Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.Ransom.Gen (Bundespolizei-Virus)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.01.2012, 14:13   #1
Julia777
 
Trojan.Ransom.Gen (Bundespolizei-Virus) - Standard

Trojan.Ransom.Gen (Bundespolizei-Virus)



Liebes Trojaner-Board Team!

Seit gestern Abend habe auch ich den hier schon so oft geposteten Bundespolizei-Virus. Zurzeit bin ich über mein zweites Benutzerkonto eingelockt, da, wenn ich mich über mein anderes Benutzerkonto einlogge, nichts mehr machen kann. Es erscheint die Aufforderung, dass ich 100 Euro zahlen soll um meinen PC wieder normal nutzen zu können.

In diesem Forum habe ich schon das eine oder andere über diesen Virus gelesen. Daher habe ich schon mal einen vollständigen Suchlauf mit Malwarebytes durchgeführt und die Auswahl entfernt.

Das Ergebnis ist unten angehängt.

Es wäre sehr nett, wenn mir jemand helfen könnte diesen Virus restlos zu beseitigen. Ich würde mich sehr freuen!

Liebe Grüße, Julia

Ich hätte da noch zusätzlich eine Frage. Als Antivirussystem habe ich Avira auf meinem Rechner und aktualisiere jeden Tag. Nun versteh ich nicht, warum es trotzdem ab und an ein Virus es auf meinen Rechner schafft. Sollte dieses Programm nicht verhindern, dass so etwas passiert? Oder ist ein anderes Programm effizienter?

Mein Scan:

Zitat:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.07.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Privat :: CORINNA [Administrator]

07.01.2012 10:50:31
mbam-log-2012-01-07 (10-50-31).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 382070
Laufzeit: 2 Stunde(n), 2 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Uni\AppData\Local\temp\0.8826178515930484.exe (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Uni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\62e58bf0-57336428 (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Uni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.8826178515930484.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Einer meiner alten Scans:
Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7914

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

10.10.2011 15:34:03
mbam-log-2011-10-10 (15-34-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 345237
Laufzeit: 1 Stunde(n), 23 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Danke im Vorraus!!!

Alt 07.01.2012, 15:59   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Ransom.Gen (Bundespolizei-Virus) - Standard

Trojan.Ransom.Gen (Bundespolizei-Virus)



Zitat:
Nun versteh ich nicht, warum es trotzdem ab und an ein Virus es auf meinen Rechner schafft.
Weil du auf die Werbeversprechen der Hersteller reingefallen bist. Ein Virenscanner wird niemals alle Schädlinge finden


Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 07.01.2012, 18:38   #3
Julia777
 
Trojan.Ransom.Gen (Bundespolizei-Virus) - Standard

Trojan.Ransom.Gen (Bundespolizei-Virus)



Hallo Cosinus!!
Erst einmal Danke für die schnelle Antwort.

Hier ist der logfile:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2aba1cc2af3dbf47b9244d27a896ada9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-07 06:05:15
# local_time=2012-01-07 07:05:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 508012 62485922 115592 0
# compatibility_mode=5892 16776573 100 100 12831 163486787 0 0
# compatibility_mode=8192 67108863 100 0 4043 4043 0 0
# scanned=201545
# found=1
# cleaned=0
# scan_time=5455
C:\Users\Uni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\7d8fd167-491d31f1	Java/Exploit.CVE-2011-3544.S trojan (unable to clean)	00000000000000000000000000000000	I
         

Liebe Grüße, Juli
__________________

Geändert von Julia777 (07.01.2012 um 18:53 Uhr)

Alt 07.01.2012, 19:21   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Ransom.Gen (Bundespolizei-Virus) - Standard

Trojan.Ransom.Gen (Bundespolizei-Virus)



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.01.2012, 19:47   #5
Julia777
 
Trojan.Ransom.Gen (Bundespolizei-Virus) - Standard

Trojan.Ransom.Gen (Bundespolizei-Virus)



Hallo Arne,

hier nun der OTL.log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.01.2012 20:26:00 - Run 7
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Privat\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 61,91% Memory free
6,19 Gb Paging File | 5,01 Gb Available in Paging File | 80,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 3,16 Gb Free Space | 2,72% Space Free | Partition Type: NTFS
Drive E: | 115,13 Gb Total Space | 105,67 Gb Free Space | 91,78% Space Free | Partition Type: NTFS
 
Computer Name: CORINNA | User Name: Privat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Privat\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\PSI-Update Meldungen\psia.exe (Secunia)
PRC - C:\Programme\PSI-Update Meldungen\psi_tray.exe (Secunia)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Google\Google EULA\GoogleEULALauncher.exe ( )
PRC - C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
PRC - C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
PRC - C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
PRC - C:\Programme\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
PRC - C:\Programme\Toshiba\HDMICtrlMan\HCMSoundChanger.exe (TOSHIBA Corporation.)
PRC - C:\Programme\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b67478ec034fdf811a748f1b6b5b1c95\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3019.36912__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3019.37109__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3019.36870__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3019.36924__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3019.37100__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3019.37065__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3019.36904__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3019.37022__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3019.36890__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3019.37131__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3019.37137__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3019.37079__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3019.36884__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3019.37102__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3019.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3019.36936__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3019.37023__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3019.37015__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3019.36891__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3019.37092__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3019.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3019.37072__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3019.36943__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3019.36930__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3019.37130__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3019.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3019.37029__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3019.37071__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3019.37022__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3019.37129__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3019.36942__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3019.37029__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3019.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3019.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3019.36878__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3019.36897__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3019.37122__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3019.36862__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3019.36863__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3019.37121__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3019.37147__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3019.37122__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3019.36862__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3019.36861__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3019.36862__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\System32\RTCOM\RTCOMDLL.dll ()
MOD - C:\Programme\Toshiba\FlashCards\BlackPng.dll ()
MOD - C:\Programme\Toshiba\PCDiag\NotifyPCD.dll ()
MOD - C:\Programme\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Programme\Toshiba\TBS\NotifyTBS.dll ()
MOD - C:\Programme\Toshiba\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Programme\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TOSHIBA Bluetooth Service) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Secunia PSI Agent) -- C:\Program Files\PSI-Update Meldungen\PSIA.exe (Secunia)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (TNaviSrv) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.07 19:30:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.07 19:30:16 | 000,000,000 | ---D | M]
 
