47 | 000,112,712 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt) DRV - [2011.04.28 12:57:21 | 000,111,176 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc) DRV - [2011.04.28 12:57:20 | 000,126,024 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC) DRV - [2011.04.28 12:57:20 | 000,099,400 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile) DRV - [2010.01.06 23:19:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K) DRV - [2009.11.17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.05.02 10:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2008.05.02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008.05.02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.05.02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2007.08.13 14:54:22 | 001,749,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005.12.22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005.11.16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005.08.25 16:00:00 | 000,045,568 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR33X2K.sys -- (SCR33x USB Smart Card Reader) DRV - [2004.10.25 00:04:00 | 000,007,796 | R--- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Stc2Dfu.sys -- (STC2DFU) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.09.23 10:13:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 20:03:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 15:20:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.18 15:41:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.06.30 15:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schaka\AppData\Roaming\mozilla\Extensions [2010.06.30 15:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schaka\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.01.03 22:26:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schaka\AppData\Roaming\mozilla\Firefox\Profiles\hwy17gvr.default\extensions [2012.01.02 21:44:42 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Schaka\AppData\Roaming\mozilla\Firefox\Profiles\hwy17gvr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.03.25 14:44:48 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Schaka\AppData\Roaming\mozilla\Firefox\Profiles\hwy17gvr.default\extensions\personas@christopher.beard [2011.12.29 16:40:38 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-1.xml [2010.07.22 12:00:06 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-2.xml [2010.07.25 10:42:16 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-3.xml [2010.09.20 22:32:39 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-4.xml [2010.10.21 07:38:00 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-5.xml [2010.10.31 11:51:28 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-6.xml [2010.12.12 16:46:57 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-7.xml [2011.01.12 15:55:20 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-8.xml [2010.07.14 18:13:21 | 000,001,069 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin.xml [2011.12.30 23:56:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.12.30 23:56:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} () (No name found) -- C:\USERS\SCHAKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HWY17GVR.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI [2011.11.09 20:03:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.10 17:34:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.10 17:34:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.10 17:34:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.10 17:34:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.10 17:34:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.10 17:34:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: ICQ Search (Enabled) CHR - default_search_provider: search_url = hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome CHR - default_search_provider: suggest_url = CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Schaka\AppData\Local\Google\Chrome\Application\8.0.552.224\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Schaka\AppData\Local\Google\Chrome\Application\8.0.552.224\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Schaka\AppData\Local\Google\Chrome\Application\8.0.552.224\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2011.12.31 00:41:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] D:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix) O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{836B0485-EC4E-48BB-BDF3-AEBF454356E9}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation) O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: aux - wdmaud.drv (Microsoft Corporation) Drivers32: midi - wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - midimap.dll (Microsoft Corporation) Drivers32: mixer - wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation) Drivers32: msacm.sl_anet - sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation) Drivers32: vidc.cvid - iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation) Drivers32: VIDC.MP42 - mpg4c32.dll (Microsoft Corporation) Drivers32: VIDC.MPG4 - mpg4c32.dll (Microsoft Corporation) Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation) Drivers32: wave - wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.02 21:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.01.02 21:46:07 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Schaka\Desktop\esetsmartinstaller_enu.exe [2012.01.02 20:25:04 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Schaka\Desktop\mbam-setup-1.60.0.1800.exe [2012.01.01 01:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012.01.01 01:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2012.01.01 01:44:27 | 000,000,000 | ---D | C] -- C:\Users\Schaka\AppData\Roaming\Simply Super Software [2012.01.01 01:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2011.12.31 00:43:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.12.31 00:43:28 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.12.31 00:43:28 | 000,000,000 | ---D | C] -- C:\Users\Schaka\AppData\Local\temp [2011.12.31 00:27:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.12.31 00:27:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.12.31 00:27:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.12.31 00:27:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.12.31 00:22:10 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.12.30 23:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010.03.01 01:35:12 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2010.03.01 01:35:12 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Schaka\Desktop\*.tmp files -> C:\Users\Schaka\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.04 18:14:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.04 18:08:14 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.04 18:04:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.04 00:45:48 | 000,015,256 | ---- | M] () -- C:\Users\Schaka\Desktop\Haushalt.ods [2012.01.03 22:43:45 | 000,019,456 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.03 22:43:45 | 000,019,456 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.03 22:38:29 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys [2012.01.02 21:46:11 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Schaka\Desktop\esetsmartinstaller_enu.exe [2012.01.02 20:27:09 | 000,000,618 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.02 20:25:21 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Schaka\Desktop\mbam-setup-1.60.0.1800.exe [2011.12.31 17:40:15 | 000,314,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.31 00:41:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.12.24 13:32:31 | 000,684,954 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2011.12.24 13:32:31 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.24 13:32:31 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.24 13:32:31 | 000,127,070 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2011.12.24 13:32:31 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.24 13:32:31 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.18 23:33:38 | 000,022,062 | ---- | M] () -- C:\Users\Schaka\Desktop\6003467-mosaik-der-jungfrau-maria-in-die-kirche-der-hagia-sofia-istanbul-t-rkei.jpg [2011.12.18 23:31:58 | 000,018,585 | ---- | M] () -- C:\Users\Schaka\Desktop\PD_Hagia_Sophia_BW_web_560.jpg [2011.12.11 19:32:59 | 003,770,308 | ---- | M] () -- C:\Users\Schaka\Desktop\Hahn, Alois.PDF [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.05 21:27:12 | 000,007,317 | ---- | M] () -- C:\Users\Schaka\Desktop\Neue Nachricht von Mar Rine!.eml [2011.12.05 21:24:19 | 000,187,929 | ---- | M] () -- C:\Users\Schaka\Desktop\Whng.Überg.Protokoll1.jpg [2011.12.05 21:24:19 | 000,164,551 | ---- | M] () -- C:\Users\Schaka\Desktop\Whng.Überg.Protokoll2.jpg [2011.12.05 21:21:31 | 000,491,356 | ---- | M] () -- C:\Users\Schaka\Desktop\Flözstr. 