| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: gema-trojaner (100 euro-version) win xpWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.03.2012, 12:47
| #1 |
 |  gema-trojaner (100 euro-version) win xp hallo, habe auch seit einigen tagen den gema-trojaner, der den zugriff auf win xp blockiert. im abgesicherten modus zu starten geht nicht, es kommt für einen gaaaanz kurzen ein bluescreen, bevor der rechner neustartet. ich habe nun schon - angelegt an diesen fall - OTLPENet.exe geladen, damit gebootet und den scan laufen lassen. hier das logfile der OTL.txt: Code:
ATTFilter OTL logfile created on: 3/5/2012 1:25:30 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 18.62 Gb Total Space | 1.41 Gb Free Space | 7.55% Space Free | Partition Type: NTFS
Drive D: | 18.63 Gb Total Space | 5.47 Gb Free Space | 29.36% Space Free | Partition Type: NTFS
Drive F: | 999.63 Mb Total Space | 855.06 Mb Free Space | 85.54% Space Free | Partition Type: FAT
Drive G: | 3.78 Gb Total Space | 1.90 Gb Free Space | 50.08% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
========== Win32 Services (SafeList) ==========
SRV - [2012/01/04 07:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/03/18 04:06:49 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2010/04/27 09:57:32 | 000,247,152 | ---- | M] () [Auto] -- C:\Programme\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/04/07 07:57:42 | 000,099,896 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2008/05/07 18:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/04/24 07:40:56 | 002,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/10/26 13:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Adapter | On_Demand] -- -- (Mvhel3esepcw)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (appliandMP)
DRV - File not found [Kernel | On_Demand] -- -- (AgereSoftModem)
DRV - [2012/01/14 10:58:54 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2011/11/01 04:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 04:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/11/01 04:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 04:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/03/15 06:51:03 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/03/05 18:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2010/01/05 04:31:32 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/05 04:31:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/05 04:31:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/05 04:31:30 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/08/26 03:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/28 08:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/03/18 10:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/03/17 11:45:52 | 000,019,584 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2008/03/12 21:25:36 | 002,530,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2008/02/11 10:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007/12/14 03:21:56 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/08/28 09:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/06/18 10:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/18 07:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/09 07:27:00 | 000,097,280 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2007/01/22 07:09:38 | 000,034,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wisdpen.sys -- (wisdpen)
DRV - [2006/02/27 10:45:48 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/02/27 10:43:36 | 000,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/02/27 10:43:06 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/02/27 10:40:16 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/10/26 04:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/19 08:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/05/09 14:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2003/07/08 12:49:24 | 000,514,155 | ---- | M] (Digital Camera) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Ca536av.sys -- (Ca536av)
DRV - [2003/05/13 18:28:14 | 000,011,048 | ---- | M] (USB BULK) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Bulk536.sys -- (USBCamera)
DRV - [2001/08/17 22:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKU\flo_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\flo_ON_C\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\flo_ON_C\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKU\flo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\flo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\flo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 121.204.0.2:80
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.7
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..network.proxy.backup.ftp: "10.1.0.0"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "10.1.0.0"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "10.1.0.0"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "192.168.1.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "192.168.1.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.1.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "192.168.1.1"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.Net\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\DOKUME~1\flo\ANWEND~1\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Programme\1&1\1&1 SoftPhone\Firefox [2011/03/16 07:01:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_10.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_10.0
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/02/18 06:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/02/11 16:45:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/02/29 04:24:00 | 000,000,000 | ---D | M]
[2011/03/15 06:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\mozilla\Extensions
[2012/03/01 14:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\mozilla\Firefox\Profiles\h2h6cuos.default\extensions
[2011/11/22 18:59:37 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/13 10:57:21 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/02/11 16:26:07 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/03/01 14:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\mozilla\Firefox\Profiles\h2h6cuos.default\extensions\staged
[2011/03/15 18:29:10 | 000,002,062 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\searchplugins\qip-search.xml
[2011/12/25 19:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FLO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\H2H6CUOS.DEFAULT\EXTENSIONS\{AD48108D-92A6-4EB9-87E4-978ACA1DBAE4}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FLO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\H2H6CUOS.DEFAULT\EXTENSIONS\ADD-TO-SEARCHBOX@MALTEKRAUS.DE.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FLO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\H2H6CUOS.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012/02/18 06:08:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011/06/19 16:47:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/23 08:41:48 | 002,557,440 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFp530.dll
[2009/09/21 05:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFv522.dll
[2011/09/23 08:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFv530.dll
[2012/01/12 16:38:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/12 16:38:34 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/01/12 16:38:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/12 16:38:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/12 16:38:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/12 16:38:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKU\flo_ON_C\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKU\flo_ON_C\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TabletTip] C:\Programme\Gemeinsame Dateien\microsoft shared\ink\tabtip.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UIExec] C:\Programme\Join Air\UIExec.exe ()
O4 - HKU\flo_ON_C..\Run: [] File not found
O4 - HKU\LocalService_ON_C..\Run: [TabletWizard] File not found
O4 - HKU\NetworkService_ON_C..\Run: [TabletWizard] File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\cd-laufwerk.lnk = C:\map.bat ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Watch.lnk = C:\Programme\4.0M MPEG4 DV\Console\Watch.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\flo\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\ContextMenuHandler.html ()
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (sfklg.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\E13521A1E0A0CC59F69D.exe) - C:\WINDOWS\system32\E13521A1E0A0CC59F69D.exe (Unizeto Sp. z o.o.)
O20 - Winlogon\Notify\loginkey: DllName - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\loginkey.dll - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\loginkey.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/14 19:12:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\Shell - "" = AutoRun
O33 - MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\Shell\AutoRun\command - "" = F:\SISetup.exe
O33 - MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\Shell - "" = AutoRun
O33 - MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{9180a4e3-de0a-11e0-a065-0016d498d8af}\Shell\AutoRun\command - "" = F:\RunClubSanDisk.exe
O33 - MountPoints2\{ba2d366a-6dc5-11e0-9ebf-0018debd900d}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
O33 - MountPoints2\{ef120711-b1f4-11e0-9fd3-0016d498d8af}\Shell\AutoRun\command - "" = IO90453\JJU294\fuiahjdfu.exe
O33 - MountPoints2\{ef120711-b1f4-11e0-9fd3-0016d498d8af}\Shell\open\command - "" = IO90453\JJU294\fuiahjdfu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E30AC7CA-ED4A-48A8-A539-A711A256B163} - Vektorgrafik-Rendering (VML)
ActiveX: {E55010A4-6F00-201C-B8B3-80AE9A1744D6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
========== Files/Folders - Created Within 30 Days ==========
[2012/03/01 09:46:47 | 000,039,424 | -H-- | C] (Unizeto Sp. z o.o.) -- C:\WINDOWS\System32\E13521A1E0A0CC59F69D.exe
[2012/02/29 04:57:46 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Nokia Suite
[2012/02/29 04:41:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia Suite
[2012/02/29 04:40:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\NokiaAccount
[2012/02/29 04:37:18 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/02/29 04:25:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Nokia
[2012/02/29 04:24:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia
[2012/02/29 04:24:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012/02/29 04:24:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\PC Suite
[2012/02/29 04:24:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nokia
[2012/02/29 04:23:58 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Nokia
[2012/02/29 04:23:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2012/02/28 07:18:11 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox
[2012/02/28 06:40:45 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2012/02/28 06:40:32 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2012/02/28 06:40:13 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2012/02/28 06:40:12 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2012/02/28 06:40:11 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2012/02/28 06:40:10 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll
[2012/02/28 06:40:10 | 000,605,696 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2012/02/28 06:40:10 | 000,123,904 | ---- | C] (Nokia) -- C:\WINDOWS\System32\ccdcmbwu.dll
[2012/02/28 06:40:10 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2012/02/28 06:40:09 | 000,075,264 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2012/02/28 06:37:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2012/02/28 06:35:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2012/02/28 06:35:23 | 000,000,000 | ---D | C] -- C:\Programme\Nokia
[2012/02/14 06:30:21 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012/02/11 16:23:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Flatcast
[2012/02/11 05:31:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012/02/11 05:29:17 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2012/02/11 05:29:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Karaoke Anything!
[2012/02/11 05:29:15 | 000,000,000 | ---D | C] -- C:\Programme\Karaoke Anything!
[2012/02/11 05:27:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sibelius Software
[2012/02/11 05:27:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Sibelius Software
[2012/02/10 07:02:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sibelius Software
[2012/02/10 07:02:59 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Scores
[2012/02/10 06:59:18 | 000,000,000 | ---D | C] -- C:\Programme\Sibelius Software
[2011/04/02 11:11:02 | 000,818,176 | ---- | C] (Image-Line) -- C:\Programme\Kopie von FL Studio VSTi.dll
[2011/03/16 07:36:36 | 000,092,064 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmmdm.sys
[2011/03/16 07:36:36 | 000,079,328 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmserd.sys
[2011/03/16 07:36:36 | 000,066,656 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmbus.sys
[2011/03/16 07:36:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\flo\usbsermptxp.sys
[2011/03/16 07:36:36 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\flo\usbsermpt.sys
[2011/03/16 07:36:36 | 000,009,232 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmmdfl.sys
[2011/03/16 07:36:36 | 000,006,208 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmcmnt.sys
[2011/03/16 07:36:36 | 000,005,936 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmwhnt.sys
[2011/03/16 07:36:36 | 000,004,048 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmcr.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/03/05 07:04:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/05 07:04:12 | 000,449,334 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/03/05 07:04:12 | 000,433,130 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/05 07:04:12 | 000,080,302 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/03/05 07:04:12 | 000,067,704 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/05 07:03:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/05 07:03:38 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/03 04:28:11 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/01 15:29:55 | 000,020,180 | ---- | M] () -- C:\WINDOWS\System32\sfklg.dat
[2012/03/01 13:31:52 | 000,002,507 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Office OneNote 2007.lnk
[2012/03/01 13:08:34 | 000,000,536 | ---- | M] () -- C:\WINDOWS\Sam9_D.INI
[2012/03/01 09:46:47 | 000,039,424 | -H-- | M] (Unizeto Sp. z o.o.) -- C:\WINDOWS\System32\E13521A1E0A0CC59F69D.exe
[2012/03/01 08:03:34 | 000,186,368 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 06:51:43 | 000,002,555 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012/02/29 04:37:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/02/29 04:37:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
[2012/02/29 04:31:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/02/29 04:31:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/29 04:31:41 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/02/29 04:24:21 | 000,001,717 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia Suite.lnk
[2012/02/29 04:24:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nokia
[2012/02/28 16:37:17 | 000,001,014 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Desktop\Dropbox.lnk
[2012/02/28 11:39:27 | 000,224,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/28 07:53:30 | 000,002,527 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/02/28 06:38:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/02/28 06:37:10 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012/02/23 13:44:58 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh324
[2012/02/19 21:27:58 | 000,002,439 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Power Tab Editor 1.7.lnk
[2012/02/19 10:01:47 | 000,002,241 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012/02/11 16:45:10 | 000,002,292 | ---- | M] () -- C:\WINDOWS\unins002.dat
[2012/02/11 16:45:08 | 000,715,038 | ---- | M] () -- C:\WINDOWS\unins002.exe
[2012/02/11 16:27:44 | 000,002,368 | ---- | M] () -- C:\WINDOWS\unins001.dat
[2012/02/11 16:27:42 | 000,715,038 | ---- | M] () -- C:\WINDOWS\unins001.exe
[2012/02/11 16:23:21 | 000,000,898 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2012/02/11 16:23:18 | 000,695,578 | ---- | M] () -- C:\WINDOWS\unins000.exe
[2012/02/11 05:31:41 | 000,000,624 | -H-- | M] () -- C:\WINDOWS\System32\T4
[2012/02/11 05:29:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Karaoke Anything!