[2010.07.08 14:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Extensions
[2012.01.07 15:03:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\afed1i93.default\extensions
[2010.07.08 16:31:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\afed1i93.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.20 13:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.23 19:14:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.11.20 13:45:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.08.21 20:31:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.08.23 19:14:36 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.11.20 13:45:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.08.21 20:31:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.08.21 20:31:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.08 20:08:24 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2011.08.17 18:58:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D6132B2-D2DC-4B3B-A6B7-075FBA0F099B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E022741A-C1DA-46AF-BF59-67B6E59008EB}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Users\Privat\Desktop\SASWINLO.DLL) -  File not found
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Users\Privat\Desktop\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg:  Malwarebytes Anti-Malware  (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: topi - hkey= - key= - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - 
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.dvacm - C:\Programme\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.07 20:23:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Privat\Desktop\OTL.exe
[2012.01.07 17:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.07 17:26:23 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Privat\Desktop\esetsmartinstaller_enu.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.07 20:23:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Privat\Desktop\OTL.exe
[2012.01.07 19:52:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.07 19:00:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.07 19:00:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.07 18:52:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.07 17:26:24 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Privat\Desktop\esetsmartinstaller_enu.exe
[2012.01.07 15:00:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.07 15:00:23 | 3219,128,320 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.07 01:13:04 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.25 20:03:19 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\Rund um ... Chemie heute SI (Teil 2).lnk
[2011.12.25 19:32:46 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Rund um ... Chemie heute SI (Teil 1).lnk
[2011.12.24 14:07:12 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.24 14:07:12 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.24 14:07:12 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.24 14:07:12 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.20 19:18:48 | 000,001,213 | ---- | M] () -- C:\Users\Public\Desktop\Chemie heute SII.lnk
[2011.12.15 11:17:01 | 000,371,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.07 01:13:04 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.25 20:03:19 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\Rund um ... Chemie heute SI (Teil 2).lnk
[2011.12.25 19:32:46 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Rund um ... Chemie heute SI (Teil 1).lnk
[2011.12.20 19:18:48 | 000,001,213 | ---- | C] () -- C:\Users\Public\Desktop\Chemie heute SII.lnk
[2011.08.17 18:45:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.08.17 18:45:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.08.17 18:45:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.08.17 18:45:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.08.17 18:45:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.02.10 15:40:48 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.08.09 19:52:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.08.09 19:50:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.08.03 15:55:05 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.07.23 12:27:07 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.07.23 12:27:07 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.11.10 17:24:14 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.01.19 18:00:26 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009.01.19 18:00:26 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009.01.19 18:00:26 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009.01.19 18:00:26 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009.01.19 18:00:26 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009.01.19 18:00:26 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009.01.19 18:00:26 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009.01.19 18:00:26 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009.01.19 18:00:26 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009.01.19 18:00:26 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009.01.19 18:00:26 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009.01.19 18:00:26 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009.01.19 18:00:26 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009.01.19 18:00:26 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009.01.19 18:00:26 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009.01.19 18:00:26 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009.01.19 18:00:26 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009.01.19 18:00:26 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009.01.19 18:00:26 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.01.19 17:58:08 | 000,000,025 | ---- | C] () -- C:\Windows\CDE SX400DEFGIPS.ini
[2008.12.10 15:11:48 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2008.11.03 17:23:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.08.09 16:52:22 | 000,005,632 | ---- | C] () -- C:\Users\Privat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.05 21:48:42 | 000,000,016 | -H-- | C] () -- C:\Users\Privat\AppData\Roaming\mxfilerelatedcache.mxc2
[2008.08.05 21:48:42 | 000,000,016 | -H-- | C] () -- C:\Users\Privat\AppData\Local\mxfilerelatedcache.mxc2
[2008.08.05 12:07:38 | 000,012,734 | ---- | C] () -- C:\Windows\BioEdit.ini
[2008.08.05 08:49:21 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.08.03 14:35:49 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008.08.03 14:35:49 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008.08.03 14:35:49 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008.08.03 14:35:49 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.08.03 14:07:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.07.03 10:34:43 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.07.03 10:27:11 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.07.03 10:17:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.07.03 10:17:58 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.07.03 10:17:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.07.03 10:17:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.07.03 10:17:58 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.07.03 10:17:58 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.07.03 09:51:19 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC1.dat
[2008.07.03 09:51:19 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC0.dat
[2008.07.03 09:51:19 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.07.03 09:51:19 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.07.03 09:51:19 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008.07.03 09:51:19 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008.07.03 09:48:03 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.07.03 09:48:03 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.07.03 09:48:02 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.07.03 09:48:02 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.07.03 08:57:12 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.07.03 08:51:00 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008.04.24 17:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008.04.24 17:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008.04.24 17:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008.04.24 17:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008.04.24 17:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008.04.24 17:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2008.01.21 08:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.12.21 15:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,371,360 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.07.22 20:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010.07.08 14:55:24 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\BSW
[2009.11.10 17:28:59 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\FILEminimizerPictures
[2011.09.24 18:55:15 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Games
[2011.11.19 20:14:00 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\LucasArts
[2008.10.30 11:18:43 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Thinstall
[2012.01.07 14:59:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.12.11 13:37:33 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Adobe
[2011.08.21 19:58:10 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Apple Computer
[2008.08.03 14:37:20 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\ATI
[2011.08.17 13:50:56 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Avira
[2010.07.08 14:55:24 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\BSW
[2009.11.10 17:28:59 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\FILEminimizerPictures
[2011.09.24 18:55:15 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Games
[2008.08.03 14:36:46 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Identities
[2008.08.03 14:31:39 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\InstallShield
[2011.11.19 20:14:00 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\LucasArts
[2008.08.09 16:56:58 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Macromedia
[2010.08.08 13:32:49 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Media Center Programs
[2011.07.03 08:34:46 | 000,000,000 | --SD | M] -- C:\Users\Privat\AppData\Roaming\Microsoft
[2010.07.08 14:43:06 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Mozilla
[2008.10.30 11:18:43 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Thinstall
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.03.25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys
[2008.03.25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys
[2008.03.26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys
[2008.03.26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.04.15 16:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.04.07 20:59:42 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
 
<           >

< End of report >
         
--- --- ---


Ich hoffe, ich habe alles richtig gemacht.

Liebe Grüße, Juli


Alt 07.01.2012, 20:09   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Ransom.Gen (Bundespolizei-Virus) - Standard

Trojan.Ransom.Gen (Bundespolizei-Virus)



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
--> Trojan.Ransom.Gen (Bundespolizei-Virus)

Alt 08.01.2012, 00:07   #7
Julia777
 
Trojan.Ransom.Gen (Bundespolizei-Virus) - Standard

Trojan.Ransom.Gen (Bundespolizei-Virus)



Guten Abend Arne,

hier nun der Report vom TDSS-Killer.