6, Wohnungs-Übernahmeprotokoll.eml [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Schaka\Desktop\*.tmp files -> C:\Users\Schaka\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.02 20:27:09 | 000,000,618 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.01 01:44:28 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2012.01.01 01:44:28 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2012.01.01 01:44:28 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2012.01.01 01:44:28 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2011.12.31 00:27:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.12.31 00:27:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.12.31 00:27:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.12.31 00:27:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.12.31 00:27:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.12.18 23:33:38 | 000,022,062 | ---- | C] () -- C:\Users\Schaka\Desktop\6003467-mosaik-der-jungfrau-maria-in-die-kirche-der-hagia-sofia-istanbul-t-rkei.jpg [2011.12.18 23:31:58 | 000,018,585 | ---- | C] () -- C:\Users\Schaka\Desktop\PD_Hagia_Sophia_BW_web_560.jpg [2011.12.13 22:57:42 | 003,770,308 | ---- | C] () -- C:\Users\Schaka\Desktop\Hahn, Alois.PDF [2011.12.10 22:20:30 | 001,206,473 | ---- | C] () -- C:\Users\Schaka\Desktop\BILD0282.JPG [2011.12.05 21:27:12 | 000,007,317 | ---- | C] () -- C:\Users\Schaka\Desktop\Neue Nachricht von Mar Rine!.eml [2011.12.05 21:24:18 | 000,164,551 | ---- | C] () -- C:\Users\Schaka\Desktop\Whng.Überg.Protokoll2.jpg [2011.12.05 21:24:16 | 000,187,929 | ---- | C] () -- C:\Users\Schaka\Desktop\Whng.Überg.Protokoll1.jpg [2011.12.05 21:21:30 | 000,491,356 | ---- | C] () -- C:\Users\Schaka\Desktop\Flözstr. 6, Wohnungs-Übernahmeprotokoll.eml [2011.06.26 17:42:10 | 000,000,000 | ---- | C] () -- C:\Users\Schaka\AppData\Local\{E3C6840F-6AA1-4EBD-9015-702D46845B43} [2011.04.21 15:54:47 | 000,000,264 | ---- | C] () -- C:\Windows\System32\PSUNCpl.dat [2011.04.21 13:47:43 | 000,000,176 | ---- | C] () -- C:\ProgramData\~32562952 [2011.04.21 13:47:43 | 000,000,120 | ---- | C] () -- C:\ProgramData\~32562952r [2011.04.21 13:47:34 | 000,000,336 | ---- | C] () -- C:\ProgramData\32562952 [2011.01.12 16:21:46 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2011.01.12 16:21:45 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini [2011.01.12 16:21:41 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI [2010.06.13 13:21:41 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2010.06.13 13:21:41 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.06.13 13:21:41 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2010.03.01 01:35:17 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2010.03.01 01:35:17 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2010.03.01 01:35:13 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys [2010.03.01 01:35:12 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys [2010.03.01 01:35:12 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini [2010.03.01 01:35:12 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini [2009.12.11 22:35:27 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.25 12:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.11.17 12:08:34 | 000,197,424 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009.11.06 17:56:22 | 000,000,454 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2009.11.01 21:29:55 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2009.11.01 21:25:52 | 000,684,954 | ---- | C] () -- C:\Windows\System32\perfh00C.dat [2009.11.01 21:25:52 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat [2009.11.01 21:25:52 | 000,127,070 | ---- | C] () -- C:\Windows\System32\perfc00C.dat [2009.11.01 21:25:52 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat [2009.09.23 18:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin [2009.07.14 09:47:43 | 000,643,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,126,394 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,314,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,607,190 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,103,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll ========== LOP Check ========== [2011.12.19 20:52:31 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\foobar2000 [2011.01.12 16:24:52 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Foxit Software [2012.01.02 14:09:05 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\ICQ [2009.11.01 21:44:09 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\IrfanView [2009.11.14 22:08:28 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\OpenOffice.org [2011.04.21 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Panda Security [2011.04.21 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Reviversoft [2012.01.01 01:44:27 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Simply Super Software [2010.06.30 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Thunderbird [2011.09.17 09:29:34 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.11.07 19:11:44 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Adobe [2011.12.06 18:49:24 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\dvdcss [2011.12.19 20:52:31 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\foobar2000 [2011.01.12 16:24:52 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Foxit Software [2012.01.02 14:09:05 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\ICQ [2009.11.01 19:37:56 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Identities [2010.03.01 01:34:44 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\InstallShield [2009.11.01 21:44:09 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\IrfanView [2009.11.01 21:50:44 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Macromedia [2011.04.21 16:26:28 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Malwarebytes [2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Media Center Programs [2011.04.21 15:39:12 | 000,000,000 | --SD | M] -- C:\Users\Schaka\AppData\Roaming\Microsoft [2011.01.12 16:18:11 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Microsoft Web Folders [2011.01.12 16:20:07 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\MiKTeX [2009.11.01 21:41:24 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Mozilla [2009.11.14 22:08:28 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\OpenOffice.org [2011.04.21 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Panda Security [2011.04.21 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Reviversoft [2012.01.01 01:44:27 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Simply Super Software [2011.12.30 23:39:46 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Skype [2011.12.30 22:07:07 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\skypePM [2010.06.30 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Thunderbird [2011.12.06 22:03:18 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\vlc [2009.11.06 17:55:20 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2009.11.12 09:14:39 | 000,003,638 | R--- | M] () -- C:\Users\Schaka\AppData\Roaming\Microsoft\Installer\{E06F91DB-9DA5-41F9-9941-6B0802236A44}\_2cd672ae.exe [2009.11.12 09:14:39 | 000,003,638 | R--- | M] () -- C:\Users\Schaka\AppData\Roaming\Microsoft\Installer\{E06F91DB-9DA5-41F9-9941-6B0802236A44}\_4ae13d6c.exe [2010.10.02 20:06:49 | 001,288,704 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\MiKTeX\2.9\miktex\bin\miktex-taskbar-icon.exe [2010.10.02 20:06:49 | 001,288,704 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\MiKTeX\2.9\miktex\bin\miktex-update.exe [2010.10.02 20:06:51 | 001,288,704 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\MiKTeX\2.9\miktex\bin\miktex-update_admin.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\ERDNT\cache\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 869 bytes -> C:\Users\Schaka\Desktop\Neue Nachricht von Mar Rine!.eml:OECustomProperty @Alternate Data Stream - 1333 bytes -> C:\Users\Schaka\Desktop\Flözstr. 6, Wohnungs-Übernahmeprotokoll.eml:OECustomProperty @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > |
|
04.01.2012, 22:02
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
[2011.12.29 16:40:38 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-1.xml
[2010.07.22 12:00:06 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-2.xml
[2010.07.25 10:42:16 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-3.xml
[2010.09.20 22:32:39 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-4.xml
[2010.10.21 07:38:00 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-5.xml
[2010.10.31 11:51:28 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-6.xml
[2010.12.12 16:46:57 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-7.xml
[2011.01.12 15:55:20 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-8.xml
[2010.07.14 18:13:21 | 000,001,069 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin.xml
CHR - default_search_provider: ICQ Search (Enabled)
CHR - default_search_provider: search_url = http://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome
[2011.04.21 13:47:43 | 000,000,176 | ---- | C] () -- C:\ProgramData\~32562952
[2011.04.21 13:47:43 | 000,000,120 | ---- | C] () -- C:\ProgramData\~32562952r
[2011.04.21 13:47:34 | 000,000,336 | ---- | C] () -- C:\ProgramData\32562952
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:CB0AACC9
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.01.2012, 15:19
| #9 |
| | Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix!Code:
ATTFilter All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL
C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin.xml moved successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
C:\ProgramData\~32562952 moved successfully.