[2012/02/11 05:29:07 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2012/02/11 05:27:27 | 000,000,604 | -H-- | M] () -- C:\Programme\STLL Notifier
[2012/02/10 16:52:30 | 000,002,563 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003.lnk
[2012/02/10 15:40:10 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4
[2012/02/10 15:40:10 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2
[2012/02/10 15:40:10 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3
[2012/02/10 15:40:10 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1
[2012/02/10 15:40:10 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7
[2012/02/10 15:40:10 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5
[2012/02/10 15:40:10 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0
[2012/02/10 15:40:10 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9
[2012/02/10 15:40:10 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8
[2012/02/10 15:40:10 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10
[2012/02/10 15:40:10 | 000,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6
[2012/02/10 07:03:12 | 000,000,444 | ---- | M] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2012/02/10 07:02:59 | 000,001,786 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sibelius 6.lnk
[2012/02/10 07:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sibelius Software
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/03/01 09:47:17 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/03/01 09:47:17 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/03/01 09:47:17 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/03/01 09:47:17 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/03/01 09:47:16 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/02/29 04:37:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/02/29 04:37:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
[2012/02/29 04:31:42 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/02/29 04:31:41 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/02/29 04:24:21 | 000,001,717 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia Suite.lnk
[2012/02/28 06:37:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012/02/11 16:45:10 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins002.exe
[2012/02/11 16:45:10 | 000,002,292 | ---- | C] () -- C:\WINDOWS\unins002.dat
[2012/02/11 16:27:43 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins001.exe
[2012/02/11 16:27:43 | 000,002,368 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2012/02/11 16:23:20 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2012/02/11 16:23:20 | 000,000,898 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012/02/11 05:31:41 | 000,000,624 | -H-- | C] () -- C:\WINDOWS\System32\T4
[2012/02/11 05:27:27 | 000,000,604 | -H-- | C] () -- C:\Programme\STLL Notifier
[2012/02/10 07:02:59 | 000,001,786 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sibelius 6.lnk
[2012/02/10 06:59:03 | 000,000,444 | ---- | C] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2012/01/14 11:00:00 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2012/01/14 10:59:31 | 000,000,074 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2012/01/14 10:59:27 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2012/01/14 10:59:27 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2012/01/14 10:59:27 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2012/01/14 10:59:27 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2012/01/14 10:58:54 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2011/12/23 06:24:51 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/12/23 02:33:11 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011/09/12 13:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/09/12 13:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011/09/12 13:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011/09/12 13:43:19 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011/09/12 13:43:19 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2011/08/05 06:24:02 | 000,000,030 | ---- | C] () -- C:\Programme\Exiferupdate.ini
[2011/07/28 12:23:36 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2011/07/28 12:23:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2011/07/28 12:23:02 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\mvusbews.dll
[2011/07/28 12:22:57 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2011/07/18 10:14:01 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2011/04/11 14:56:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2011/04/06 10:01:20 | 000,030,461 | ---- | C] () -- C:\WINDOWS\snap099.dat
[2011/04/06 10:01:20 | 000,029,565 | ---- | C] () -- C:\WINDOWS\snap098.dat
[2011/04/06 10:01:20 | 000,028,669 | ---- | C] () -- C:\WINDOWS\snap097.dat
[2011/04/06 10:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap095.dat
[2011/04/06 10:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap094.dat
[2011/04/06 10:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap093.dat
[2011/04/06 10:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap090.dat
[2011/04/06 10:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap089.dat
[2011/04/06 10:01:20 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap096.dat
[2011/04/06 10:01:20 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap092.dat
[2011/04/06 10:01:20 | 000,025,981 | ---- | C] () -- C:\WINDOWS\snap091.dat
[2011/04/06 10:01:19 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap088.dat
[2011/04/06 10:01:19 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap087.dat
[2011/04/06 10:01:19 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap086.dat
[2011/04/06 10:01:19 | 000,025,981 | ---- | C] () -- C:\WINDOWS\snap085.dat
[2011/04/06 10:01:19 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap084.dat
[2011/04/06 10:01:19 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap083.dat
[2011/04/06 10:01:19 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap082.dat
[2011/04/06 10:01:19 | 000,022,397 | ---- | C] () -- C:\WINDOWS\snap081.dat
[2011/04/06 10:01:19 | 000,021,501 | ---- | C] () -- C:\WINDOWS\snap080.dat
[2011/04/06 10:01:19 | 000,020,605 | ---- | C] () -- C:\WINDOWS\snap079.dat
[2011/04/06 10:01:19 | 000,019,709 | ---- | C] () -- C:\WINDOWS\snap078.dat
[2011/04/06 10:01:19 | 000,019,709 | ---- | C] () -- C:\WINDOWS\snap077.dat
[2011/04/06 10:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap072.dat
[2011/04/06 10:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap069.dat
[2011/04/06 10:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap068.dat
[2011/04/06 10:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap067.dat
[2011/04/06 10:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap066.dat
[2011/04/06 10:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap073.dat
[2011/04/06 10:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap071.dat
[2011/04/06 10:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap070.dat
[2011/04/06 10:01:18 | 000,022,397 | ---- | C] () -- C:\WINDOWS\snap074.dat
[2011/04/06 10:01:18 | 000,021,501 | ---- | C] () -- C:\WINDOWS\snap075.dat
[2011/04/06 10:01:18 | 000,020,605 | ---- | C] () -- C:\WINDOWS\snap076.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap061.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap060.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap059.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap058.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap057.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap055.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap053.dat
[2011/04/06 10:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap065.dat
[2011/04/06 10:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap064.dat
[2011/04/06 10:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap063.dat
[2011/04/06 10:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap062.dat
[2011/04/06 10:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap056.dat
[2011/04/06 10:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap054.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap052.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap051.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap050.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap049.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap048.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap047.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap046.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap045.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap044.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap043.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap042.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap041.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap040.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap039.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap038.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap037.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap036.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap035.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap034.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap033.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap032.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap031.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap030.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap029.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap028.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap027.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap026.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap025.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap024.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap023.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap022.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap021.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap020.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap019.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap018.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap017.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap016.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap015.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap014.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap013.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap012.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap011.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap010.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap009.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap008.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap007.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap006.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap005.dat
[2011/04/06 10:00:41 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap004.dat
[2011/04/06 10:00:41 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap003.dat
[2011/04/06 10:00:30 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap002.dat
[2011/04/06 10:00:29 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap001.dat
[2011/04/06 10:00:29 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap000.dat
[2011/04/06 09:58:29 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2011/04/06 09:58:25 | 000,002,042 | ---- | C] () -- C:\WINDOWS\Ca536a.ini
[2011/03/23 13:39:32 | 000,000,038 | -HS- | C] () -- C:\WINDOWS\camcodec100.ini
[2011/03/23 13:39:32 | 000,000,028 | -HS- | C] () -- C:\WINDOWS\lagarith.ini
[2011/03/23 13:39:18 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/03/23 12:39:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2011/03/21 11:04:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kopie von musicmaker.INI
[2011/03/21 10:16:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\musicmaker.INI
[2011/03/21 10:13:46 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini
[2011/03/21 09:54:10 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll
[2011/03/19 17:57:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/18 03:55:30 | 000,000,536 | ---- | C] () -- C:\WINDOWS\Sam9_D.INI
[2011/03/18 03:51:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2011/03/18 03:51:19 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2011/03/18 03:48:46 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/03/17 12:46:25 | 000,020,180 | ---- | C] () -- C:\WINDOWS\System32\sfklg.dat
[2011/03/16 07:36:36 | 000,009,913 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\MCCI_MDM.INF
[2011/03/16 07:36:36 | 000,009,232 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USB_MOT_BRIT.INF
[2011/03/16 07:36:36 | 000,007,201 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USBMOT2000.INF
[2011/03/16 07:36:36 | 000,006,989 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\MCCI_BUS.INF
[2011/03/16 07:36:36 | 000,006,141 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USBMOT2000XP.INF
[2011/03/16 07:36:36 | 000,005,960 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USB_MOT_A1000.INF
[2011/03/16 07:36:36 | 000,005,880 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USB_CMCS_2000.INF
[2011/03/16 07:36:36 | 000,004,477 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\MCCI_SDM.INF
[2011/03/15 18:09:20 | 000,186,368 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/15 06:42:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/14 20:28:05 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011/03/14 19:19:29 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011/03/14 19:14:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/14 19:04:58 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/14 18:41:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/14 18:40:35 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/01 03:48:16 | 000,053,478 | ---- | C] () -- C:\WINDOWS\mvtcpui.ini
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,449,334 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006/02/28 07:00:00 | 000,433,130 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,080,302 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006/02/28 07:00:00 | 000,067,704 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/02/27 10:51:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/03/06 01:06:02 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\sfklgcp.exe.vir
[2005/03/06 01:05:56 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\sfklg.dll.vir
[2004/01/13 12:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2011/10/31 05:21:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Application Updater
[2011/10/17 12:15:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\.oit
[2011/06/09 10:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\1&1
[2012/01/21 08:54:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\ASCOMP Software
[2011/07/21 05:33:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\avidemux
[2012/02/10 05:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Azureus
[2012/01/22 04:19:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DesktopIconForAmazon
[2011/07/02 14:44:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Downloadr
[2012/02/28 16:37:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Dropbox
[2011/10/31 05:41:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DVDVideoSoft
[2011/10/31 05:41:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012/02/11 16:23:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Flatcast
[2011/07/22 03:44:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GARMIN
[2011/07/18 06:32:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GetRightToGo
[2011/03/15 18:07:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GrabPro
[2011/04/02 04:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Gutscheinmieze
[2011/03/21 11:23:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\MAGIX
[2012/02/29 04:41:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia
[2012/02/29 04:41:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia Suite
[2011/11/26 06:40:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Opera
[2012/02/28 08:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Orbit
[2012/02/29 04:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\PC Suite
[2011/03/28 03:23:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\PDF Writer
[2011/03/15 18:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\ProgSense
[2011/03/15 18:11:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\QIP
[2011/03/15 18:29:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\QipGuard
[2011/07/21 11:17:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Vara Software
[2011/08/22 07:57:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Wirecast
[2011/06/09 10:02:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1&1
[2011/06/12 15:48:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Applian
[2011/03/21 16:47:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2011/03/25 17:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GARMIN
[2011/03/22 16:30:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2011/09/12 13:43:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Minnetonka Audio Software
[2012/02/29 04:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2012/02/28 06:35:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2012/02/29 04:36:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011/03/28 03:23:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PDF Writer
[2012/01/17 16:20:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Stardraw.com Ltd
[2011/07/21 11:17:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Telestream
[2012/02/11 05:53:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2011/04/11 14:56:50 | 000,000,000 | -H-D | M] -- C:\BJPrinter
[2011/03/14 19:19:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012/01/05 06:10:40 | 000,000,000 | ---D | M] -- C:\downloads
[2011/03/15 17:57:40 | 000,000,000 | ---D | M] -- C:\Garmin
[2011/03/14 20:27:57 | 000,000,000 | ---D | M] -- C:\Intel
[2011/03/15 07:34:45 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/05/27 01:09:38 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/02/28 07:18:11 | 000,000,000 | R--D | M] -- C:\Programme
[2011/03/14 19:39:39 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011/04/21 06:03:15 | 000,000,000 | ---D | M] -- C:\SWSetup
[2012/03/01 18:15:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/03/14 21:03:24 | 000,000,000 | ---D | M] -- C:\Temp
[2012/03/05 07:03:40 | 000,000,000 | ---D | M] -- C:\WINDOWS
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2006/02/28 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011/03/19 17:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011/03/19 17:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2006/02/28 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011/03/19 17:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011/03/19 17:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2006/02/28 07:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 21:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 21:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: NETLOGON.DLL >
[2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 13:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2006/02/28 07:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: USER32.DLL >
[2006/02/28 07:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2006/02/28 07:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2006/02/28 07:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2006/02/28 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2006/02/28 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2011/03/14 19:39:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011/03/14 19:39:49 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011/03/14 19:39:49 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 12:46:10 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/13 21:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 21:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2010/04/16 11:06:44 | 001,509,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shdocvw.dll
[2008/06/17 14:00:59 | 008,502,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD
< End of report >
danke schonmal + gruß, flo. |
|
05.03.2012, 18:42
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | gema-trojaner (100 euro-version) win xp Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\flo_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\flo_ON_C\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\flo_ON_C\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKU\flo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 121.204.0.2:80
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..network.proxy.backup.ftp: "10.1.0.0"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "10.1.0.0"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "10.1.0.0"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "192.168.1.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "192.168.1.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.1.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "192.168.1.1"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKU\flo_ON_C..\Run: [] File not found
O4 - HKU\LocalService_ON_C..\Run: [TabletWizard] File not found
O4 - HKU\NetworkService_ON_C..\Run: [TabletWizard] File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\cd-laufwerk.lnk = C:\map.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\E13521A1E0A0CC59F69D.exe) - C:\WINDOWS\system32\E13521A1E0A0CC59F69D.exe (Unizeto Sp. z o.o.)