Code:
ATTFilter
00:59:48.0106 5984	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
00:59:48.0210 5984	============================================================
00:59:48.0210 5984	Current date / time: 2012/01/08 00:59:48.0210
00:59:48.0210 5984	SystemInfo:
00:59:48.0210 5984	
00:59:48.0210 5984	OS Version: 6.0.6002 ServicePack: 2.0
00:59:48.0210 5984	Product type: Workstation
00:59:48.0210 5984	ComputerName: CORINNA
00:59:48.0210 5984	UserName: Privat
00:59:48.0210 5984	Windows directory: C:\Windows
00:59:48.0210 5984	System windows directory: C:\Windows
00:59:48.0210 5984	Processor architecture: Intel x86
00:59:48.0210 5984	Number of processors: 2
00:59:48.0210 5984	Page size: 0x1000
00:59:48.0210 5984	Boot type: Normal boot
00:59:48.0210 5984	============================================================
00:59:49.0064 5984	Initialize success
01:00:45.0675 5204	============================================================
01:00:45.0675 5204	Scan started
01:00:45.0675 5204	Mode: Manual; SigCheck; TDLFS; 
01:00:45.0675 5204	============================================================
01:00:47.0295 5204	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
01:00:47.0409 5204	ACPI - ok
01:00:47.0635 5204	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
01:00:47.0651 5204	adp94xx - ok
01:00:47.0855 5204	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
01:00:47.0867 5204	adpahci - ok
01:00:47.0938 5204	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
01:00:47.0949 5204	adpu160m - ok
01:00:48.0069 5204	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
01:00:48.0079 5204	adpu320 - ok
01:00:48.0397 5204	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
01:00:48.0592 5204	AFD - ok
01:00:48.0868 5204	AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
01:00:49.0217 5204	AgereSoftModem - ok
01:00:49.0424 5204	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
01:00:49.0449 5204	agp440 - ok
01:00:49.0501 5204	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
01:00:49.0528 5204	aic78xx - ok
01:00:49.0624 5204	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
01:00:49.0636 5204	aliide - ok
01:00:49.0756 5204	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
01:00:49.0769 5204	amdagp - ok
01:00:49.0867 5204	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
01:00:49.0879 5204	amdide - ok
01:00:49.0942 5204	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
01:00:52.0418 5204	AmdK7 - ok
01:00:52.0535 5204	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
01:00:52.0589 5204	AmdK8 - ok
01:00:53.0217 5204	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
01:00:53.0227 5204	arc - ok
01:00:53.0281 5204	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
01:00:53.0290 5204	arcsas - ok
01:00:53.0456 5204	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
01:00:53.0509 5204	AsyncMac - ok
01:00:53.0558 5204	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
01:00:53.0568 5204	atapi - ok
01:00:54.0112 5204	atikmdag        (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
01:00:54.0405 5204	atikmdag - ok
01:00:54.0659 5204	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
01:00:54.0717 5204	atksgt - ok
01:00:55.0109 5204	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
01:00:55.0120 5204	avgntflt - ok
01:00:55.0342 5204	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
01:00:55.0363 5204	avipbb - ok
01:00:55.0552 5204	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
01:00:55.0604 5204	Beep - ok
01:00:55.0890 5204	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
01:00:55.0943 5204	blbdrive - ok
01:00:56.0221 5204	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
01:00:56.0372 5204	bowser - ok
01:00:56.0534 5204	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
01:00:57.0608 5204	BrFiltLo - ok
01:00:57.0740 5204	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
01:00:57.0772 5204	BrFiltUp - ok
01:00:57.0906 5204	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
01:01:02.0368 5204	Brserid - ok
01:01:02.0476 5204	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
01:01:02.0616 5204	BrSerWdm - ok
01:01:02.0651 5204	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
01:01:02.0716 5204	BrUsbMdm - ok
01:01:02.0820 5204	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
01:01:02.0867 5204	BrUsbSer - ok
01:01:03.0068 5204	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
01:01:03.0117 5204	BTHMODEM - ok
01:01:03.0388 5204	catchme - ok
01:01:03.0534 5204	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
01:01:03.0584 5204	cdfs - ok
01:01:03.0753 5204	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
01:01:03.0794 5204	cdrom - ok
01:01:03.0859 5204	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
01:01:03.0911 5204	circlass - ok
01:01:04.0065 5204	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
01:01:04.0110 5204	CLFS - ok
01:01:04.0510 5204	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
01:01:04.0540 5204	CmBatt - ok
01:01:04.0588 5204	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
01:01:04.0600 5204	cmdide - ok
01:01:04.0741 5204	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
01:01:04.0753 5204	Compbatt - ok
01:01:05.0151 5204	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
01:01:05.0163 5204	crcdisk - ok
01:01:05.0205 5204	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
01:01:05.0262 5204	Crusoe - ok
01:01:05.0457 5204	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
01:01:05.0567 5204	DfsC - ok
01:01:06.0015 5204	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
01:01:06.0029 5204	disk - ok
01:01:06.0204 5204	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
01:01:06.0235 5204	drmkaud - ok
01:01:06.0316 5204	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
01:01:06.0345 5204	DXGKrnl - ok
01:01:06.0502 5204	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
01:01:06.0552 5204	E1G60 - ok
01:01:06.0835 5204	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
01:01:06.0865 5204	Ecache - ok
01:01:07.0007 5204	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
01:01:07.0072 5204	elxstor - ok
01:01:07.0249 5204	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
01:01:07.0278 5204	ErrDev - ok
01:01:07.0461 5204	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
01:01:07.0586 5204	exfat - ok
01:01:07.0740 5204	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
01:01:07.0809 5204	fastfat - ok
01:01:07.0973 5204	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
01:01:08.0013 5204	fdc - ok
01:01:08.0052 5204	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
01:01:08.0064 5204	FileInfo - ok
01:01:08.0123 5204	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
01:01:08.0201 5204	Filetrace - ok
01:01:08.0258 5204	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
01:01:08.0288 5204	flpydisk - ok
01:01:08.0400 5204	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
01:01:08.0416 5204	FltMgr - ok
01:01:08.0614 5204	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
01:01:08.0674 5204	Fs_Rec - ok
01:01:08.0840 5204	FwLnk           (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
01:01:08.0954 5204	FwLnk - ok
01:01:09.0074 5204	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
01:01:09.0087 5204	gagp30kx - ok
01:01:09.0142 5204	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:01:09.0151 5204	GEARAspiWDM - ok
01:01:09.0504 5204	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
01:01:09.0816 5204	HdAudAddService - ok
01:01:09.0968 5204	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:01:10.0073 5204	HDAudBus - ok
01:01:10.0224 5204	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
01:01:10.0291 5204	HidBth - ok
01:01:10.0397 5204	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
01:01:10.0468 5204	HidIr - ok
01:01:10.0651 5204	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
01:01:10.0704 5204	HidUsb - ok
01:01:10.0757 5204	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
01:01:10.0770 5204	HpCISSs - ok
01:01:10.0936 5204	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
01:01:11.0253 5204	HTTP - ok
01:01:11.0369 5204	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
01:01:11.0381 5204	i2omp - ok
01:01:11.0582 5204	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
01:01:11.0615 5204	i8042prt - ok
01:01:11.0695 5204	iaStor          (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
01:01:11.0709 5204	iaStor - ok
01:01:11.0837 5204	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
01:01:11.0852 5204	iaStorV - ok
01:01:12.0072 5204	igfx - ok
01:01:12.0140 5204	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
01:01:12.0152 5204	iirsp - ok
01:01:12.0386 5204	IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
01:01:13.0137 5204	IntcAzAudAddService - ok
01:01:13.0223 5204	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
01:01:13.0235 5204	intelide - ok
01:01:13.0279 5204	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
01:01:13.0322 5204	intelppm - ok
01:01:13.0554 5204	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:01:13.0595 5204	IpFilterDriver - ok
01:01:13.0669 5204	IpInIp - ok