C:\ProgramData\~32562952r moved successfully.
C:\ProgramData\32562952 moved successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Schaka
->Temp folder emptied: 4681146 bytes
->Temporary Internet Files folder emptied: 22459987 bytes
->Java cache emptied: 1686081 bytes
->FireFox cache emptied: 221401322 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 39641 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1533469 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 900722 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 241,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01072012_151253
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
DICKES DANKE!!! |
|
07.01.2012, 16:24
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix! Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.01.2012, 16:36
| #11 |
| | Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix!Code:
ATTFilter 16:32:36.0576 2868 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
16:32:36.0719 2868 ============================================================
16:32:36.0719 2868 Current date / time: 2012/01/07 16:32:36.0719
16:32:36.0719 2868 SystemInfo:
16:32:36.0719 2868
16:32:36.0719 2868 OS Version: 6.1.7600 ServicePack: 0.0
16:32:36.0719 2868 Product type: Workstation
16:32:36.0719 2868 ComputerName: SCHAKA-PC
16:32:36.0719 2868 UserName: Schaka
16:32:36.0719 2868 Windows directory: C:\Windows
16:32:36.0719 2868 System windows directory: C:\Windows
16:32:36.0719 2868 Processor architecture: Intel x86
16:32:36.0719 2868 Number of processors: 2
16:32:36.0719 2868 Page size: 0x1000
16:32:36.0719 2868 Boot type: Normal boot
16:32:36.0719 2868 ============================================================
16:32:38.0305 2868 Initialize success
16:34:33.0521 3856 ============================================================
16:34:33.0521 3856 Scan started
16:34:33.0521 3856 Mode: Manual; SigCheck; TDLFS;
16:34:33.0521 3856 ============================================================
16:34:34.0969 3856 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
16:34:35.0144 3856 1394ohci - ok
16:34:35.0201 3856 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
16:34:35.0233 3856 ACPI - ok
16:34:35.0276 3856 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
16:34:35.0369 3856 AcpiPmi - ok
16:34:35.0428 3856 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:34:35.0465 3856 adp94xx - ok
16:34:35.0500 3856 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:34:35.0534 3856 adpahci - ok
16:34:35.0575 3856 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:34:35.0601 3856 adpu320 - ok
16:34:35.0690 3856 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
16:34:35.0770 3856 AFD - ok
16:34:35.0814 3856 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
16:34:35.0836 3856 agp440 - ok
16:34:35.0881 3856 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:34:35.0903 3856 aic78xx - ok
16:34:35.0961 3856 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
16:34:35.0982 3856 aliide - ok
16:34:36.0015 3856 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
16:34:36.0037 3856 amdagp - ok
16:34:36.0063 3856 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
16:34:36.0083 3856 amdide - ok
16:34:36.0127 3856 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:34:36.0174 3856 AmdK8 - ok
16:34:36.0209 3856 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:34:36.0270 3856 AmdPPM - ok
16:34:36.0335 3856 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
16:34:36.0359 3856 amdsata - ok
16:34:36.0526 3856 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:34:36.0553 3856 amdsbs - ok
16:34:36.0585 3856 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
16:34:36.0606 3856 amdxata - ok
16:34:36.0646 3856 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
16:34:36.0743 3856 AppID - ok
16:34:36.0815 3856 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:34:36.0838 3856 arc - ok
16:34:36.0860 3856 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:34:36.0884 3856 arcsas - ok
16:34:36.0929 3856 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:34:37.0079 3856 AsyncMac - ok
16:34:37.0102 3856 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
16:34:37.0122 3856 atapi - ok
16:34:37.0217 3856 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:34:37.0283 3856 b06bdrv - ok
16:34:37.0325 3856 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:34:37.0386 3856 b57nd60x - ok
16:34:37.0436 3856 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:34:37.0501 3856 Beep - ok
16:34:37.0550 3856 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:34:37.0586 3856 blbdrive - ok
16:34:37.0627 3856 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
16:34:37.0676 3856 bowser - ok
16:34:37.0701 3856 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:34:37.0743 3856 BrFiltLo - ok
16:34:37.0774 3856 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:34:37.0843 3856 BrFiltUp - ok
16:34:37.0897 3856 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:34:37.0974 3856 Brserid - ok
16:34:38.0010 3856 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:34:38.0053 3856 BrSerWdm - ok
16:34:38.0085 3856 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:34:38.0136 3856 BrUsbMdm - ok
16:34:38.0150 3856 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:34:38.0192 3856 BrUsbSer - ok
16:34:38.0221 3856 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:34:38.0267 3856 BTHMODEM - ok
16:34:38.0441 3856 catchme - ok
16:34:38.0563 3856 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:34:38.0640 3856 cdfs - ok
16:34:38.0714 3856 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
16:34:38.0756 3856 cdrom - ok
16:34:38.0816 3856 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:34:38.0864 3856 circlass - ok
16:34:38.0903 3856 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:34:38.0933 3856 CLFS - ok
16:34:38.0973 3856 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:34:39.0012 3856 CmBatt - ok
16:34:39.0038 3856 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
16:34:39.0058 3856 cmdide - ok
16:34:39.0098 3856 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
16:34:39.0142 3856 CNG - ok
16:34:39.0186 3856 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:34:39.0207 3856 Compbatt - ok
16:34:39.0245 3856 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:34:39.0292 3856 CompositeBus - ok
16:34:39.0342 3856 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:34:39.0363 3856 crcdisk - ok
16:34:39.0419 3856 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
16:34:39.0481 3856 CSC - ok
16:34:39.0537 3856 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
16:34:39.0591 3856 CVirtA - ok
16:34:39.0689 3856 CVPNDRVA (c23025ac5ae45a105d63bd6e2408edd4) C:\Windows\system32\Drivers\CVPNDRVA.sys
16:34:39.0720 3856 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
16:34:39.0720 3856 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
16:34:39.0782 3856 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
16:34:39.0855 3856 DfsC - ok
16:34:39.0893 3856 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:34:39.0967 3856 discache - ok
16:34:40.0015 3856 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:34:40.0037 3856 Disk - ok
16:34:40.0097 3856 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
16:34:40.0118 3856 DNE - ok
16:34:40.0175 3856 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:34:40.0226 3856 drmkaud - ok
16:34:40.0295 3856 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
16:34:40.0359 3856 DXGKrnl - ok