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/14 19:12:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\Shell - "" = AutoRun
O33 - MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\Shell\AutoRun\command - "" = F:\SISetup.exe
O33 - MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\Shell - "" = AutoRun
O33 - MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{9180a4e3-de0a-11e0-a065-0016d498d8af}\Shell\AutoRun\command - "" = F:\RunClubSanDisk.exe
O33 - MountPoints2\{ba2d366a-6dc5-11e0-9ebf-0018debd900d}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
O33 - MountPoints2\{ef120711-b1f4-11e0-9fd3-0016d498d8af}\Shell\AutoRun\command - "" = IO90453\JJU294\fuiahjdfu.exe
O33 - MountPoints2\{ef120711-b1f4-11e0-9fd3-0016d498d8af}\Shell\open\command - "" = IO90453\JJU294\fuiahjdfu.exe
[2012/03/01 09:46:47 | 000,039,424 | -H-- | C] (Unizeto Sp. z o.o.) -- C:\WINDOWS\System32\E13521A1E0A0CC59F69D.exe
@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD
:Files
C:\WINDOWS\System32\winsh3??
:Commands
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ |
|
05.03.2012, 23:08
| #3 |
| | gema-trojaner (100 euro-version) win xp ok, habs gefixt - hier das log:
__________________Code:
ATTFilter ========== OTL ==========
HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\flo_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\flo_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
Registry value HKEY_USERS\flo_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
C:\Programme\Vuze_Remote\prxtbVuz0.dll moved successfully.
HKU\flo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "chr-greentree_ff&type=937811&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" removed from keyword.URL
Prefs.js: "10.1.0.0" removed from network.proxy.backup.ftp
Prefs.js: 8080 removed from network.proxy.backup.ftp_port
Prefs.js: "10.1.0.0" removed from network.proxy.backup.socks
Prefs.js: 8080 removed from network.proxy.backup.socks_port
Prefs.js: "10.1.0.0" removed from network.proxy.backup.ssl
Prefs.js: 8080 removed from network.proxy.backup.ssl_port
Prefs.js: "192.168.1.1" removed from network.proxy.ftp
Prefs.js: 3128 removed from network.proxy.ftp_port
Prefs.js: "192.168.1.1" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: "localhost" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "192.168.1.1" removed from network.proxy.socks
Prefs.js: 3128 removed from network.proxy.socks_port
Prefs.js: "192.168.1.1" removed from network.proxy.ssl
Prefs.js: 3128 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
File C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
File C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Programme\Vuze_Remote\prxtbVuz0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Programme\Vuze_Remote\prxtbVuz0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\H2O deleted successfully.
C:\Programme\Syncrosoft\POS\H2O\cledx.exe moved successfully.
Registry value HKEY_USERS\flo_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\TabletWizard deleted successfully.
Registry value HKEY_USERS\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\TabletWizard deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\cd-laufwerk.lnk moved successfully.
C:\map.bat moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun deleted successfully.
Registry value HKEY_USERS\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit deleted successfully.
Registry value HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\E13521A1E0A0CC59F69D.exe deleted successfully.
C:\WINDOWS\system32\E13521A1E0A0CC59F69D.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b60351d-b14f-11e0-9fd0-0018debd900d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b60351d-b14f-11e0-9fd0-0018debd900d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b60351d-b14f-11e0-9fd0-0018debd900d}\ not found.
File F:\SISetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9180a4e3-de0a-11e0-a065-0016d498d8af}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9180a4e3-de0a-11e0-a065-0016d498d8af}\ not found.
File F:\RunClubSanDisk.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba2d366a-6dc5-11e0-9ebf-0018debd900d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba2d366a-6dc5-11e0-9ebf-0018debd900d}\ not found.
File F:\StartPortableApps.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef120711-b1f4-11e0-9fd3-0016d498d8af}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef120711-b1f4-11e0-9fd3-0016d498d8af}\ not found.
File IO90453\JJU294\fuiahjdfu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef120711-b1f4-11e0-9fd3-0016d498d8af}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef120711-b1f4-11e0-9fd3-0016d498d8af}\ not found.
File IO90453\JJU294\fuiahjdfu.exe not found.
File C:\WINDOWS\System32\E13521A1E0A0CC59F69D.exe not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\winsh320 moved successfully.
C:\WINDOWS\System32\winsh321 moved successfully.
C:\WINDOWS\System32\winsh322 moved successfully.
C:\WINDOWS\System32\winsh323 moved successfully.
C:\WINDOWS\System32\winsh324 moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTLPE by OldTimer - Version 3.1.48.0 log created on 03052012_234830
|
|
05.03.2012, 23:12
| #4 |
| | gema-trojaner (100 euro-version) win xp hat das mit dem upload funktioniert? ich kann jedenfalls wieder auf win xp zugreifen, bislang ohne probleme - ganz viel dankeschön! und so. =) flo. |
|
06.03.2012, 12:22
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | gema-trojaner (100 euro-version) win xp Ja ist angekommen, danke  Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
07.03.2012, 07:30
| #6 |
| | gema-trojaner (100 euro-version) win xp malwarebytes-log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.06.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 flo :: FLOPTOP [Administrator] Schutz: Aktiviert 06.03.2012 13:34:58 mbam-log-2012-03-06 (13-34-58).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 330619 Laufzeit: 3 Stunde(n), 22 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Programme\rkfree\rkfree.exe (Keylogger.Logixoft) -> 1036 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rkfree (Keylogger.Logixoft) -> Daten: C:\Programme\rkfree\rkfree.exe /b -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 4 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("regedit.exe" "%1") Gut: (regedit.exe "%1") -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Programme\rkfree\rkfree.exe (Keylogger.Logixoft) -> Löschen bei Neustart. C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Temp\166C269CE0A0CC5902B0.exe (Trojan.Zbot.USZ) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Programme\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\03052012_234830\C_WINDOWS\system32\E13521A1E0A0CC59F69D.exe (Trojan.Zbot.USZ) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\downloads\rkfree_setup.exe (Keylogger.Logixoft) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a0184e7fd704fa4999bc1551fda0cc52
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-14 12:56:36
# local_time=2012-02-14 01:56:36 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 4623 4623 0 0
# scanned=177622
# found=0
# cleaned=0
# scan_time=4151
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a0184e7fd704fa4999bc1551fda0cc52
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-06 11:35:10
# local_time=2012-03-07 12:35:10 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 1856589 1856589 0 0
# scanned=156795
# found=3
# cleaned=0
# scan_time=4899
C:\_OTL.zip a variant of Win32/Kryptik.ABSQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\8\641dc908-24415f8b Java/Exploit.CVE-2011-3544.AW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Temp\Inc.class Java/Exploit.CVE-2011-3544.AW trojan (unable to clean) 00000000000000000000000000000000 I
|
|
07.03.2012, 10:36
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | gema-trojaner (100 euro-version) win xp Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
07.03.2012, 12:20
| #8 |
| | gema-trojaner (100 euro-version) win xpCode:
ATTFilter OTL logfile created on: 07.03.2012 11:43:54 - Run 1 OTL by OldTimer - Version 3.2.35.1 Folder = D:\downloads Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 72,50% Memory free 3,84 Gb Paging File | 3,44 Gb Available in Paging File | 89,65% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 18,62 Gb Total Space | 0,76 Gb Free Space | 4,09% Space Free | Partition Type: NTFS Drive D: | 18,63 Gb Total Space | 5,79 Gb Free Space | 31,10% Space Free | Partition Type: NTFS Drive M: | 3,78 Gb Total Space | 2,01 Gb Free Space | 53,06% Space Free | Partition Type: FAT32 Computer Name: FLOPTOP | User Name: flo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.07 11:42:34 | 000,584,704 | ---- | M] (OldTimer Tools) -- D:\downloads\OTL.exe PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010.04.27 16:06:02 | 000,138,072 | ---- | M] () -- C:\Programme\Join Air\UIExec.exe PRC - [2010.04.27 15:57:32 | 000,247,152 | ---- | M] () -- C:\Programme\Join Air\AssistantServices.exe PRC - [2010.04.07 13:57:42 | 000,099,896 | ---- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe PRC - [2008.05.08 00:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe PRC - [2008.04.24 13:40:56 | 002,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe PRC - [2008.04.14 03:23:03 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\tcserver.exe PRC - [2008.04.14 03:23:02 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\tabtip.exe PRC - [2008.04.14 03:22:50 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\keyboardsurrogate.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2006.02.27 17:02:06 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2003.12.16 17:48:16 | 000,208,896 | ---- | M] () -- C:\Programme\4.0M MPEG4 DV\Console\Watch.exe ========== Modules (No Company Name) ========== MOD - [2011.10.30 21:29:32 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll MOD - [2011.10.30 21:29:26 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll MOD - [2011.10.30 17:13:17 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll MOD - [2011.10.30 17:13:11 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll MOD - [2011.10.30 17:13:00 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll MOD - [2011.10.30 17:11:14 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll MOD - [2011.10.30 17:11:05 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll MOD - [2011.03.20 00:01:37 | 001,179,648 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.3300.0__b77a5c561934e089\system.dll MOD - [2011.03.20 00:00:01 | 001,855,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.0.3705\system\1.0.3300.0__b77a5c561934e089_b3550d4c\system.dll MOD - [2011.03.19 23:59:58 | 003,301,376 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_6bdbd301\mscorlib.dll MOD - [2011.03.19 23:59:42 | 000,012,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC\SoftKeyboardLogic\1.7.2600.5512__31bf3856ad364e35\SoftKeyboardLogic.dll MOD - [2011.03.19 23:59:41 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC\SKLibrary\1.7.2600.5512__31bf3856ad364e35\SKLibrary.dll MOD - [2011.03.19 23:59:41 | 000,009,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.SoftKeyboardInterface\1.7.2600.5512__31bf3856ad364e35\Interop.SoftKeyboardInterface.dll MOD - [2011.03.15 01:05:57 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\interop.tipcomponents\1.7.2600.2180__31bf3856ad364e35\interop.tipcomponents.dll MOD - [2011.03.15 01:05:39 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.3300.