01:01:13.0792 5204	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
01:01:13.0829 5204	IPMIDRV - ok
01:01:13.0952 5204	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
01:01:13.0997 5204	IPNAT - ok
01:01:14.0144 5204	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
01:01:14.0166 5204	IRENUM - ok
01:01:14.0251 5204	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
01:01:14.0261 5204	isapnp - ok
01:01:14.0334 5204	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
01:01:14.0345 5204	iScsiPrt - ok
01:01:14.0399 5204	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
01:01:14.0407 5204	iteatapi - ok
01:01:14.0551 5204	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
01:01:14.0559 5204	iteraid - ok
01:01:14.0599 5204	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
01:01:14.0608 5204	kbdclass - ok
01:01:14.0661 5204	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
01:01:14.0688 5204	kbdhid - ok
01:01:14.0830 5204	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
01:01:14.0898 5204	KSecDD - ok
01:01:15.0054 5204	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
01:01:15.0061 5204	lirsgt - ok
01:01:15.0203 5204	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
01:01:15.0238 5204	lltdio - ok
01:01:15.0296 5204	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
01:01:15.0306 5204	LSI_FC - ok
01:01:15.0449 5204	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
01:01:15.0458 5204	LSI_SAS - ok
01:01:15.0522 5204	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
01:01:15.0531 5204	LSI_SCSI - ok
01:01:15.0641 5204	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
01:01:15.0676 5204	luafv - ok
01:01:15.0769 5204	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
01:01:15.0777 5204	megasas - ok
01:01:15.0901 5204	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
01:01:15.0942 5204	MegaSR - ok
01:01:15.0992 5204	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
01:01:16.0046 5204	Modem - ok
01:01:16.0162 5204	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
01:01:16.0205 5204	monitor - ok
01:01:16.0271 5204	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
01:01:16.0283 5204	mouclass - ok
01:01:16.0344 5204	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
01:01:16.0385 5204	mouhid - ok
01:01:16.0511 5204	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
01:01:16.0523 5204	MountMgr - ok
01:01:16.0706 5204	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
01:01:16.0719 5204	mpio - ok
01:01:16.0752 5204	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
01:01:16.0787 5204	mpsdrv - ok
01:01:16.0944 5204	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
01:01:16.0956 5204	Mraid35x - ok
01:01:17.0068 5204	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
01:01:17.0323 5204	MRxDAV - ok
01:01:17.0397 5204	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:01:17.0560 5204	mrxsmb - ok
01:01:17.0690 5204	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:01:17.0716 5204	mrxsmb10 - ok
01:01:17.0773 5204	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:01:17.0793 5204	mrxsmb20 - ok
01:01:17.0925 5204	msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
01:01:17.0935 5204	msahci - ok
01:01:17.0975 5204	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
01:01:17.0988 5204	msdsm - ok
01:01:18.0122 5204	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
01:01:18.0164 5204	Msfs - ok
01:01:18.0271 5204	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
01:01:18.0283 5204	msisadrv - ok
01:01:18.0494 5204	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
01:01:18.0532 5204	MSKSSRV - ok
01:01:18.0597 5204	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
01:01:18.0658 5204	MSPCLOCK - ok
01:01:18.0786 5204	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
01:01:18.0831 5204	MSPQM - ok
01:01:18.0925 5204	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
01:01:18.0942 5204	MsRPC - ok
01:01:19.0075 5204	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
01:01:19.0087 5204	mssmbios - ok
01:01:19.0278 5204	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
01:01:19.0308 5204	MSTEE - ok
01:01:19.0402 5204	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
01:01:19.0416 5204	Mup - ok
01:01:19.0555 5204	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
01:01:19.0573 5204	NativeWifiP - ok
01:01:19.0729 5204	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
01:01:19.0882 5204	NDIS - ok
01:01:20.0031 5204	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
01:01:20.0067 5204	NdisTapi - ok
01:01:20.0111 5204	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
01:01:20.0161 5204	Ndisuio - ok
01:01:20.0382 5204	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
01:01:20.0432 5204	NdisWan - ok
01:01:20.0470 5204	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
01:01:20.0522 5204	NDProxy - ok
01:01:20.0622 5204	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
01:01:20.0672 5204	NetBIOS - ok
01:01:20.0730 5204	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
01:01:20.0775 5204	netbt - ok
01:01:21.0130 5204	NETw5v32        (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
01:01:22.0046 5204	NETw5v32 - ok
01:01:22.0166 5204	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
01:01:22.0178 5204	nfrd960 - ok
01:01:22.0430 5204	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
01:01:22.0469 5204	Npfs - ok
01:01:22.0515 5204	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
01:01:22.0583 5204	nsiproxy - ok
01:01:22.0782 5204	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
01:01:22.0925 5204	Ntfs - ok
01:01:23.0045 5204	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
01:01:23.0099 5204	ntrigdigi - ok
01:01:23.0130 5204	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
01:01:23.0151 5204	Null - ok
01:01:23.0302 5204	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
01:01:23.0311 5204	nvraid - ok
01:01:23.0355 5204	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
01:01:23.0367 5204	nvstor - ok
01:01:23.0397 5204	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
01:01:23.0410 5204	nv_agp - ok
01:01:23.0562 5204	NwlnkFlt - ok
01:01:23.0575 5204	NwlnkFwd - ok
01:01:23.0629 5204	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
01:01:23.0663 5204	ohci1394 - ok
01:01:23.0906 5204	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
01:01:23.0980 5204	Parport - ok
01:01:24.0125 5204	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
01:01:24.0136 5204	partmgr - ok
01:01:24.0193 5204	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
01:01:24.0241 5204	Parvdm - ok
01:01:24.0384 5204	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
01:01:24.0395 5204	pci - ok
01:01:24.0419 5204	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
01:01:24.0428 5204	pciide - ok
01:01:24.0569 5204	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
01:01:24.0578 5204	pcmcia - ok
01:01:24.0681 5204	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
01:01:25.0105 5204	PEAUTH - ok
01:01:25.0264 5204	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
01:01:25.0317 5204	PptpMiniport - ok
01:01:25.0443 5204	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
01:01:25.0489 5204	Processor - ok
01:01:25.0554 5204	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
01:01:25.0613 5204	PSched - ok
01:01:25.0749 5204	PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
01:01:25.0759 5204	PSI - ok
01:01:25.0941 5204	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
01:01:26.0103 5204	ql2300 - ok
01:01:26.0240 5204	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
01:01:26.0253 5204	ql40xx - ok
01:01:26.0292 5204	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
01:01:26.0308 5204	QWAVEdrv - ok
01:01:26.0443 5204	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
01:01:26.0484 5204	RasAcd - ok
01:01:26.0545 5204	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:01:26.0576 5204	Rasl2tp - ok
01:01:26.0706 5204	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
01:01:26.0723 5204	RasPppoe - ok
01:01:26.0780 5204	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
01:01:26.0792 5204	RasSstp - ok
01:01:26.0870 5204	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
01:01:26.0918 5204	rdbss - ok
01:01:27.0009 5204	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:01:27.0040 5204	RDPCDD - ok
01:01:27.0142 5204	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
01:01:27.0166 5204	rdpdr - ok
01:01:27.0253 5204	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
01:01:27.0275 5204	RDPENCDD - ok
01:01:27.0411 5204	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
01:01:27.0452 5204	RDPWD - ok
01:01:27.0623 5204	rimmptsk        (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
01:01:27.0732 5204	rimmptsk - ok
01:01:27.0847 5204	rimsptsk        (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
01:01:28.0004 5204	rimsptsk - ok
01:01:28.0101 5204	rismxdp         (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
01:01:28.0216 5204	rismxdp - ok
01:01:28.0346 5204	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