16:34:40.0405 3856 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:34:40.0447 3856 E1G60 - ok
16:34:40.0605 3856 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:34:40.0787 3856 ebdrv - ok
16:34:40.0839 3856 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:34:40.0878 3856 elxstor - ok
16:34:40.0910 3856 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
16:34:40.0948 3856 ErrDev - ok
16:34:40.0993 3856 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:34:41.0057 3856 exfat - ok
16:34:41.0080 3856 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:34:41.0149 3856 fastfat - ok
16:34:41.0184 3856 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:34:41.0220 3856 fdc - ok
16:34:41.0261 3856 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:34:41.0283 3856 FileInfo - ok
16:34:41.0306 3856 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:34:41.0390 3856 Filetrace - ok
16:34:41.0429 3856 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:34:41.0464 3856 flpydisk - ok
16:34:41.0500 3856 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:34:41.0529 3856 FltMgr - ok
16:34:41.0559 3856 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:34:41.0581 3856 FsDepends - ok
16:34:41.0605 3856 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
16:34:41.0626 3856 Fs_Rec - ok
16:34:41.0682 3856 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
16:34:41.0714 3856 fvevol - ok
16:34:41.0744 3856 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:34:41.0767 3856 gagp30kx - ok
16:34:41.0859 3856 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:34:41.0919 3856 hcw85cir - ok
16:34:41.0985 3856 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
16:34:42.0042 3856 HdAudAddService - ok
16:34:42.0083 3856 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:34:42.0131 3856 HDAudBus - ok
16:34:42.0166 3856 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:34:42.0206 3856 HidBatt - ok
16:34:42.0239 3856 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:34:42.0282 3856 HidBth - ok
16:34:42.0321 3856 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:34:42.0368 3856 HidIr - ok
16:34:42.0419 3856 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
16:34:42.0497 3856 HidUsb - ok
16:34:42.0541 3856 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:34:42.0564 3856 HpSAMD - ok
16:34:42.0622 3856 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
16:34:42.0708 3856 HTTP - ok
16:34:42.0733 3856 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
16:34:42.0754 3856 hwpolicy - ok
16:34:42.0784 3856 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
16:34:42.0812 3856 i8042prt - ok
16:34:42.0884 3856 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
16:34:42.0917 3856 iaStorV - ok
16:34:43.0148 3856 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:34:43.0427 3856 igfx - ok
16:34:43.0518 3856 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:34:43.0539 3856 iirsp - ok
16:34:43.0586 3856 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
16:34:43.0616 3856 intelide - ok
16:34:43.0665 3856 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:34:43.0717 3856 intelppm - ok
16:34:43.0752 3856 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:34:43.0836 3856 IpFilterDriver - ok
16:34:43.0890 3856 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:34:43.0925 3856 IPMIDRV - ok
16:34:43.0950 3856 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:34:44.0011 3856 IPNAT - ok
16:34:44.0048 3856 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:34:44.0114 3856 IRENUM - ok
16:34:44.0145 3856 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
16:34:44.0167 3856 isapnp - ok
16:34:44.0219 3856 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
16:34:44.0271 3856 iScsiPrt - ok
16:34:44.0310 3856 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:34:44.0332 3856 kbdclass - ok
16:34:44.0376 3856 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
16:34:44.0419 3856 kbdhid - ok
16:34:44.0449 3856 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
16:34:44.0472 3856 KSecDD - ok
16:34:44.0526 3856 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
16:34:44.0552 3856 KSecPkg - ok
16:34:44.0607 3856 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:34:44.0665 3856 lltdio - ok
16:34:44.0717 3856 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:34:44.0742 3856 LSI_FC - ok
16:34:44.0774 3856 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:34:44.0800 3856 LSI_SAS - ok
16:34:44.0835 3856 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:34:44.0858 3856 LSI_SAS2 - ok
16:34:44.0884 3856 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:34:44.0908 3856 LSI_SCSI - ok
16:34:44.0961 3856 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:34:45.0032 3856 luafv - ok
16:34:45.0087 3856 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
16:34:45.0174 3856 MBAMProtector - ok
16:34:45.0206 3856 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:34:45.0228 3856 megasas - ok
16:34:45.0276 3856 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:34:45.0310 3856 MegaSR - ok
16:34:45.0341 3856 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:34:45.0395 3856 Modem - ok
16:34:45.0433 3856 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:34:45.0476 3856 monitor - ok
16:34:45.0521 3856 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:34:45.0542 3856 mouclass - ok
16:34:45.0568 3856 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:34:45.0593 3856 mouhid - ok
16:34:45.0618 3856 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
16:34:45.0640 3856 mountmgr - ok
16:34:45.0674 3856 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
16:34:45.0699 3856 mpio - ok
16:34:45.0724 3856 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:34:45.0896 3856 mpsdrv - ok
16:34:45.0931 3856 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
16:34:46.0000 3856 MRxDAV - ok
16:34:46.0052 3856 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:34:46.0122 3856 mrxsmb - ok
16:34:46.0174 3856 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:34:46.0216 3856 mrxsmb10 - ok
16:34:46.0251 3856 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:34:46.0278 3856 mrxsmb20 - ok
16:34:46.0321 3856 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
16:34:46.0342 3856 msahci - ok
16:34:46.0379 3856 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
16:34:46.0404 3856 msdsm - ok
16:34:46.0438 3856 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:34:46.0493 3856 Msfs - ok
16:34:46.0513 3856 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:34:46.0595 3856 mshidkmdf - ok
16:34:46.0701 3856 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
16:34:46.0722 3856 msisadrv - ok
16:34:46.0774 3856 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:34:46.0837 3856 MSKSSRV - ok
16:34:46.0862 3856 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:34:46.0930 3856 MSPCLOCK - ok
16:34:46.0955 3856 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:34:47.0027 3856 MSPQM - ok
16:34:47.0070 3856 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:34:47.0096 3856 MsRPC - ok
16:34:47.0128 3856 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
16:34:47.0148 3856 mssmbios - ok
16:34:47.0180 3856 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:34:47.0241 3856 MSTEE - ok
16:34:47.0273 3856 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:34:47.0308 3856 MTConfig - ok
16:34:47.0340 3856 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:34:47.0362 3856 Mup - ok
16:34:47.0415 3856 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:34:47.0468 3856 NativeWifiP - ok