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.04.27 16:06:02 | 000,138,072 | ---- | M] () -- C:\Programme\Join Air\UIExec.exe MOD - [2010.04.27 15:57:32 | 000,247,152 | ---- | M] () -- C:\Programme\Join Air\AssistantServices.exe MOD - [2010.03.04 15:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL MOD - [2010.03.04 15:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2006.02.27 17:03:28 | 000,053,248 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2003.12.16 17:48:16 | 000,208,896 | ---- | M] () -- C:\Programme\4.0M MPEG4 DV\Console\Watch.exe ========== Win32 Services (SafeList) ========== SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.03.18 10:06:49 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2010.04.27 15:57:32 | 000,247,152 | ---- | M] () [Auto | Running] -- C:\Programme\Join Air\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.04.07 13:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService) SRV - [2008.05.08 00:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License) SRV - [2008.04.24 13:40:56 | 002,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms) SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Mvhel3esepcw) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (appliandMP) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (al55mvok) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (AgereSoftModem) DRV - [2012.01.14 16:58:54 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.11.01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.11.01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.11.01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.11.01 10:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.03.15 12:51:03 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.03.06 00:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews) DRV - [2010.01.05 10:31:32 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2010.01.05 10:31:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010.01.05 10:31:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2010.01.05 10:31:30 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.28 14:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008.03.18 16:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge) DRV - [2008.03.17 17:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX) DRV - [2008.03.13 03:25:36 | 002,530,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R) DRV - [2008.02.11 16:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2007.12.14 09:21:56 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2007.08.28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007.06.18 13:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem) DRV - [2007.05.09 13:27:00 | 000,097,280 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21) DRV - [2007.01.22 13:09:38 | 000,034,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wisdpen.sys -- (wisdpen) DRV - [2006.02.27 16:45:48 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2006.02.27 16:43:36 | 000,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2006.02.27 16:43:06 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2006.02.27 16:40:16 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2005.10.26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2005.09.19 14:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb) DRV - [2005.05.09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX) DRV - [2003.07.08 18:49:24 | 000,514,155 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca536av.sys -- (Ca536av) DRV - [2003.05.14 00:28:14 | 000,011,048 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk536.sys -- (USBCamera) DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/search?query={searchTerms}&from=IE IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 121.204.0.2:80 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.param.yahoo-fr: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.7 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2 FF - prefs.js..network.proxy.backup.ftp: "10.1.0.0" FF - prefs.js..network.proxy.backup.ftp_port: "" FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: "" FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: "" FF - prefs.js..network.proxy.ftp: "10.1.0.0" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "10.1.0.0" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, 10.3.0.64, 10.1.0.0/8080" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "10.1.0.0" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "10.1.0.0" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\DOKUME~1\flo\ANWEND~1\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Programme\1&1\1&1 SoftPhone\Firefox [2011.03.16 13:01:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_10.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_10.0 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.02.18 12:08:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.02.11 22:45:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.29 10:24:00 | 000,000,000 | ---D | M] [2011.03.15 12:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Extensions [2012.03.06 00:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions [2011.11.23 00:59:37 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.01.13 16:57:21 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2012.03.06 00:35:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.03.16 00:29:10 | 000,002,062 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\searchplugins\qip-search.xml [2012.03.06 00:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.06 00:16:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FLO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\H2H6CUOS.DEFAULT\EXTENSIONS\{AD48108D-92A6-4EB9-87E4-978ACA1DBAE4}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FLO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\H2H6CUOS.DEFAULT\EXTENSIONS\ADD-TO-SEARCHBOX@MALTEKRAUS.DE.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FLO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\H2H6CUOS.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012.02.18 12:08:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.03.06 00:16:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.09.23 14:41:48 | 002,557,440 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFp530.dll [2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFv522.dll [2011.09.23 14:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFv530.dll [2012.01.12 22:38:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.12 22:38:34 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.01.12 22:38:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.01.12 22:38:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.12 22:38:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.12 22:38:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.03.06 05:51:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-1644491937-861567501-839522115-1003\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found. O3 - HKU\S-1-5-21-1644491937-861567501-839522115-1003\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TabletTip] C:\Programme\Gemeinsame Dateien\microsoft shared\ink\tabtip.exe (Microsoft Corporation) O4 - HKLM..\Run: [UIExec] C:\Programme\Join Air\UIExec.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Watch.lnk = C:\Programme\4.0M MPEG4 DV\Console\Watch.exe () O4 - Startup: C:\Dokumente und Einstellungen\flo\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\ContextMenuHandler.html () O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1112610A-13BC-453D-BD87-A101219290C4}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (sfklg.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\loginkey: DllName - (C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\loginkey.dll) - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\loginkey.dll (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E30AC7CA-ED4A-48A8-A539-A711A256B163} - Vektorgrafik-Rendering (VML) ActiveX: {E55010A4-6F00-201C-B8B3-80AE9A1744D6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.CSCD - C:\WINDOWS\System32\camcodec.dll (RenderSoft Software.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.IPJ2 - jp2avi.dll File not found Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.LAGS - lagarith.dll File not found Drivers32: VIDC.SP54 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus) Drivers32: VIDC.SP55 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus) Drivers32: VIDC.SP56 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus) Drivers32: VIDC.SP57 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus) Drivers32: VIDC.SP58 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus) Drivers32: vidc.VP40 - vp4vfw.dll File not found Drivers32: vidc.VP60 - vp6vfw.dll File not found Drivers32: vidc.VP61 - vp6vfw.dll File not found Drivers32: vidc.VP70 - vp7vfw.dll File not found Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.07 11:10:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012.03.06 17:27:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Desktop\110937-gema-trojaner-100-euro-version-win-xp-Dateien [2012.03.06 13:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Malwarebytes [2012.03.06 13:31:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.03.06 13:31:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.03.06 13:31:18 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.03.06 13:31:18 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.03.06 12:35:04 | 000,000,000 | ---D | C] -- C:\Programme\rkfree [2012.03.06 12:35:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rkfree [2012.03.06 05:51:36 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2012.03.06 05:48:31 | 000,000,000 | ---D | C] -- C:\_OTL [2012.03.06 00:16:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2012.02.29 10:57:46 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Nokia Suite [2012.02.29 10:41:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia Suite [2012.02.29 10:40:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\NokiaAccount [2012.02.29 10:25:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Nokia [2012.02.29 10:24:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia [2012.02.29 10:24:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2012.02.29 10:24:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\PC Suite [2012.02.29 10:24:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nokia [2012.02.29 10:23:58 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Nokia [2012.02.29 10:23:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2012.02.28 13:18:11 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox [2012.02.28 12:40:45 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2012.02.28 12:40:32 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution [2012.02.28 12:40:13 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys [2012.02.28 12:40:12 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys [2012.02.28 12:40:11 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys [2012.02.28 12:40:10 | 000,605,696 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll [2012.02.28 12:40:10 | 000,123,904 | ---- | C] (Nokia) -- C:\WINDOWS\System32\ccdcmbwu.dll [2012.02.28 12:40:10 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys [2012.02.28 12:40:09 | 000,075,264 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll [2012.02.28 12:37:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2012.02.28 12:35:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2012.02.28 12:35:23 | 000,000,000 | ---D | C] -- C:\Programme\Nokia [2012.02.14 12:30:21 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.02.11 22:23:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Flatcast [2012.02.11 11:31:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2012.02.11 11:29:17 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe [2012.02.11 11:29:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Karaoke Anything! [2012.02.11 11:29:15 | 000,000,000 | ---D | C] -- C:\Programme\Karaoke Anything! [2012.02.11 11:27:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sibelius Software [2012.02.11 11:27:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Sibelius Software [2012.02.10 13:02:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sibelius Software [2012.02.10 13:02:59 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Scores [2012.02.10 12:59:18 | 000,000,000 | ---D | C] -- C:\Programme\Sibelius Software [2011.04.02 17:11:02 | 000,818,176 | ---- | C] (Image-Line) -- C:\Programme\Kopie von FL Studio VSTi.dll [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.07 11:28:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.03.07 11:10:01 | 000,449,334 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.03.07 11:10:01 | 000,433,130 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.03.07 11:10:01 | 000,080,302 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.03.07 11:10:01 | 000,067,704 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.03.07 11:05:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.03.07 11:05:18 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.03.07 11:05:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.03.06 17:27:13 | 000,153,225 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Desktop\110937-gema-trojaner-100-euro-version-win-xp.html [2012.03.06 13:33:36 | 000,000,543 | ---- | M] () -- C:\WINDOWS\Sam9_D.INI [2012.03.06 13:31:20 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.06 11:47:31 | 000,188,416 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.06 00:01:34 | 000,883,431 | ---- | M] () -- C:\_OTL.zip [2012.03.05 13:46:02 | 000,002,241 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.03.01 21:29:55 | 000,020,180 | ---- | M] () -- C:\WINDOWS\System32\sfklg.dat [2012.02.29 10:37:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012.02.29 10:37:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf [2012.02.29 10:31:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2012.02.29 10:31:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.02.29 10:31:41 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2012.02.29 10:24:21 | 000,001,717 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia Suite.lnk [2012.02.28 22:37:17 | 000,001,014 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Desktop\Dropbox.lnk [2012.02.28 17:39:27 | 000,224,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.02.28 12:38:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2012.02.28 12:37:10 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2012.02.11 22:45:10 | 000,002,292 | ---- | M] () -- C:\WINDOWS\unins002.dat [2012.02.11 22:45:08 | 000,715,038 | ---- | M] () -- C:\WINDOWS\unins002.exe [2012.02.11 22:27:44 | 000,002,368 | ---- | M] () -- C:\WINDOWS\unins001.dat [2012.02.11 22:27:42 | 000,715,038 | ---- | M] () -- C:\WINDOWS\unins001.exe [2012.02.11 22:23:21 | 000,000,898 | ---- | M] () -- C:\WINDOWS\unins000.dat [2012.02.11 22:23:18 | 000,695,578 | ---- | M] () -- C:\WINDOWS\unins000.exe [2012.02.11 11:31:41 | 000,000,624 | -H-- | M] () -- C:\WINDOWS\System32\T4 [2012.02.11 11:29:07 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe [2012.02.11 11:27:27 | 000,000,604 | -H-- | M] () -- C:\Programme\STLL Notifier [2012.02.10 21:40:10 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4 [2012.02.10 21:40:10 