01:01:28.0422 5204	rspndr - ok
01:01:28.0638 5204	RTL8169         (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
01:01:29.0016 5204	RTL8169 - ok
01:01:29.0059 5204	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
01:01:29.0067 5204	sbp2port - ok
01:01:29.0317 5204	sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
01:01:29.0342 5204	sdbus - ok
01:01:29.0386 5204	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
01:01:29.0467 5204	secdrv - ok
01:01:29.0693 5204	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
01:01:29.0746 5204	Serenum - ok
01:01:29.0781 5204	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
01:01:29.0840 5204	Serial - ok
01:01:29.0971 5204	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
01:01:30.0007 5204	sermouse - ok
01:01:30.0166 5204	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
01:01:30.0197 5204	sffdisk - ok
01:01:30.0262 5204	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
01:01:30.0297 5204	sffp_mmc - ok
01:01:30.0439 5204	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
01:01:30.0461 5204	sffp_sd - ok
01:01:30.0521 5204	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
01:01:30.0606 5204	sfloppy - ok
01:01:30.0720 5204	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
01:01:30.0732 5204	sisagp - ok
01:01:30.0822 5204	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
01:01:30.0834 5204	SiSRaid2 - ok
01:01:30.0930 5204	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
01:01:30.0943 5204	SiSRaid4 - ok
01:01:31.0012 5204	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
01:01:31.0063 5204	Smb - ok
01:01:31.0168 5204	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
01:01:31.0180 5204	spldr - ok
01:01:31.0244 5204	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
01:01:31.0362 5204	srv - ok
01:01:31.0511 5204	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
01:01:31.0649 5204	srv2 - ok
01:01:31.0771 5204	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
01:01:31.0783 5204	srvnet - ok
01:01:31.0862 5204	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
01:01:31.0869 5204	ssmdrv - ok
01:01:32.0036 5204	StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
01:01:32.0066 5204	StarOpen ( UnsignedFile.Multi.Generic ) - warning
01:01:32.0066 5204	StarOpen - detected UnsignedFile.Multi.Generic (1)
01:01:32.0159 5204	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
01:01:32.0170 5204	swenum - ok
01:01:32.0283 5204	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
01:01:32.0295 5204	Symc8xx - ok
01:01:32.0331 5204	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
01:01:32.0342 5204	Sym_hi - ok
01:01:32.0459 5204	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
01:01:32.0471 5204	Sym_u3 - ok
01:01:32.0503 5204	SynTP           (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
01:01:32.0515 5204	SynTP - ok
01:01:32.0715 5204	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
01:01:32.0867 5204	Tcpip - ok
01:01:33.0059 5204	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
01:01:33.0154 5204	Tcpip6 - ok
01:01:33.0284 5204	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
01:01:33.0301 5204	tcpipreg - ok
01:01:33.0357 5204	tdcmdpst        (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
01:01:33.0459 5204	tdcmdpst - ok
01:01:33.0597 5204	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
01:01:33.0643 5204	TDPIPE - ok
01:01:33.0678 5204	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
01:01:33.0727 5204	TDTCP - ok
01:01:33.0838 5204	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
01:01:33.0867 5204	tdx - ok
01:01:33.0931 5204	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
01:01:33.0940 5204	TermDD - ok
01:01:34.0173 5204	Tosrfcom - ok
01:01:34.0211 5204	tosrfec         (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
01:01:34.0246 5204	tosrfec - ok
01:01:34.0302 5204	tos_sps32       (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
01:01:34.0312 5204	tos_sps32 - ok
01:01:34.0451 5204	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:01:34.0505 5204	tssecsrv - ok
01:01:34.0688 5204	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
01:01:34.0804 5204	tunmp - ok
01:01:34.0949 5204	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
01:01:34.0965 5204	tunnel - ok
01:01:35.0066 5204	TVALZ           (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
01:01:35.0075 5204	TVALZ - ok
01:01:35.0203 5204	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
01:01:35.0215 5204	uagp35 - ok
01:01:35.0297 5204	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
01:01:35.0322 5204	udfs - ok
01:01:35.0525 5204	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
01:01:35.0538 5204	uliagpkx - ok
01:01:35.0693 5204	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
01:01:35.0709 5204	uliahci - ok
01:01:35.0811 5204	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
01:01:35.0823 5204	UlSata - ok
01:01:35.0945 5204	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
01:01:35.0958 5204	ulsata2 - ok
01:01:36.0042 5204	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
01:01:36.0088 5204	umbus - ok
01:01:36.0366 5204	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
01:01:36.0429 5204	USBAAPL - ok
01:01:36.0531 5204	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
01:01:36.0570 5204	usbaudio - ok
01:01:36.0656 5204	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
01:01:36.0718 5204	usbccgp - ok
01:01:36.0822 5204	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
01:01:36.0884 5204	usbcir - ok
01:01:37.0070 5204	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
01:01:37.0093 5204	usbehci - ok
01:01:37.0157 5204	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
01:01:37.0222 5204	usbhub - ok
01:01:37.0330 5204	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
01:01:37.0420 5204	usbohci - ok
01:01:37.0577 5204	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
01:01:37.0615 5204	usbprint - ok
01:01:37.0889 5204	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
01:01:37.0935 5204	usbscan - ok
01:01:37.0985 5204	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:01:38.0032 5204	USBSTOR - ok
01:01:38.0173 5204	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
01:01:38.0238 5204	usbuhci - ok
01:01:38.0515 5204	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
01:01:38.0587 5204	usbvideo - ok
01:01:38.0766 5204	UVCFTR          (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
01:01:38.0905 5204	UVCFTR - ok
01:01:39.0050 5204	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
01:01:39.0096 5204	vga - ok
01:01:39.0195 5204	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
01:01:39.0225 5204	VgaSave - ok
01:01:39.0325 5204	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
01:01:39.0337 5204	viaagp - ok
01:01:39.0446 5204	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
01:01:39.0477 5204	ViaC7 - ok
01:01:39.0577 5204	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
01:01:39.0588 5204	viaide - ok
01:01:39.0689 5204	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
01:01:39.0701 5204	volmgr - ok
01:01:39.0737 5204	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
01:01:39.0756 5204	volmgrx - ok
01:01:39.0805 5204	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
01:01:39.0822 5204	volsnap - ok
01:01:39.0923 5204	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
01:01:39.0937 5204	vsmraid - ok
01:01:40.0101 5204	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
01:01:40.0185 5204	WacomPen - ok
01:01:40.0230 5204	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
01:01:40.0265 5204	Wanarp - ok
01:01:40.0271 5204	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
01:01:40.0295 5204	Wanarpv6 - ok
01:01:40.0444 5204	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
01:01:40.0452 5204	Wd - ok
01:01:40.0529 5204	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
01:01:40.0603 5204	Wdf01000 - ok
01:01:40.0811 5204	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
01:01:40.0846 5204	WmiAcpi - ok
01:01:41.0088 5204	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
01:01:41.0120 5204	ws2ifsl - ok
01:01:41.0223 5204	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:01:41.0271 5204	WUDFRd - ok
01:01:41.0391 5204	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
01:01:41.0921 5204	\Device\Harddisk0\DR0 - ok
01:01:41.0950 5204	Boot (0x1200)   (2c10490a94074050686303a5f9568d39) \Device\Harddisk0\DR0\Partition0
01:01:41.0951 5204	\Device\Harddisk0\DR0\Partition0 - ok
01:01:41.0975 5204	Boot (0x1200)   (b03ca05b7c1abae5612c00732ba65b9f) \Device\Harddisk0\DR0\Partition1
01:01:41.0977 5204	\Device\Harddisk0\DR0\Partition1 - ok
01:01:41.0980 5204	============================================================
01:01:41.0980 5204	Scan finished
01:01:41.0980 5204	============================================================
01:01:41.0991 0932	Detected object count: 1
01:01:41.0991 0932	Actual detected object count: 1
01:02:36.0077 0932	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:36.0077 0932	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Liebe Grüße, Juli