16:34:47.0539 3856 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
16:34:47.0608 3856 NDIS - ok
16:34:47.0653 3856 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:34:47.0749 3856 NdisCap - ok
16:34:47.0804 3856 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:34:47.0865 3856 NdisTapi - ok
16:34:47.0898 3856 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
16:34:47.0952 3856 Ndisuio - ok
16:34:47.0980 3856 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
16:34:48.0061 3856 NdisWan - ok
16:34:48.0096 3856 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
16:34:48.0151 3856 NDProxy - ok
16:34:48.0194 3856 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:34:48.0266 3856 NetBIOS - ok
16:34:48.0300 3856 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
16:34:48.0365 3856 NetBT - ok
16:34:48.0567 3856 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
16:34:48.0810 3856 netw5v32 - ok
16:34:48.0872 3856 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:34:48.0894 3856 nfrd960 - ok
16:34:48.0978 3856 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\Windows\system32\drivers\ccdcmb.sys
16:34:49.0048 3856 nmwcd - ok
16:34:49.0099 3856 nmwcdc (60ef5f5621d7832f00a3f190a0c905e2) C:\Windows\system32\drivers\ccdcmbo.sys
16:34:49.0153 3856 nmwcdc - ok
16:34:49.0200 3856 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:34:49.0267 3856 Npfs - ok
16:34:49.0292 3856 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:34:49.0357 3856 nsiproxy - ok
16:34:49.0451 3856 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
16:34:49.0539 3856 Ntfs - ok
16:34:49.0563 3856 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:34:49.0648 3856 Null - ok
16:34:49.0701 3856 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
16:34:49.0725 3856 nvraid - ok
16:34:49.0784 3856 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
16:34:49.0810 3856 nvstor - ok
16:34:49.0848 3856 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
16:34:49.0874 3856 nv_agp - ok
16:34:49.0901 3856 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
16:34:49.0940 3856 ohci1394 - ok
16:34:49.0979 3856 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:34:50.0018 3856 Parport - ok
16:34:50.0051 3856 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
16:34:50.0080 3856 partmgr - ok
16:34:50.0101 3856 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:34:50.0148 3856 Parvdm - ok
16:34:50.0182 3856 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
16:34:50.0208 3856 pci - ok
16:34:50.0239 3856 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
16:34:50.0260 3856 pciide - ok
16:34:50.0297 3856 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:34:50.0324 3856 pcmcia - ok
16:34:50.0361 3856 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:34:50.0384 3856 pcw - ok
16:34:50.0423 3856 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:34:50.0497 3856 PEAUTH - ok
16:34:50.0553 3856 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:34:50.0628 3856 PptpMiniport - ok
16:34:50.0655 3856 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:34:50.0700 3856 Processor - ok
16:34:50.0759 3856 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:34:50.0829 3856 Psched - ok
16:34:50.0916 3856 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:34:51.0021 3856 ql2300 - ok
16:34:51.0050 3856 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:34:51.0083 3856 ql40xx - ok
16:34:51.0120 3856 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:34:51.0155 3856 QWAVEdrv - ok
16:34:51.0187 3856 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:34:51.0264 3856 RasAcd - ok
16:34:51.0390 3856 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:34:51.0446 3856 RasAgileVpn - ok
16:34:51.0490 3856 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:34:51.0583 3856 Rasl2tp - ok
16:34:51.0634 3856 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:34:51.0710 3856 RasPppoe - ok
16:34:51.0741 3856 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:34:51.0804 3856 RasSstp - ok
16:34:51.0833 3856 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
16:34:51.0917 3856 rdbss - ok
16:34:51.0948 3856 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:34:51.0977 3856 rdpbus - ok
16:34:52.0005 3856 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:34:52.0071 3856 RDPCDD - ok
16:34:52.0099 3856 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
16:34:52.0158 3856 RDPDR - ok
16:34:52.0202 3856 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:34:52.0260 3856 RDPENCDD - ok
16:34:52.0285 3856 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:34:52.0349 3856 RDPREFMP - ok
16:34:52.0390 3856 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
16:34:52.0450 3856 RDPWD - ok
16:34:52.0501 3856 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
16:34:52.0528 3856 rdyboost - ok
16:34:52.0585 3856 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:34:52.0629 3856 rimmptsk - ok
16:34:52.0661 3856 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:34:52.0700 3856 rimsptsk - ok
16:34:52.0737 3856 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:34:52.0778 3856 rismxdp - ok
16:34:52.0848 3856 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:34:52.0915 3856 rspndr - ok
16:34:52.0945 3856 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
16:34:52.0998 3856 s3cap - ok
16:34:53.0054 3856 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
16:34:53.0078 3856 sbp2port - ok
16:34:53.0117 3856 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
16:34:53.0187 3856 scfilter - ok
16:34:53.0268 3856 SCR33x USB Smart Card Reader (b0d9345b70c12e80738d72ce794bf616) C:\Windows\system32\DRIVERS\SCR33X2K.sys
16:34:53.0278 3856 SCR33x USB Smart Card Reader ( UnsignedFile.Multi.Generic ) - warning
16:34:53.0278 3856 SCR33x USB Smart Card Reader - detected UnsignedFile.Multi.Generic (1)
16:34:53.0318 3856 SCR3XX2K (b590c6b740a85130e88d35d007691eb4) C:\Windows\system32\DRIVERS\SCR3XX2K.sys
16:34:53.0374 3856 SCR3XX2K - ok
16:34:53.0438 3856 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\drivers\sdbus.sys
16:34:53.0489 3856 sdbus - ok
16:34:53.0546 3856 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:34:53.0616 3856 secdrv - ok
16:34:53.0675 3856 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:34:53.0721 3856 Serenum - ok
16:34:53.0779 3856 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:34:53.0809 3856 Serial - ok
16:34:53.0836 3856 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:34:53.0886 3856 sermouse - ok
16:34:53.0938 3856 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
16:34:53.0981 3856 sffdisk - ok
16:34:54.0012 3856 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
16:34:54.0048 3856 sffp_mmc - ok
16:34:54.0083 3856 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:34:54.0125 3856 sffp_sd - ok
16:34:54.0165 3856 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:34:54.0207 3856 sfloppy - ok
16:34:54.0263 3856 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
16:34:54.0285 3856 sisagp - ok
16:34:54.0342 3856 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:34:54.0364 3856 SiSRaid2 - ok
16:34:54.0395 3856 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:34:54.0419 3856 SiSRaid4 - ok
16:34:54.0448 3856 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:34:54.0520 3856 Smb - ok
16:34:54.0654 3856 SNP2UVC (d79fe8ff4c1a11cd650a8bbeac62be9f) C:\Windows\system32\DRIVERS\snp2uvc.sys
16:34:54.0793 3856 SNP2UVC - ok
16:34:54.0826 3856 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:34:54.0847 3856 spldr - ok