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2 [2012.02.10 21:40:10 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3 [2012.02.10 21:40:10 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1 [2012.02.10 21:40:10 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7 [2012.02.10 21:40:10 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5 [2012.02.10 21:40:10 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0 [2012.02.10 21:40:10 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9 [2012.02.10 21:40:10 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8 [2012.02.10 21:40:10 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10 [2012.02.10 21:40:10 | 000,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6 [2012.02.10 13:03:12 | 000,000,444 | ---- | M] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini [2012.02.10 13:02:59 | 000,001,786 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sibelius 6.lnk [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.06 17:27:11 | 000,153,225 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\Desktop\110937-gema-trojaner-100-euro-version-win-xp.html [2012.03.06 13:31:20 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.06 00:01:31 | 000,883,431 | ---- | C] () -- C:\_OTL.zip [2012.02.29 10:37:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012.02.29 10:37:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf [2012.02.29 10:31:42 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2012.02.29 10:31:41 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2012.02.29 10:24:21 | 000,001,717 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia Suite.lnk [2012.02.28 12:37:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2012.02.11 22:45:10 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins002.exe [2012.02.11 22:45:10 | 000,002,292 | ---- | C] () -- C:\WINDOWS\unins002.dat [2012.02.11 22:27:43 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins001.exe [2012.02.11 22:27:43 | 000,002,368 | ---- | C] () -- C:\WINDOWS\unins001.dat [2012.02.11 22:23:20 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe [2012.02.11 22:23:20 | 000,000,898 | ---- | C] () -- C:\WINDOWS\unins000.dat [2012.02.11 11:31:41 | 000,000,624 | -H-- | C] () -- C:\WINDOWS\System32\T4 [2012.02.11 11:27:27 | 000,000,604 | -H-- | C] () -- C:\Programme\STLL Notifier [2012.02.10 13:02:59 | 000,001,786 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sibelius 6.lnk [2012.02.10 12:59:03 | 000,000,444 | ---- | C] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini [2012.01.14 17:00:00 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat [2012.01.14 16:59:31 | 000,000,074 | ---- | C] () -- C:\WINDOWS\Crypkey.ini [2012.01.14 16:59:27 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe [2012.01.14 16:59:27 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys [2012.01.14 16:59:27 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll [2012.01.14 16:59:27 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe [2012.01.14 16:58:54 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys [2011.12.23 12:24:51 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011.12.23 08:33:11 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll [2011.09.12 19:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2011.09.12 19:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2011.09.12 19:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2011.09.12 19:43:19 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2011.09.12 19:43:19 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2011.08.05 12:24:02 | 000,000,030 | ---- | C] () -- C:\Programme\Exiferupdate.ini [2011.07.28 18:23:36 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE [2011.07.28 18:23:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL [2011.07.28 18:23:02 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\mvusbews.dll [2011.07.28 18:22:57 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll [2011.07.18 16:14:01 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll [2011.04.11 20:56:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL [2011.04.06 16:01:20 | 000,030,461 | ---- | C] () -- C:\WINDOWS\snap099.dat [2011.04.06 16:01:20 | 000,029,565 | ---- | C] () -- C:\WINDOWS\snap098.dat [2011.04.06 16:01:20 | 000,028,669 | ---- | C] () -- C:\WINDOWS\snap097.dat [2011.04.06 16:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap095.dat [2011.04.06 16:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap094.dat [2011.04.06 16:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap093.dat [2011.04.06 16:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap090.dat [2011.04.06 16:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap089.dat [2011.04.06 16:01:20 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap096.dat [2011.04.06 16:01:20 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap092.dat [2011.04.06 16:01:20 | 000,025,981 | ---- | C] () -- C:\WINDOWS\snap091.dat [2011.04.06 16:01:19 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap088.dat [2011.04.06 16:01:19 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap087.dat [2011.04.06 16:01:19 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap086.dat [2011.04.06 16:01:19 | 000,025,981 | ---- | C] () -- C:\WINDOWS\snap085.dat [2011.04.06 16:01:19 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap084.dat [2011.04.06 16:01:19 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap083.dat [2011.04.06 16:01:19 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap082.dat [2011.04.06 16:01:19 | 000,022,397 | ---- | C] () -- C:\WINDOWS\snap081.dat [2011.04.06 16:01:19 | 000,021,501 | ---- | C] () -- C:\WINDOWS\snap080.dat [2011.04.06 16:01:19 | 000,020,605 | ---- | C] () -- C:\WINDOWS\snap079.dat [2011.04.06 16:01:19 | 000,019,709 | ---- | C] () -- C:\WINDOWS\snap078.dat [2011.04.06 16:01:19 | 000,019,709 | ---- | C] () -- C:\WINDOWS\snap077.dat [2011.04.06 16:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap072.dat [2011.04.06 16:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap069.dat [2011.04.06 16:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap068.dat [2011.04.06 16:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap067.dat [2011.04.06 16:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap066.dat [2011.04.06 16:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap073.dat [2011.04.06 16:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap071.dat [2011.04.06 16:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap070.dat [2011.04.06 16:01:18 | 000,022,397 | ---- | C] () -- C:\WINDOWS\snap074.dat [2011.04.06 16:01:18 | 000,021,501 | ---- | C] () -- C:\WINDOWS\snap075.dat [2011.04.06 16:01:18 | 000,020,605 | ---- | C] () -- C:\WINDOWS\snap076.dat [2011.04.06 16:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap061.dat [2011.04.06 16:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap060.dat [2011.04.06 16:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap059.dat [2011.04.06 16:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap058.dat [2011.04.06 16:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap057.dat [2011.04.06 16:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap055.dat [2011.04.06 16:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap053.dat [2011.04.06 16:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap065.dat [2011.04.06 16:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap064.dat [2011.04.06 16:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap063.dat [2011.04.06 16:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap062.dat [2011.04.06 16:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap056.dat [2011.04.06 16:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap054.dat [2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap052.dat [2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap051.dat [2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap050.dat [2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap049.dat [2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap048.dat [2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap047.dat [2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap046.dat [2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap045.dat [2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap044.dat [2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap043.dat [2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap042.dat [2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap041.dat [2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap040.dat [2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap039.dat [2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap038.dat [2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap037.dat [2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap036.dat [2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap035.dat [2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap034.dat [2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap033.dat [2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap032.dat [2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap031.dat [2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap030.dat [2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap029.dat [2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap028.dat [2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap027.dat [2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap026.dat [2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap025.dat [2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap024.dat [2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap023.dat [2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap022.dat [2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap021.dat [2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap020.dat [2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap019.dat [2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap018.dat [2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap017.dat [2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap016.dat [2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap015.dat [2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap014.dat [2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap013.dat [2011.04.06 16:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap012.dat [2011.04.06 16:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap011.dat [2011.04.06 16:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap010.dat [2011.04.06 16:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap009.dat [2011.04.06 16:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap008.dat [2011.04.06 16:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap007.dat [2011.04.06 16:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap006.dat [2011.04.06 16:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap005.dat [2011.04.06 16:00:41 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap004.dat [2011.04.06 16:00:41 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap003.dat [2011.04.06 16:00:30 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap002.dat [2011.04.06 16:00:29 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap001.dat [2011.04.06 16:00:29 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap000.dat [2011.04.06 15:58:29 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll [2011.04.06 15:58:25 | 000,002,042 | ---- | C] () -- C:\WINDOWS\Ca536a.ini [2011.03.23 19:39:32 | 000,000,038 | -HS- | C] () -- C:\WINDOWS\camcodec100.ini [2011.03.23 19:39:32 | 000,000,028 | -HS- | C] () -- C:\WINDOWS\lagarith.ini [2011.03.23 19:39:18 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2011.03.23 18:39:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe [2011.03.21 17:04:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kopie von musicmaker.INI [2011.03.21 16:16:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\musicmaker.INI [2011.03.21 16:13:46 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini [2011.03.21 15:54:10 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll [2011.03.19 23:57:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.03.18 09:55:30 | 000,000,543 | ---- | C] () -- C:\WINDOWS\Sam9_D.INI [2011.03.18 09:51:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2011.03.18 09:51:19 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2011.03.18 09:48:46 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.03.17 18:46:25 | 000,020,180 | ---- | C] () -- C:\WINDOWS\System32\sfklg.dat [2011.03.16 00:09:20 | 000,188,416 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.15 12:42:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.03.15 02:28:05 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2011.03.15 01:19:29 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.03.15 01:14:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.03.15 01:04:58 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.03.15 00:41:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.03.15 00:40:35 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== LOP Check ========== [2011.06.09 16:02:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1&1 [2011.06.12 21:48:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Applian [2011.03.21 22:47:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2011.03.25 23:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GARMIN [2011.03.22 22:30:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2011.09.12 19:43:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Minnetonka Audio Software [2012.02.29 10:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2012.02.28 12:35:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2012.02.29 10:36:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2011.03.28 09:23:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PDF Writer [2012.03.06 12:35:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rkfree [2012.01.17 22:20:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Stardraw.com Ltd [2011.07.21 17:17:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Telestream [2012.03.06 20:05:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.10.17 18:15:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\.oit [2011.06.09 16:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\1&1 [2012.01.21 14:54:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\ASCOMP Software [2011.07.21 11:33:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\avidemux [2012.02.10 11:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Azureus [2012.01.22 10:19:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DesktopIconForAmazon [2011.07.02 20:44:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Downloadr [2012.03.06 12:26:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Dropbox [2011.10.31 11:41:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DVDVideoSoft [2011.10.31 11:41:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.02.11 22:23:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Flatcast [2011.07.22 09:44:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GARMIN [2011.07.18 12:32:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GetRightToGo [2011.03.16 00:07:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GrabPro [2011.04.02 10:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Gutscheinmieze [2011.03.21 17:23:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\MAGIX [2012.02.29 10:41:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia [2012.02.29 10:41:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia Suite [2011.11.26 12:40:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Opera [2012.03.06 11:33:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Orbit [2012.02.29 10:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\PC Suite [2011.03.28 09:23:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\PDF Writer [2011.03.16 00:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\ProgSense [2011.03.16 00:11:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\QIP [2011.03.16 00:29:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\QipGuard [2011.07.21 17:17:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Vara Software [2011.08.22 13:57:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Wirecast ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.10.17 18:15:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\.oit [2011.06.09 16:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\1&1 [2011.09.26 22:25:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Adobe [2011.07.22 09:53:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Apple Computer [2012.01.21 14:54:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\ASCOMP Software [2011.07.21 11:33:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\avidemux [2012.02.10 11:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Azureus [2012.01.22 10:19:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DesktopIconForAmazon [2011.07.02 20:44:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Downloadr [2012.03.06 12:26:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Dropbox [2011.04.06 20:35:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\dvdcss [2011.10.31 11:41:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DVDVideoSoft [2011.10.31 11:41:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.07.18 12:27:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\ESTsoft [2012.02.11 22:23:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Flatcast [2011.07.22 09:44:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GARMIN [2011.07.18 12:32:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GetRightToGo [2011.03.16 00:07:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GrabPro [2011.04.02 10:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Gutscheinmieze [2011.07.28 13:33:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Help [2011.03.15 01:19:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Identities [2011.03.15 02:01:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\InstallShield [2011.03.15 14:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Macromedia [2011.03.21 17:23:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\MAGIX [2012.03.06 13:31:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Malwarebytes [2011.12.22 19:24:04 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft [2012.02.11 22:27:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla [2012.02.29 10:41:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia [2012.02.29 10:41:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia Suite [2011.11.26 12:40:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Opera [2012.03.06 11:33:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Orbit [2012.02.29 10:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\PC Suite [2011.03.28 09:23:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\PDF Writer [2011.03.16 00:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\ProgSense [2011.03.16 00:11:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\QIP [2011.03.16 00:29:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\QipGuard [2011.03.23 18:56:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Real [2012.02.11 11:31:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Sibelius Software [2012.02.19 18:40:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Skype [2011.08.22 13:38:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\skypePM [2011.06.19 22:44:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Sun [2011.06.22 13:24:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\U3 [2011.07.21 17:17:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Vara Software [2012.02.29 10:08:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\vlc [2011.08.22 13:57:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Wirecast < %APPDATA%\*.exe /s > [2011.07.02 16:24:49 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Azureus\plugins\mlab\ShaperProbeC.exe [2012.01.21 14:52:40 | 000,753,664 | ---- | M] (Microsoft) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DesktopIconForAmazon\IconForAmazon.exe [2012.02.17 01:23:00 | 026,530,760 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2012.02.15 05:19:02 | 000,871,624 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Dropbox\bin\DropboxPhotoUpdate.exe [2012.02.17 01:23:34 | 000,174,152 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Dropbox\bin\Uninstall.exe [2011.03.15 02:12:39 | 000,057,344 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Installer\{7F362F06-A9A3-440F-8B19-6A01A72723C4}\ARPPRODUCTICON.exe [2012.01.14 16:59:31 | 000,084,126 | R--- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Installer\{E994D0AC-CB70-4f1f-A1F7-59AC626FEECA}\stardraw.exe [2010.07.26 13:41:56 | 000,188,416 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\QipGuard\QipGuard.exe [2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\U3\temp\cleanup.exe [2008.05.02 09:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > [2011.07.13 03:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe < MD5 for: AGP440.SYS > [2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2011.03.19 23:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2011.03.19 23:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2011.03.19 23:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2011.03.19 23:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2006.02.28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2006.02.28 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2006.02.28 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2006.02.28 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2006.02.28 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2006.02.28 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2006.02.28 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011.03.15 12:51:03 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2011.03.15 01:39:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2011.03.15 01:39:49 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2011.03.15 01:39:49 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 3020 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rkfree:cfg @Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD < End of report > |
|
07.03.2012, 13:40
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | gema-trojaner (100 euro-version) win xp Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 121.204.0.2:80
[2012.01.13 16:57:21 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
O3 - HKU\S-1-5-21-1644491937-861567501-839522115-1003\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O20 - AppInit_DLLs: (sfklg.dll) - File not found
[2011.04.02 10:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Gutscheinmieze
@Alternate Data Stream - 3020 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rkfree:cfg
@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
08.03.2012, 09:18
| #10 |
| | gema-trojaner (100 euro-version) win xpCode:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_USERS\S-1-5-21-1644491937-861567501-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1644491937-861567501-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1644491937-861567501-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
HKU\S-1-5-21-1644491937-861567501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin folder moved successfully.
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\modules folder moved successfully.
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components folder moved successfully.
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-1644491937-861567501-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:sfklg.dll deleted successfully.
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Gutscheinmieze folder moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rkfree:cfg deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: flo
->Temp folder emptied: 146422326 bytes
->Temporary Internet Files folder emptied: 217270617 bytes
->Java cache emptied: 49530 bytes
->FireFox cache emptied: 281135142 bytes
->Flash cache emptied: 71873 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2148906 bytes
%systemroot%\System32 .tmp files removed: 3771271 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27266398 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 647,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.35.1 log created on 03082012_094028
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
08.03.2012, 10:15
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | gema-trojaner (100 euro-version) win xp Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
08.03.2012, 10:25
| #12 |
| | gema-trojaner (100 euro-version) win xpCode:
ATTFilter 11:23:43.0031 3944 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
11:23:43.0156 3944 ============================================================
11:23:43.0156 3944 Current date / time: 2012/03/08 11:23:43.0156
11:23:43.0156 3944 SystemInfo:
11:23:43.0156 3944
11:23:43.0156 3944 OS Version: 5.1.2600 ServicePack: 3.0
11:23:43.0156 3944 Product type: Workstation
11:23:43.0156 3944 ComputerName: FLOPTOP
11:23:43.0171 3944 UserName: flo
11:23:43.0171 3944 Windows directory: C:\WINDOWS
11:23:43.0171 3944 System windows directory: C:\WINDOWS
11:23:43.0171 3944 Processor architecture: Intel x86
11:23:43.0171 3944 Number of processors: 2
11:23:43.0171 3944 Page size: 0x1000
11:23:43.0171 3944 Boot type: Normal boot
11:23:43.0171 3944 ============================================================
11:23:46.0312 3944 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1430, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:23:46.0359 3944 Drive \Device\Harddisk1\DR3 - Size: 0xF2E50000 (3.80 Gb), SectorSize: 0x200, Cylinders: 0x3DB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x80, Type 'W'
11:23:46.0375 3944 Drive \Device\Harddisk3\DR6 - Size: 0x3E800000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:23:46.0375 3944 Drive \Device\Harddisk6\DR13 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:23:53.0359 3944 \Device\Harddisk0\DR0:
11:23:53.0390 3944 MBR used
11:23:53.0390 3944 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x253EE31
11:23:53.0390 3944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x253EE70, BlocksNum 0x2542980
11:23:53.0390 3944 \Device\Harddisk1\DR3:
11:23:53.0390 3944 MBR used
11:23:53.0390 3944 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x795400
11:23:53.0390 3944 \Device\Harddisk3\DR6:
11:23:53.0390 3944 MBR used
11:23:53.0390 3944 \Device\Harddisk3\DR6\Partition0: MBR, Type 0x6, StartLBA 0x3B, BlocksNum 0x1F3F05
11:23:53.0390 3944 \Device\Harddisk6\DR13:
11:23:53.0390 3944 MBR used
11:23:53.0390 3944 \Device\Harddisk6\DR13\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