Alt 08.01.2012, 00:10   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Ransom.Gen (Bundespolizei-Virus) - Standard

Trojan.Ransom.Gen (Bundespolizei-Virus)



Guten Morgähn

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.01.2012, 00:47   #9
Julia777
 
Trojan.Ransom.Gen (Bundespolizei-Virus) - Standard

Trojan.Ransom.Gen (Bundespolizei-Virus)



Hmm, also guten Morgen Arne!

Hier das Logfile (Combofix):

Code:
ATTFilter
ComboFix 12-01-07.02 - Privat 08.01.2012   1:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1631 [GMT 1:00]
ausgeführt von:: c:\users\Privat\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Uni\AppData\Local\Microsoft\Windows\Temporary Internet Files\mxfilerelatedcache.mxc2
c:\users\Uni\Favorites\mxfilerelatedcache.mxc2
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-08 bis 2012-01-08  ))))))))))))))))))))))))))))))
.
.
2012-01-08 00:34 . 2012-01-08 00:34	--------	d-----w-	c:\users\Uni\AppData\Local\temp
2012-01-08 00:34 . 2012-01-08 00:34	--------	d-----w-	c:\users\Privat\AppData\Local\temp
2012-01-08 00:34 . 2012-01-08 00:34	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-01-08 00:34 . 2012-01-08 00:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-07 23:45 . 2012-01-07 23:45	--------	d-----w-	c:\users\Privat\AppData\Roaming\TuneUp Software
2012-01-07 23:44 . 2012-01-07 23:58	--------	d-----w-	c:\programdata\TuneUp Software
2012-01-07 23:44 . 2012-01-07 23:44	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-01-07 16:26 . 2012-01-07 16:26	--------	d-----w-	c:\program files\ESET
2012-01-07 14:00 . 2012-01-07 14:00	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F7C6203-2E62-483E-B92C-3780A2CD6B9F}\offreg.dll
2012-01-06 07:39 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F7C6203-2E62-483E-B92C-3780A2CD6B9F}\mpengine.dll
2011-12-25 19:21 . 2011-12-25 19:21	--------	d-----w-	c:\users\Uni\AppData\Roaming\Cornelsen
2011-12-15 05:53 . 2011-10-27 08:01	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-12-15 05:53 . 2011-10-27 08:01	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-15 05:53 . 2011-10-14 16:02	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-12-15 05:53 . 2011-11-23 13:37	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-12-15 05:53 . 2011-11-08 12:10	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 05:53 . 2011-10-25 15:56	49152	----a-w-	c:\windows\system32\csrsrv.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 14:24 . 2011-09-18 11:18	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\PSI-Update Meldungen\psi_tray.exe [2011-4-19 291896]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware  (reboot)]
2011-12-24 16:50	981680	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-12-24 16:50	981680	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 07:24	581632	----a-w-	c:\program files\Toshiba\Toshiba Online Product Information\TOPI.exe
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 51922813
*Deregistered* - 51922813
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-04 08:27]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-04 08:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\afed1i93.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ITSecMng - c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\users\Privat\Desktop\SASSEH.DLL
Notify-!SASWinLogon - c:\users\Privat\Desktop\SASWINLO.DLL
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-08 01:34
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2012-01-08  01:36:30
ComboFix-quarantined-files.txt  2012-01-08 00:36
ComboFix2.txt  2011-08-17 18:00
.
Vor Suchlauf: 1.922.949.120 Bytes frei
Nach Suchlauf: 2.565.943.296 Bytes frei
.
- - End Of File - - 2DE0D8F0A94E9EC1FB938ACCE6EE1BF2
         