16:34:54.0932 3856 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
16:34:55.0006 3856 srv - ok
16:34:55.0070 3856 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
16:34:55.0137 3856 srv2 - ok
16:34:55.0192 3856 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:34:55.0238 3856 SrvHsfHDA - ok
16:34:55.0297 3856 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:34:55.0378 3856 SrvHsfV92 - ok
16:34:55.0422 3856 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
16:34:55.0480 3856 SrvHsfWinac - ok
16:34:55.0524 3856 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
16:34:55.0563 3856 srvnet - ok
16:34:55.0648 3856 STC2DFU (594898b175b8b7d2897a71227d4bbda1) C:\Windows\system32\DRIVERS\Stc2Dfu.SYS
16:34:55.0655 3856 STC2DFU ( UnsignedFile.Multi.Generic ) - warning
16:34:55.0655 3856 STC2DFU - detected UnsignedFile.Multi.Generic (1)
16:34:55.0696 3856 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:34:55.0718 3856 stexstor - ok
16:34:55.0765 3856 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
16:34:55.0787 3856 storflt - ok
16:34:55.0823 3856 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
16:34:55.0844 3856 storvsc - ok
16:34:55.0873 3856 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
16:34:55.0894 3856 swenum - ok
16:34:55.0988 3856 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
16:34:56.0081 3856 Tcpip - ok
16:34:56.0156 3856 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
16:34:56.0216 3856 TCPIP6 - ok
16:34:56.0249 3856 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
16:34:56.0319 3856 tcpipreg - ok
16:34:56.0350 3856 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
16:34:56.0417 3856 TDPIPE - ok
16:34:56.0443 3856 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
16:34:56.0512 3856 TDTCP - ok
16:34:56.0543 3856 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
16:34:56.0613 3856 tdx - ok
16:34:56.0646 3856 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
16:34:56.0668 3856 TermDD - ok
16:34:56.0730 3856 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:34:56.0797 3856 tssecsrv - ok
16:34:56.0861 3856 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
16:34:56.0933 3856 tunnel - ok
16:34:56.0967 3856 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:34:56.0989 3856 uagp35 - ok
16:34:57.0024 3856 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
16:34:57.0085 3856 udfs - ok
16:34:57.0130 3856 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:34:57.0153 3856 uliagpkx - ok
16:34:57.0198 3856 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
16:34:57.0250 3856 umbus - ok
16:34:57.0274 3856 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:34:57.0322 3856 UmPass - ok
16:34:57.0394 3856 upperdev (bb16932a4189e82d6c455042c11849b6) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
16:34:57.0472 3856 upperdev - ok
16:34:57.0520 3856 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
16:34:57.0578 3856 usbccgp - ok
16:34:57.0647 3856 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
16:34:57.0678 3856 usbcir - ok
16:34:57.0717 3856 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
16:34:57.0741 3856 usbehci - ok
16:34:57.0783 3856 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
16:34:57.0814 3856 usbhub - ok
16:34:57.0841 3856 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
16:34:57.0882 3856 usbohci - ok
16:34:57.0936 3856 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:34:57.0983 3856 usbprint - ok
16:34:58.0022 3856 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
16:34:58.0076 3856 usbscan - ok
16:34:58.0150 3856 usbser (88701eca76145e2c011c0eeff0f7b70e) C:\Windows\system32\drivers\usbser.sys
16:34:58.0190 3856 usbser - ok
16:34:58.0226 3856 UsbserFilt (e748d50b3b2ec7f40a2ba67fb094cf01) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
16:34:58.0284 3856 UsbserFilt - ok
16:34:58.0332 3856 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS
16:34:58.0385 3856 USBSTOR - ok
16:34:58.0412 3856 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
16:34:58.0454 3856 usbuhci - ok
16:34:58.0523 3856 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
16:34:58.0587 3856 usbvideo - ok
16:34:58.0641 3856 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:34:58.0662 3856 vdrvroot - ok
16:34:58.0700 3856 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:34:58.0751 3856 vga - ok
16:34:58.0783 3856 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:34:58.0837 3856 VgaSave - ok
16:34:58.0874 3856 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
16:34:58.0900 3856 vhdmp - ok
16:34:58.0943 3856 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
16:34:58.0965 3856 viaagp - ok
16:34:58.0982 3856 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:34:59.0024 3856 ViaC7 - ok
16:34:59.0058 3856 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
16:34:59.0078 3856 viaide - ok
16:34:59.0109 3856 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
16:34:59.0136 3856 vmbus - ok
16:34:59.0161 3856 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
16:34:59.0185 3856 VMBusHID - ok
16:34:59.0221 3856 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
16:34:59.0244 3856 volmgr - ok
16:34:59.0272 3856 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:34:59.0303 3856 volmgrx - ok
16:34:59.0340 3856 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
16:34:59.0370 3856 volsnap - ok
16:34:59.0479 3856 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:34:59.0504 3856 vsmraid - ok
16:34:59.0535 3856 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
16:34:59.0582 3856 vwifibus - ok
16:34:59.0615 3856 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:34:59.0640 3856 WacomPen - ok
16:34:59.0693 3856 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:34:59.0762 3856 WANARP - ok
16:34:59.0769 3856 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:34:59.0823 3856 Wanarpv6 - ok
16:34:59.0879 3856 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:34:59.0899 3856 Wd - ok
16:34:59.0939 3856 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:34:59.0983 3856 Wdf01000 - ok
16:35:00.0042 3856 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:35:00.0112 3856 WfpLwf - ok
16:35:00.0143 3856 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:35:00.0164 3856 WIMMount - ok
16:35:00.0229 3856 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
16:35:00.0292 3856 winbondcir - ok
16:35:00.0384 3856 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
16:35:00.0413 3856 WinUsb - ok
16:35:00.0436 3856 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:35:00.0477 3856 WmiAcpi - ok
16:35:00.0539 3856 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:35:00.0603 3856 ws2ifsl - ok
16:35:00.0640 3856 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
16:35:00.0712 3856 WudfPf - ok
16:35:00.0754 3856 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:35:00.0826 3856 WUDFRd - ok
16:35:00.0883 3856 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:35:01.0063 3856 \Device\Harddisk0\DR0 - ok
16:35:01.0065 3856 Boot (0x1200) (71b98b2431301845f5704a4e2724ac3f) \Device\Harddisk0\DR0\Partition0
16:35:01.0067 3856 \Device\Harddisk0\DR0\Partition0 - ok
16:35:01.0086 3856 Boot (0x1200) (d909d782afcce2c00f08dd4198967ffa) \Device\Harddisk0\DR0\Partition1
16:35:01.0088 3856 \Device\Harddisk0\DR0\Partition1 - ok
16:35:01.0089 3856 ============================================================
16:35:01.0089 3856 Scan finished
16:35:01.0089 3856 ============================================================
16:35:01.0116 3624 Detected object count: 3