11:23:55.0328 3944 Initialize success
11:23:55.0328 3944 ============================================================
11:24:18.0031 3468 ============================================================
11:24:18.0031 3468 Scan started
11:24:18.0031 3468 Mode: Manual; SigCheck; TDLFS;
11:24:18.0031 3468 ============================================================
11:24:18.0312 3468 Abiosdsk - ok
11:24:18.0328 3468 abp480n5 - ok
11:24:18.0390 3468 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:24:20.0343 3468 ACPI - ok
11:24:20.0437 3468 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:24:20.0593 3468 ACPIEC - ok
11:24:20.0640 3468 ADIHdAudAddService (4e12c97cbfe99be15d7680918f9899ec) C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:24:20.0687 3468 ADIHdAudAddService - ok
11:24:20.0703 3468 adpu160m - ok
11:24:20.0734 3468 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
11:24:20.0765 3468 AEAudio - ok
11:24:20.0890 3468 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:24:21.0093 3468 aec - ok
11:24:21.0156 3468 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:24:21.0218 3468 AFD - ok
11:24:21.0234 3468 AgereSoftModem - ok
11:24:21.0250 3468 Aha154x - ok
11:24:21.0265 3468 aic78u2 - ok
11:24:21.0281 3468 aic78xx - ok
11:24:21.0359 3468 aksfridge (cb5a5079744a0535416d3a5e462c5efe) C:\WINDOWS\system32\drivers\aksfridge.sys
11:24:21.0453 3468 aksfridge - ok
11:24:21.0546 3468 AliIde - ok
11:24:21.0546 3468 amsint - ok
11:24:21.0562 3468 appliandMP - ok
11:24:21.0593 3468 asc - ok
11:24:21.0593 3468 asc3350p - ok
11:24:21.0609 3468 asc3550 - ok
11:24:21.0656 3468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:24:21.0859 3468 AsyncMac - ok
11:24:21.0890 3468 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:24:22.0015 3468 atapi - ok
11:24:22.0031 3468 Atdisk - ok
11:24:22.0062 3468 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:24:22.0171 3468 Atmarpc - ok
11:24:22.0234 3468 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
11:24:22.0265 3468 ATSWPDRV - ok
11:24:22.0296 3468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:24:22.0421 3468 audstub - ok
11:24:22.0500 3468 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:24:22.0562 3468 b57w2k - ok
11:24:22.0609 3468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:24:22.0781 3468 Beep - ok
11:24:22.0890 3468 BTKRNL (5c3807e7768023a1229c73296758a361) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
11:24:23.0015 3468 BTKRNL ( UnsignedFile.Multi.Generic ) - warning
11:24:23.0015 3468 BTKRNL - detected UnsignedFile.Multi.Generic (1)
11:24:23.0109 3468 BTWDNDIS (b8bbc117fdb528227702637de468be72) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
11:24:23.0140 3468 BTWDNDIS ( UnsignedFile.Multi.Generic ) - warning
11:24:23.0140 3468 BTWDNDIS - detected UnsignedFile.Multi.Generic (1)
11:24:23.0156 3468 btwmodem (2d0dfa6d7d74bd249d74cf652b78055c) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
11:24:23.0171 3468 btwmodem ( UnsignedFile.Multi.Generic ) - warning
11:24:23.0171 3468 btwmodem - detected UnsignedFile.Multi.Generic (1)
11:24:23.0203 3468 BTWUSB (7024e11dab9410b31a37547575249dd7) C:\WINDOWS\system32\Drivers\btwusb.sys
11:24:23.0250 3468 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
11:24:23.0250 3468 BTWUSB - detected UnsignedFile.Multi.Generic (1)
11:24:23.0312 3468 Ca536av (2fec2e18aff42ff28189410d244d3f03) C:\WINDOWS\system32\Drivers\Ca536av.sys
11:24:23.0421 3468 Ca536av - ok
11:24:23.0515 3468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:24:23.0703 3468 cbidf2k - ok
11:24:23.0750 3468 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:24:23.0875 3468 CCDECODE - ok
11:24:23.0875 3468 cd20xrnt - ok
11:24:23.0921 3468 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:24:24.0031 3468 Cdaudio - ok
11:24:24.0062 3468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:24:24.0171 3468 Cdfs - ok
11:24:24.0203 3468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:24:24.0328 3468 Cdrom - ok
11:24:24.0390 3468 Changer - ok
11:24:24.0421 3468 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys
11:24:24.0437 3468 CLEDX ( UnsignedFile.Multi.Generic ) - warning
11:24:24.0437 3468 CLEDX - detected UnsignedFile.Multi.Generic (1)
11:24:24.0468 3468 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:24:24.0593 3468 CmBatt - ok
11:24:24.0609 3468 CmdIde - ok
11:24:24.0640 3468 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:24:24.0765 3468 Compbatt - ok
11:24:24.0796 3468 Cpqarray - ok
11:24:24.0812 3468 dac2w2k - ok
11:24:24.0828 3468 dac960nt - ok
11:24:24.0843 3468 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:24:25.0031 3468 Disk - ok
11:24:25.0093 3468 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
11:24:25.0250 3468 dmboot - ok
11:24:25.0296 3468 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
11:24:25.0406 3468 dmio - ok
11:24:25.0484 3468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:24:25.0609 3468 dmload - ok
11:24:25.0656 3468 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:24:25.0781 3468 DMusic - ok
11:24:25.0796 3468 dpti2o - ok
11:24:25.0843 3468 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:24:25.0968 3468 drmkaud - ok
11:24:26.0015 3468 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
11:24:26.0046 3468 eabusb - ok
11:24:26.0140 3468 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:24:26.0265 3468 Fastfat - ok
11:24:26.0312 3468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:24:26.0421 3468 Fdc - ok
11:24:26.0453 3468 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
11:24:26.0562 3468 Fips - ok
11:24:26.0593 3468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:24:26.0703 3468 Flpydisk - ok
11:24:26.0750 3468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:24:26.0859 3468 FltMgr - ok
11:24:26.0968 3468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:24:27.0078 3468 Fs_Rec - ok
11:24:27.0125 3468 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:24:27.0234 3468 Ftdisk - ok
11:24:27.0281 3468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:24:27.0390 3468 Gpc - ok
11:24:27.0437 3468 GTIPCI21 (cea72ac01892b12514d15e21ef1bc75d) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
11:24:27.0453 3468 GTIPCI21 ( UnsignedFile.Multi.Generic ) - warning
11:24:27.0453 3468 GTIPCI21 - detected UnsignedFile.Multi.Generic (1)
11:24:27.0531 3468 Hardlock (9de9a7a19195c57ef38b4ee25422f2d7) C:\WINDOWS\system32\drivers\hardlock.sys
11:24:27.0593 3468 Hardlock - ok
11:24:27.0671 3468 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
11:24:27.0687 3468 Haspnt ( UnsignedFile.Multi.Generic ) - warning
11:24:27.0687 3468 Haspnt - detected UnsignedFile.Multi.Generic (1)
11:24:27.0734 3468 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
11:24:27.0796 3468 HBtnKey - ok
11:24:27.0828 3468 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:24:27.0937 3468 HDAudBus - ok
11:24:28.0000 3468 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:24:28.0109 3468 HidUsb - ok
11:24:28.0187 3468 hpn - ok
11:24:28.0218 3468 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
11:24:28.0328 3468 HpqKbFiltr - ok
11:24:28.0437 3468 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:24:28.0750 3468 HTTP - ok
11:24:28.0812 3468 i2omgmt - ok
11:24:28.0812 3468 i2omp - ok
11:24:28.0859 3468 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:24:28.0968 3468 i8042prt - ok
11:24:29.0234 3468 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:24:29.0687 3468 ialm - ok
11:24:29.0843 3468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:24:29.0937 3468 Imapi - ok
11:24:29.0953 3468 ini910u - ok
11:24:29.0984 3468 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:24:30.0093 3468 IntelIde - ok
11:24:30.0140 3468 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:24:30.0234 3468 intelppm - ok
11:24:30.0281 3468 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:24:30.0390 3468 Ip6Fw - ok
11:24:30.0437 3468 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:24:30.0562 3468 IpFilterDriver - ok
11:24:30.0656 3468 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:24:30.0765 3468 IpInIp - ok
11:24:30.0796 3468 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:24:30.0906 3468 IpNat - ok
11:24:30.0937 3468 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:24:31.0046 3468 IPSec - ok
11:24:31.0093 3468 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
11:24:31.0203 3468 irda - ok
11:24:31.0203 3468 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:24:31.0296 3468 IRENUM - ok
11:24:31.0328 3468 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:24:31.0421 3468 isapnp - ok
11:24:31.0531 3468 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:24:31.0640 3468 Kbdclass - ok
11:24:31.0671 3468 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:24:31.0781 3468 kbdhid - ok
11:24:31.0828 3468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:24:31.0921 3468 kmixer - ok
11:24:31.0968 3468 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:24:32.0062 3468 KSecDD - ok
11:24:32.0140 3468 lbrtfdc - ok
11:24:32.0187 3468 massfilter (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys
11:24:32.0234 3468 massfilter - ok
11:24:32.0281 3468 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
11:24:32.0296 3468 MBAMProtector - ok
11:24:32.0328 3468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:24:32.0500 3468 mnmdd - ok
11:24:32.0578 3468 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
11:24:32.0765 3468 Modem - ok
11:24:32.0843 3468 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
11:24:32.0890 3468 motmodem - ok
11:24:32.0921 3468 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:24:33.0046 3468 Mouclass - ok
11:24:33.0093 3468 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:24:33.0203 3468 mouhid - ok
11:24:33.0218 3468 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:24:33.0328 3468 MountMgr - ok
11:24:33.0359 3468 mraid35x - ok
11:24:33.0406 3468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:24:33.0515 3468 MRxDAV - ok
11:24:33.0656 3468 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:24:33.0765 3468 MRxSmb - ok
11:24:33.0875 3468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:24:34.0062 3468 Msfs - ok
11:24:34.0093 3468 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:24:34.0218 3468 MSKSSRV - ok
11:24:34.0250 3468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:24:34.0343 3468 MSPCLOCK - ok
11:24:34.0390 3468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:24:34.0484 3468 MSPQM - ok
11:24:34.0531 3468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:24:34.0640 3468 mssmbios - ok
11:24:34.0718 3468 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:24:34.0843 3468 MSTEE - ok
11:24:34.0906 3468 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:24:34.0921 3468 Mup - ok
11:24:34.0984 3468 mvusbews (b9df137953a5280eddbd4a705ca093a2) C:\WINDOWS\system32\Drivers\mvusbews.sys
11:24:35.0031 3468 mvusbews - ok
11:24:35.0062 3468 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:24:35.0203 3468 NABTSFEC - ok
11:24:35.0296 3468 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:24:35.0437 3468 NDIS - ok
11:24:35.0468 3468 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:24:35.0656 3468 NdisIP - ok
11:24:35.0703 3468 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:24:35.0765 3468 NdisTapi - ok
11:24:35.0796 3468 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:24:35.0906 3468 Ndisuio - ok
11:24:36.0000 3468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:24:36.0109 3468 NdisWan - ok
11:24:36.0140 3468 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:24:36.0234 3468 NDProxy - ok
11:24:36.0265 3468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:24:36.0406 3468 NetBIOS - ok
11:24:36.0437 3468 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:24:36.0593 3468 NetBT - ok
11:24:36.0796 3468 NETw4x32 (d57258165aba8162de8e29d71487fc4b) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
11:24:37.0015 3468 NETw4x32 - ok
11:24:37.0109 3468 NetworkX (5ef7dd401771693245d46f4b0b69fe2b) C:\WINDOWS\system32\ckldrv.sys
11:24:37.0156 3468 NetworkX ( UnsignedFile.Multi.Generic ) - warning
11:24:37.0156 3468 NetworkX - detected UnsignedFile.Multi.Generic (1)
11:24:37.0218 3468 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\WINDOWS\system32\drivers\ccdcmb.sys
11:24:37.0781 3468 nmwcd - ok
11:24:37.0875 3468 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
11:24:38.0000 3468 nmwcdc - ok
11:24:38.0015 3468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:24:38.0203 3468 Npfs - ok
11:24:38.0265 3468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:24:38.0390 3468 Ntfs - ok
11:24:38.0421 3468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:24:38.0531 3468 Null - ok
11:24:38.0640 3468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:24:38.0750 3468 NwlnkFlt - ok
11:24:38.0765 3468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:24:38.0875 3468 NwlnkFwd - ok
11:24:38.0906 3468 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
11:24:39.0015 3468 Parport - ok
11:24:39.0046 3468 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:24:39.0171 3468 PartMgr - ok
11:24:39.0218 3468 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
11:24:39.0343 3468 ParVdm - ok
11:24:39.0437 3468 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
11:24:39.0484 3468 pccsmcfd - ok
11:24:39.0609 3468 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
11:24:39.0765 3468 PCI - ok