Grüße und nen frischen Kaffee wünscht Dir Julia

Alt 08.01.2012, 00:55   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Ransom.Gen (Bundespolizei-Virus) - Standard

Trojan.Ransom.Gen (Bundespolizei-Virus)



Danke für den aber ich trinke lieber nochmal mein aus


Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.01.2012, 01:46   #11
Julia777
 
Trojan.Ransom.Gen (Bundespolizei-Virus) - Standard

Trojan.Ransom.Gen (Bundespolizei-Virus)



Hallo Arne,

hmmm. Also GMER hat meinen Rechner abstürzen lassen.

Ob dies nun richtig ist, weiß ich daher nicht recht:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit quick scan 2012-01-08 02:21:53
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LV01
Running: 8ygrxmml.exe; Driver: C:\Users\Privat\AppData\Local\Temp\pgldqpod.sys


---- Devices - GMER 1.0.15 ----


AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
Nun habe ich Probleme mit OSAM. Es läßt sich einfach nicht entpacken (7-Zip Console, Igor Pavlov). Fenster blendet für einen bruchteil einer sekunde auf und ist wieder weg. Hmm.
Nun möchte ich aber ungern irgendein Entpackungsprogramm runterladen. Daher frage ich lieber hier. (vielleicht bin ich auch einfach zu doof oder zu müde...)

Liebe Grüße, Juli

Edit: Ich bewundere, dass man nachts noch so aktiv denken kann, aber ich muss ins Bett. Mein Kopf fällt schon ich regelmäßigen Abständen auf die Tischplatte. Gute Nacht und ich hoffe bis morgen (gleich :-).

Geändert von Julia777 (08.01.2012 um 02:01 Uhr)

Alt 08.01.2012, 12:29   #12
Julia777
 
Trojan.Ransom.Gen (Bundespolizei-Virus) - Standard

Trojan.Ransom.Gen (Bundespolizei-Virus)



Hi, Arne!

So nun doch geschafft:

Osam:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:24:17 on 08.01.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.25

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl
"TOSCDSPD.cpl" - "TOSHIBA" - C:\Windows\system32\TOSCDSPD.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Privat\AppData\Local\Temp\catchme.sys  (File not found)
"igfx" (igfx) - ? - C:\Windows\System32\DRIVERS\igdkmd32.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"Tosrfcom" (Tosrfcom) - ? - C:\Windows\system32\drivers\Tosrfcom.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"Amazon.de" - ? - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home  (HTTP value)
"eBay - Der weltweite Online Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4  (HTTP value)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Secunia PSI Tray.lnk" - "Secunia" - C:\Program Files\PSI-Update Meldungen\psi_tray.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"00TCrdMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Camera Assistant Software" - "Chicony" - "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
"Google EULA Launcher" - " " - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
"HDMICtrlMan" - "TOSHIBA Corporation." - C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
"HSON" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NDSTray.exe" - ? - NDSTray.exe  (File not found)
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SmoothView" - "TOSHIBA Corporation" - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"Toshiba Registration" - "Toshiba" - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
"Toshiba TEMPO" - "Toshiba Europe GmbH" - C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
"TPwrMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NMSAccess" (NMSAccess) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Notebook Performance Tuning Service " (TempoMonitoringService) - "Toshiba Europe GmbH" - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files\PSI-Update Meldungen\PSIA.exe
"SmartFaceVWatchSrv" (SmartFaceVWatchSrv) - "Toshiba" - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - ? - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe  (File not found)
"TOSHIBA Navi Support Service" (TNaviSrv) - "TOSHIBA Corporation" - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe
"TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
"TOSHIBA SMART Log Service" (TOSHIBA SMART Log Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
"Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
Nun noch das letzte Programm....Bis gleich

Alt 08.01.2012, 12:49   #13
Julia777
 
Trojan.Ransom.Gen (Bundespolizei-Virus) - Standard

Trojan.Ransom.Gen (Bundespolizei-Virus)



und hier dann noch die aswMBR.txt Datei:

Zitat:
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-08 13:32:04
-----------------------------
13:32:04.322 OS Version: Windows 6.0.6002 Service Pack 2
13:32:04.322 Number of processors: 2 586 0x1706
13:32:04.322 ComputerName: CORINNA UserName: Privat
13:32:34.664 Initialize success
13:34:38.361 AVAST engine defs: 12010800
13:34:58.454 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:34:58.454 Disk 0 Vendor: TOSHIBA_ LV01 Size: 238475MB BusType: 3
13:34:58.485 Disk 0 MBR read successfully
13:34:58.485 Disk 0 MBR scan
13:34:58.516 Disk 0 Windows VISTA default MBR code
13:34:58.532 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
13:34:58.563 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119078 MB offset 3074048
13:34:58.579 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 117895 MB offset 246945792
13:34:58.579 Disk 0 scanning sectors +488394752
13:34:58.657 Disk 0 scanning C:\Windows\system32\drivers
13:35:09.312 Service scanning
13:35:10.622 Modules scanning
13:35:16.956 Disk 0 trace - called modules:
13:35:16.971 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:35:16.971 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86421928]
13:35:16.971 3 CLASSPNP.SYS[8a97b8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85efd028]
13:35:17.533 AVAST engine scan C:\Windows
13:35:21.526 File: C:\Windows\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
13:35:23.040 AVAST engine scan C:\Windows\system32
13:37:44.454 AVAST engine scan C:\Windows\system32\drivers
13:37:54.500 AVAST engine scan C:\Users\Privat
13:41:37.424 AVAST engine scan C:\ProgramData
13:42:46.594 Scan finished successfully
13:46:18.567 Disk 0 MBR has been saved successfully to "C:\Users\Privat\Desktop\MBR.dat"
13:46:18.583 The log file has been saved successfully to "C:\Users\Privat\Desktop\aswMBR.txt"


Liebe Grüße, Juli

Alt 08.01.2012, 19:38   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Ransom.Gen (Bundespolizei-Virus) - Standard

Trojan.Ransom.Gen (Bundespolizei-Virus)



Zitat:
C:\Windows\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
Ist ein Fehlalarm. PEV wurde von Combofix da reinkopiert .