16:35:01.0116 3624 Actual detected object count: 3
16:35:07.0587 3624 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
16:35:07.0587 3624 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:35:07.0587 3624 SCR33x USB Smart Card Reader ( UnsignedFile.Multi.Generic ) - skipped by user
16:35:07.0587 3624 SCR33x USB Smart Card Reader ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:35:07.0588 3624 STC2DFU ( UnsignedFile.Multi.Generic ) - skipped by user
16:35:07.0588 3624 STC2DFU ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
07.01.2012, 16:45
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix! Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.01.2012, 08:49
| #13 |
| | Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix! GMER hat leider nicht funktioniert Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 02:29:34 on 10.01.2012 OS: Windows 7 Ultimate Edition (Build 7600), 32-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "catchme" (catchme) - ? - C:\Users\Schaka\AppData\Local\Temp\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "SCR33x USB Smart Card Reader" (SCR33x USB Smart Card Reader) - "SCM Microsystems Inc." - C:\Windows\System32\DRIVERS\SCR33X2K.sys "STCII DFU Adapter" (STC2DFU) - "SCM Microsystems Inc." - C:\Windows\System32\DRIVERS\Stc2Dfu.SYS "uwdiqpow" (uwdiqpow) - "GMER" - C:\uwdiqpow.sys (Hidden registry entry, rootkit activity) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} "PixiePack Codec Pack 1.1.1200.0" - ? - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {C080DC3F-9095-4E4B-95E6-D67D077130E8} "IconsHandlerNano Class" - ? - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL (File not found) {59850401-6664-101B-B21C-00AA004BA90B} "Microsoft Office Binder Unbind" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office\1031\UNBIND.DLL {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {80AEF606-7FFA-4EF6-86C4-0B86FEF4E0CD} "SimpleShlExt extension" - ? - (File not found | COM-object registry key not found) {52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - "Simply Super Software" - C:\PROGRA~1\TROJAN~1\Trshlex.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10k.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\OSA9.EXE (Shortcut exists | File exists) "VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "D:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "PLFSetI" - ? - C:\Windows\PLFSetI.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TrojanScanner" - "Simply Super Software" - C:\Program Files\Trojan Remover\Trjscan.exe /boot [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - D:\Malwarebytes' Anti-Malware\mbamservice.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-10 02:32:16
-----------------------------
02:32:16.288 OS Version: Windows 6.1.7600
02:32:16.289 Number of processors: 2 586 0xF0D
02:32:16.294 ComputerName: SCHAKA-PC UserName: Schaka
02:32:17.219 Initialize success
02:35:10.804 AVAST engine defs: 12010901
02:35:37.070 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
02:35:37.075 Disk 0 Vendor: WDC_WD1600BEVS-22RST0 04.01G04 Size: 152627MB BusType: 11
02:35:37.122 Disk 0 MBR read successfully
02:35:37.127 Disk 0 MBR scan
02:35:37.152 Disk 0 Windows 7 default MBR code
02:35:37.159 Disk 0 Partition 1 00 12 Compaq diag NTFS 9993 MB offset 63
02:35:37.196 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71448 MB offset 20467712
02:35:37.224 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 67865 MB offset 166793216
02:35:37.256 Disk 0 Partition 4 00 12 Compaq diag NTFS 3319 MB offset 305780736
02:35:37.271 Disk 0 scanning sectors +312578048
02:35:37.324 Disk 0 scanning C:\Windows\system32\drivers
02:35:49.674 Service scanning
02:35:51.453 Modules scanning
02:36:03.567 Disk 0 trace - called modules:
02:36:03.604 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
02:36:03.617 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a48030]
02:36:03.629 3 CLASSPNP.SYS[88d8c59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85925030]
02:36:04.545 AVAST engine scan C:\Windows
02:36:06.424 File: C:\Windows\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
02:36:08.297 AVAST engine scan C:\Windows\system32
02:38:31.074 AVAST engine scan C:\Windows\system32\drivers
02:38:43.506 AVAST engine scan C:\Users\Schaka
02:45:48.640 AVAST engine scan C:\ProgramData
02:46:34.883 Scan finished successfully
08:44:46.219 Disk 0 MBR has been saved successfully to "C:\Users\Schaka\Desktop\MBR.dat"
08:44:46.232 The log file has been saved successfully to "C:\Users\Schaka\Desktop\aswMBR.txt"
|
|
10.01.2012, 10:03
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix!Zitat:
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.01.2012, 10:15
| #15 |
| | Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix!Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.08.02 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Schaka :: SCHAKA-PC [Administrator] Schutz: Aktiviert 10.01.2012 18:00:56 mbam-log-2012-01-10 (18-00-56).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 316727 Laufzeit: 1 Stunde(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 01/10/2012 at 10:13 PM
Application Version : 5.0.1142
Core Rules Database Version : 8118
Trace Rules Database Version: 5930
Scan type : Complete Scan
Total Scan Time : 00:46:44
Operating System Information
Windows 7 Ultimate 32-bit (Build 6.01.7600)
UAC On - Administrator
Memory items scanned : 639
Memory threats detected : 0
Registry items scanned : 36890
Registry threats detected : 0
File items scanned : 49895
File threats detected : 116
Adware.Tracking Cookie
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@ad3.adfarm1.adition[1].txt [ /ad3.adfarm1.adition ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@ad4.adfarm1.adition[1].txt [ /ad4.adfarm1.adition ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@adform[2].txt [ /adform ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@ads.creative-serving[2].txt [ /ads.creative-serving ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@adxpose[1].txt [ /adxpose ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@at.atwola[1].txt [ /at.atwola ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@content.yieldmanager[1].txt [ /content.yieldmanager ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@content.yieldmanager[3].txt [ /content.yieldmanager ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@imrworldwide[2].txt [ /imrworldwide ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@invitemedia[2].txt [ /invitemedia ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@media6degrees[2].txt [ /media6degrees ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@sevenoneintermedia.112.2o7[1].txt [ /sevenoneintermedia.112.2o7 ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@tacoda[1].txt [ /tacoda ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@track.adform[1].txt [ /track.adform ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@tracking.hannoversche[1].txt [ /tracking.hannoversche ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@tracking.quisma[2].txt [ /tracking.quisma ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@xm.xtendmedia[2].txt [ /xm.xtendmedia ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\MW071CC3.txt [ /ad.yieldmanager.com ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\MUB4YLDU.txt [ /adfarm1.adition.com ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\X303RQIU.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\MBEMF6SU.txt [ /specificclick.net ]
C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\GCLVHT1O.txt [ Cookie:schaka@2o7.net/ ]
C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\45YMD9ZD.txt [ Cookie:schaka@imrworldwide.com/cgi-bin ]
C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RQ3OS25Y.txt [ Cookie:schaka@adfarm1.adition.com/ ]
C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2NNZ3E2U.txt [ Cookie:schaka@urbia.wwe-media.de/ ]
C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\F2BLZ7WY.txt [ Cookie:schaka@ad.zanox.com/ ]
C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\D6Z5L6M2.txt [ Cookie:schaka@amazon-adsystem.com/ ]
C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RX5X3G5H.txt [ Cookie:schaka@de.sitestat.com/is24/is24/ ]
C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DT9HNCCB.txt [ Cookie:schaka@invitemedia.com/ ]
C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\schaka@ww251.smartadserver[2].txt [ Cookie:schaka@ww251.smartadserver.com/ ]
C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\U0I3H3QH.txt [ Cookie:schaka@zanox.com/ ]
C:\USERS\SCHAKA\Cookies\schaka@imrworldwide[2].txt [ Cookie:schaka@imrworldwide.com/cgi-bin ]
C:\USERS\SCHAKA\Cookies\MUB4YLDU.txt [ Cookie:schaka@adfarm1.adition.com/ ]
C:\USERS\SCHAKA\Cookies\schaka@content.yieldmanager[3].txt [ Cookie:schaka@content.yieldmanager.com/ak/ ]
C:\USERS\SCHAKA\Cookies\schaka@sevenoneintermedia.112.2o7[1].txt [ Cookie:schaka@sevenoneintermedia.112.2o7.net/ ]
C:\USERS\SCHAKA\Cookies\schaka@tracking.quisma[2].txt [ Cookie:schaka@tracking.quisma.com/ ]
C:\USERS\SCHAKA\Cookies\schaka@tracking.hannoversche[1].txt [ Cookie:schaka@tracking.hannoversche.de/ ]
C:\USERS\SCHAKA\Cookies\schaka@adxpose[1].txt [ Cookie:schaka@adxpose.com/ ]
C:\USERS\SCHAKA\Cookies\schaka@tacoda[1].txt [ Cookie:schaka@tacoda.net/ ]
C:\USERS\SCHAKA\Cookies\schaka@invitemedia[2].txt [ Cookie:schaka@invitemedia.com/ ]
C:\USERS\SCHAKA\Cookies\schaka@xm.xtendmedia[2].txt [ Cookie:schaka@xm.xtendmedia.com/ ]
C:\USERS\SCHAKA\Cookies\schaka@ad4.adfarm1.adition[1].txt [ Cookie:schaka@ad4.adfarm1.adition.com/ ]
C:\USERS\SCHAKA\Cookies\schaka@content.yieldmanager[1].txt [ Cookie:schaka@content.yieldmanager.com/ ]
C:\USERS\SCHAKA\Cookies\schaka@at.atwola[1].txt [ Cookie:schaka@at.atwola.com/ ]
C:\USERS\SCHAKA\Cookies\schaka@ad3.adfarm1.adition[1].txt [ Cookie:schaka@ad3.adfarm1.adition.com/ ]
C:\USERS\SCHAKA\Cookies\schaka@media6degrees[2].txt [ Cookie:schaka@media6degrees.com/ ]
a.media.abcfamily.go.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]
a.media.community.abcfamily.go.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]
ad.de.doubleclick.net [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]
astatic.weborama.fr [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]
broadcast.piximedia.fr [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]
cdn1.eyewonder.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]
ds.serving-sys.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]
googleads.g.doubleclick.net [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]
interclick.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]
m.de.2mdn.net [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]
media.jambocast.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]
media.moblyng.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]
media.mtvnservices.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]
media.scanscout.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]
pornoprinzen.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]
pornotube.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]
spe.atdmt.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]
D:\RAMONA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\RAMONA@AD.71I[1].TXT [ /AD.71I ]
.adfarm1.adition.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
rotator.adjuggler.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
rotator.adjuggler.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
adsrv.admediate.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
adsrv.admediate.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.tto2.traffictrack.de [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
cdn5.specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
cdn5.specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.de.at.atwola.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.meet-teens.de [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.meet-teens.de [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.meet-teens.de [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.meet-teens.de [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.msnportal.112.2o7.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.cgm.adbureau.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.cgm.adbureau.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.adbureau.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.tracking.mindshare.de [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\SCHAKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\USERS\SCHAKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\SCHAKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\SCHAKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eaeacom.112.2o7.net [ C:\USERS\SCHAKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\SCHAKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\SCHAKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\SCHAKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bbfd7d58a35769479cc052ebf4b26a20
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-02 10:36:24
# local_time=2012-01-02 11:36:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1538 16774142 20 3 13236915 154091221 0 0
# compatibility_mode=5893 16776573 100 94 3773 77169322 0 0
# compatibility_mode=8192 67108863 100 0 4544 4544 0 0
# scanned=163874
# found=3
# cleaned=0
# scan_time=5673
C:\Qoobox\Quarantine\C\Users\Schaka\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe.vir a variant of Win32/Kryptik.YHX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Schaka\Downloads\RegistryReviverSetup.exe a variant of Win32/RegistryReviver application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Schaka\Downloads\SoftonicDownloader_fuer_adobe-flash-player.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bbfd7d58a35769479cc052ebf4b26a20
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-10 11:20:15
# local_time=2012-01-11 12:20:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 36128 77862664 0 0
# compatibility_mode=8192 67108863 100 0 697886 697886 0 0
# scanned=161624
# found=5
# cleaned=0
# scan_time=6247
C:\$RECYCLE.BIN\S-1-5-21-1172789165-356147891-2993760755-1000\$RBZ1J09.exe probably a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Schaka\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe.vir a variant of Win32/Kryptik.YNE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Schaka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\45YJ47B6\youtubedownloaderToolbar[1].msi a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Schaka\Downloads\RegistryReviverSetup.exe a variant of Win32/RegistryReviver application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Schaka\Downloads\SoftonicDownloader_fuer_adobe-flash-player.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
|
|
| Themen zu Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix! |
| anbei, aus sicherheitsgründen, bildschirm, blockiert, button, combofix, frage, freund, hoffe, sicherheitsgründe, sicherheitsgründen, titel, virus, windows, windows blockiert, wurde ihr |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Hybrid-Darstellung