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.01.2012, 11:03   #15
Julia777
 
Trojan.Ransom.Gen (Bundespolizei-Virus) - Standard

Trojan.Ransom.Gen (Bundespolizei-Virus)



Hallo Arne,

hier ist nun das neue Logfile von Malewarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.08.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Privat :: CORINNA [Administrator]

08.01.2012 21:04:48
mbam-log-2012-01-08 (21-04-48).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 382119
Laufzeit: 1 Stunde(n), 55 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
und superantispyware:

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/09/2012 at 02:02 AM

Application Version : 5.0.1142

Core Rules Database Version : 8112
Trace Rules Database Version: 5924

Scan type       : Complete Scan
Total Scan Time : 02:10:35

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 801
Memory threats detected   : 0
Registry items scanned    : 36997
Registry threats detected : 0
File items scanned        : 223093
File threats detected     : 90

Adware.Tracking Cookie
	C:\USERS\UNI\AppData\Roaming\Microsoft\Windows\Cookies\XG83LI7A.txt [ Cookie:uni@atdmt.com/ ]
	C:\USERS\UNI\Cookies\XG83LI7A.txt [ Cookie:uni@atdmt.com/ ]
	ad.yieldmanager.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	www.mediamarkt.de [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.olympiaverlag.122.2o7.net [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.de.partypoker.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.de.partypoker.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.de.partypoker.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.kontera.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PRIVAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFED1I93.DEFAULT\COOKIES.SQLITE ]
	a.banner.t-online.de [ C:\USERS\UNI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VL6GW87A ]
	adserv.quality-channel.de [ C:\USERS\UNI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VL6GW87A ]
	aka-cdn-ns.adtech.de [ C:\USERS\UNI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VL6GW87A ]
	cdn.eyewonder.com [ C:\USERS\UNI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VL6GW87A ]
	de.partypoker.com [ C:\USERS\UNI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VL6GW87A ]
	delivery.ibanner.de [ C:\USERS\UNI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VL6GW87A ]
	ia.media-imdb.com [ C:\USERS\UNI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VL6GW87A ]
	imagesrv.adition.com [ C:\USERS\UNI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VL6GW87A ]
	s0.2mdn.net [ C:\USERS\UNI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VL6GW87A ]
         
Das letzte Programm lass ich jetzt laufen.
Bis später.

Liebe Grüße von Juli

Antwort

Themen zu Trojan.Ransom.Gen (Bundespolizei-Virus)
100 euro zahlen, administrator, anti-malware, appdata, autostart, avira, benutzerkonto, bundespolizei, bundespolizei-virus, cache, dateien, dateisystem, ergebnis, euro, explorer, forum, gelöscht, heuristiks/extra, heuristiks/shuriken, java, malwarebytes, microsoft, programm, quarantäne, rechner, roaming, scan, service pack 2, speicher, temp, trojan.ransom.gen, trojaner-board, virus, vista, warum



Ähnliche Themen: Trojan.Ransom.Gen (Bundespolizei-Virus)


  1. Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.-
    Plagegeister aller Art und deren Bekämpfung - 12.04.2014 (23)
  2. Nach spontanen mbam scan: Trojan.Phex.THAGen6 und Trojan.Ransom.ED
    Log-Analyse und Auswertung - 22.12.2013 (1)
  3. Trojan.Ransom.SUGen/PUM.Hijack.StartMenu/und Trojan Ransom
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (2)
  4. Mehrere Trojaner im Temp Ordner (Trojan.Citadel.IE, Trojan.Ransom.CT, Trojan.Zlob)
    Log-Analyse und Auswertung - 14.04.2013 (7)
  5. Trojan.Ransom.ED, Trojan.Agent.ED und Trojan.FakeMS.PRGen auf laptop
    Log-Analyse und Auswertung - 13.04.2013 (9)
  6. Trojan.Ransom.ED, Trojan.Agent.ED, Trojan.FakeMS.PRGen und Bublik b. durch Email erhalten?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (29)
  7. Bublik b.; Trojan.Ransom.ED; Trojan.Agent.ED und Trojan.FakeMS.PRGen in Email?
    Mülltonne - 28.03.2013 (0)
  8. Vista: Trojan.Ransom.Gen; Trojan.0Access; Trojan.Agent; Firewall inaktiv
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (3)
  9. BKA-Trojaner u.a. (Trojan.Bublik, Trojan-Ransom.Foreign, Worm.Cridex, Trojan.Yakes)
    Log-Analyse und Auswertung - 17.03.2013 (4)
  10. GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes
    Log-Analyse und Auswertung - 01.03.2013 (19)
  11. Bundespolizei-Trojaner, Trojan.Ransom.SUGen und Exploit.Drop.GS
    Log-Analyse und Auswertung - 07.01.2013 (10)
  12. 2 Funde Trojan.Ransom.SUGen Trojan.Ransom
    Plagegeister aller Art und deren Bekämpfung - 10.12.2012 (15)
  13. BKA-Virus, PUM.UserWLoad, Trojan.Delf, Trojan.Ransom.Gen, alles auf einmal
    Log-Analyse und Auswertung - 18.11.2012 (23)
  14. Hilfe Virus! Internet tot!Trojan.Ransom.FGen Trojan.0Access
    Log-Analyse und Auswertung - 07.10.2012 (13)
  15. Auf meinem PC: PUM.Disabled.SecurityCenter, Exploit.Drop.GS, Trojan.Delf, Trojan.Ransom.Gen
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (29)
  16. TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)
    Log-Analyse und Auswertung - 20.07.2012 (18)
  17. 50 € Virus , trojan.Banker, Trojan.Ransom
    Log-Analyse und Auswertung - 14.02.2012 (1)

Zum Thema Trojan.Ransom.Gen (Bundespolizei-Virus) - Liebes Trojaner-Board Team! Seit gestern Abend habe auch ich den hier schon so oft geposteten Bundespolizei-Virus. Zurzeit bin ich über mein zweites Benutzerkonto eingelockt, da, wenn ich mich über mein - Trojan.Ransom.Gen (Bundespolizei-Virus)...
Archiv
Du betrachtest: Trojan.Ransom.Gen (Bundespolizei-Virus) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.