11:24:39.0781 3468 PCIDump - ok
11:24:39.0828 3468 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:24:40.0031 3468 PCIIde - ok
11:24:40.0093 3468 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:24:40.0218 3468 Pcmcia - ok
11:24:40.0234 3468 PDCOMP - ok
11:24:40.0250 3468 PDFRAME - ok
11:24:40.0265 3468 PDRELI - ok
11:24:40.0281 3468 PDRFRAME - ok
11:24:40.0296 3468 perc2 - ok
11:24:40.0296 3468 perc2hib - ok
11:24:40.0343 3468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:24:40.0453 3468 PptpMiniport - ok
11:24:40.0515 3468 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:24:40.0640 3468 PSched - ok
11:24:40.0656 3468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:24:40.0765 3468 Ptilink - ok
11:24:40.0812 3468 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
11:24:40.0828 3468 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
11:24:40.0828 3468 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
11:24:40.0875 3468 ql1080 - ok
11:24:40.0890 3468 Ql10wnt - ok
11:24:40.0906 3468 ql12160 - ok
11:24:40.0921 3468 ql1240 - ok
11:24:40.0937 3468 ql1280 - ok
11:24:40.0984 3468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:24:41.0093 3468 RasAcd - ok
11:24:41.0140 3468 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:24:41.0203 3468 Rasirda - ok
11:24:41.0265 3468 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:24:41.0375 3468 Rasl2tp - ok
11:24:41.0421 3468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:24:41.0531 3468 RasPppoe - ok
11:24:41.0593 3468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:24:41.0703 3468 Raspti - ok
11:24:41.0765 3468 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:24:41.0859 3468 Rdbss - ok
11:24:41.0906 3468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:24:42.0031 3468 RDPCDD - ok
11:24:42.0078 3468 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:24:42.0187 3468 rdpdr - ok
11:24:42.0296 3468 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:24:42.0328 3468 RDPWD - ok
11:24:42.0375 3468 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:24:42.0484 3468 redbook - ok
11:24:42.0515 3468 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
11:24:42.0609 3468 ROOTMODEM - ok
11:24:42.0656 3468 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:24:42.0765 3468 sdbus - ok
11:24:42.0796 3468 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:24:42.0906 3468 Secdrv - ok
11:24:42.0968 3468 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:24:43.0078 3468 Serenum - ok
11:24:43.0109 3468 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
11:24:43.0218 3468 Serial - ok
11:24:43.0281 3468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:24:43.0390 3468 Sfloppy - ok
11:24:43.0406 3468 Simbad - ok
11:24:43.0437 3468 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:24:43.0546 3468 SLIP - ok
11:24:43.0593 3468 SMCIRDA (d03a4cdb1b089e3f6c23501339506e5e) C:\WINDOWS\system32\DRIVERS\smcirda.sys
11:24:43.0640 3468 SMCIRDA - ok
11:24:43.0656 3468 Sparrow - ok
11:24:43.0687 3468 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:24:43.0796 3468 splitter - ok
11:24:43.0906 3468 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\WINDOWS\system32\Drivers\sptd.sys
11:24:43.0906 3468 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
11:24:43.0906 3468 sptd ( LockedFile.Multi.Generic ) - warning
11:24:43.0906 3468 sptd - detected LockedFile.Multi.Generic (1)
11:24:43.0953 3468 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
11:24:44.0062 3468 sr - ok
11:24:44.0171 3468 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:24:44.0250 3468 Srv - ok
11:24:44.0359 3468 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:24:44.0453 3468 streamip - ok
11:24:44.0484 3468 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:24:44.0593 3468 swenum - ok
11:24:44.0625 3468 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:24:44.0718 3468 swmidi - ok
11:24:44.0765 3468 symc810 - ok
11:24:44.0765 3468 symc8xx - ok
11:24:44.0781 3468 sym_hi - ok
11:24:44.0796 3468 sym_u3 - ok
11:24:44.0843 3468 SynTP (13e0d1974ce03e88c265a68325cb16de) C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:24:44.0906 3468 SynTP - ok
11:24:45.0000 3468 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:24:45.0125 3468 sysaudio - ok
11:24:45.0187 3468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:24:45.0312 3468 Tcpip - ok
11:24:45.0343 3468 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:24:45.0468 3468 TDPIPE - ok
11:24:45.0578 3468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:24:45.0687 3468 TDTCP - ok
11:24:45.0718 3468 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:24:45.0812 3468 TermDD - ok
11:24:45.0859 3468 tifm21 (c424f991494e5674f2e9b3cf9f5f55d1) C:\WINDOWS\system32\drivers\tifm21.sys
11:24:45.0875 3468 tifm21 ( UnsignedFile.Multi.Generic ) - warning
11:24:45.0875 3468 tifm21 - detected UnsignedFile.Multi.Generic (1)
11:24:45.0890 3468 TosIde - ok
11:24:45.0937 3468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:24:46.0046 3468 Udfs - ok
11:24:46.0062 3468 ultra - ok
11:24:46.0125 3468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:24:46.0281 3468 Update - ok
11:24:46.0375 3468 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
11:24:46.0453 3468 upperdev - ok
11:24:46.0500 3468 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
11:24:46.0609 3468 usbaudio - ok
11:24:46.0640 3468 USBCamera (2038824260efdffa6f78d9bef767622d) C:\WINDOWS\system32\Drivers\Bulk536.sys
11:24:46.0703 3468 USBCamera - ok
11:24:46.0750 3468 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:24:46.0843 3468 usbccgp - ok
11:24:46.0875 3468 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:24:46.0984 3468 usbehci - ok
11:24:47.0062 3468 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:24:47.0187 3468 usbhub - ok
11:24:47.0218 3468 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:24:47.0343 3468 usbprint - ok
11:24:47.0375 3468 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:24:47.0500 3468 usbscan - ok
11:24:47.0531 3468 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
11:24:47.0640 3468 usbser - ok
11:24:47.0687 3468 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
11:24:47.0750 3468 UsbserFilt - ok
11:24:47.0843 3468 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:24:47.0953 3468 usbstor - ok
11:24:47.0984 3468 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:24:48.0078 3468 usbuhci - ok
11:24:48.0109 3468 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:24:48.0265 3468 VgaSave - ok
11:24:48.0281 3468 ViaIde - ok
11:24:48.0328 3468 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
11:24:48.0500 3468 VolSnap - ok
11:24:48.0546 3468 WacomPen (aced8c149b30f8496c237bcba3727b48) C:\WINDOWS\system32\DRIVERS\wacompen.sys
11:24:48.0640 3468 WacomPen - ok
11:24:48.0671 3468 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:24:48.0781 3468 Wanarp - ok
11:24:48.0906 3468 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:24:48.0921 3468 Wdf01000 - ok
11:24:48.0937 3468 WDICA - ok
11:24:48.0968 3468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:24:49.0093 3468 wdmaud - ok
11:24:49.0156 3468 wisdpen (dc2111b884ac9e942939e70869511526) C:\WINDOWS\system32\DRIVERS\wisdpen.sys
11:24:49.0156 3468 wisdpen - ok
11:24:49.0203 3468 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:24:49.0359 3468 WmiAcpi - ok
11:24:49.0468 3468 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:24:49.0609 3468 WSTCODEC - ok
11:24:49.0656 3468 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:24:49.0734 3468 WudfPf - ok
11:24:49.0781 3468 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:24:49.0812 3468 WudfRd - ok
11:24:49.0875 3468 ZTEusbmdm6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
11:24:49.0968 3468 ZTEusbmdm6k - ok
11:24:50.0031 3468 ZTEusbnmea (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
11:24:50.0062 3468 ZTEusbnmea - ok
11:24:50.0093 3468 ZTEusbser6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
11:24:50.0109 3468 ZTEusbser6k - ok
11:24:50.0140 3468 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
11:24:50.0375 3468 \Device\Harddisk0\DR0 - ok
11:24:50.0375 3468 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
11:24:50.0578 3468 \Device\Harddisk1\DR3 - ok
11:24:50.0593 3468 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR6
11:24:51.0968 3468 \Device\Harddisk3\DR6 - ok
11:24:51.0968 3468 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR13
11:24:52.0765 3468 \Device\Harddisk6\DR13 - ok
11:24:52.0781 3468 Boot (0x1200) (70f4580ec94a70baa7ede7ac1354ed0d) \Device\Harddisk0\DR0\Partition0
11:24:52.0781 3468 \Device\Harddisk0\DR0\Partition0 - ok
11:24:52.0796 3468 Boot (0x1200) (917615210f6554834d8803641b04cefd) \Device\Harddisk0\DR0\Partition1
11:24:52.0796 3468 \Device\Harddisk0\DR0\Partition1 - ok
11:24:52.0812 3468 Boot (0x1200) (bffe8617e297d173e12ab9df2e50a3c2) \Device\Harddisk1\DR3\Partition0
11:24:52.0812 3468 \Device\Harddisk1\DR3\Partition0 - ok
11:24:52.0812 3468 Boot (0x1200) (2d7fc1190cee36507815f5888cbb4c5f) \Device\Harddisk3\DR6\Partition0
11:24:52.0812 3468 \Device\Harddisk3\DR6\Partition0 - ok
11:24:52.0828 3468 Boot (0x1200) (35e58e79ac486409f9c95ef4729b4eff) \Device\Harddisk6\DR13\Partition0
11:24:52.0828 3468 \Device\Harddisk6\DR13\Partition0 - ok
11:24:52.0828 3468 ============================================================
11:24:52.0828 3468 Scan finished
11:24:52.0828 3468 ============================================================
11:24:52.0937 3628 Detected object count: 11
11:24:52.0937 3628 Actual detected object count: 11
11:24:59.0687 3628 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0687 3628 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:24:59.0687 3628 BTWDNDIS ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0687 3628 BTWDNDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:24:59.0687 3628 btwmodem ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0687 3628 btwmodem ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:24:59.0703 3628 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0703 3628 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:24:59.0703 3628 CLEDX ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0703 3628 CLEDX ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:24:59.0703 3628 GTIPCI21 ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0703 3628 GTIPCI21 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:24:59.0703 3628 Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0703 3628 Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:24:59.0703 3628 NetworkX ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0703 3628 NetworkX ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:24:59.0718 3628 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0718 3628 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:24:59.0718 3628 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:24:59.0718 3628 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:24:59.0718 3628 tifm21 ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0718 3628 tifm21 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
08.03.2012, 10:41
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | gema-trojaner (100 euro-version) win xp Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
08.03.2012, 12:57
| #14 |
| | gema-trojaner (100 euro-version) win xpCode:
ATTFilter ComboFix 12-03-08.01 - flo 08.03.2012 13:46:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2039.1650 [GMT 1:00]
ausgeführt von:: d:\downloads\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1\1&1 SmartFax\Settings.xml
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\ContextMenuHandler.html
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\que\notifyq.dqueue
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\que\notifyq.lqueue
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\SipClientSettings.xml
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\1&1 SmartFax\FaxNumberHistory.xml
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\1&1 SmartFax\Settings.xml
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\1&1 SoftPhone\CurrentLog.txt
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\1&1 SoftPhone\QuickDial.xml
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\1&1 SoftPhone\SipClientHistory.xml
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\1&1 SoftPhone\SipClientSettings.xml
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\1&1 SoftPhone\SipLog.cdb
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\1&1 SoftPhone\SipLog.lck
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\Common\Contacts.cdb
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\Common\Contacts.lck
c:\windows\iun6002.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\sfklg.dat
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-08 bis 2012-03-08 ))))))))))))))))))))))))))))))
.
.
2012-03-08 05:22 . 2012-03-08 05:22 -------- d-----w- c:\programme\MSXML 4.0
2012-03-07 10:21 . 2010-08-23 16:11 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-03-07 10:20 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-03-07 10:16 . 2011-12-19 08:53 449536 -c----w- c:\windows\system32\dllcache\mshtmled.dll
2012-03-07 10:16 . 2011-12-19 08:53 37888 -c----w- c:\windows\system32\dllcache\url.dll
2012-03-07 10:16 . 2011-12-19 08:53 532480 -c----w- c:\windows\system32\dllcache\mstime.dll
2012-03-07 10:15 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2012-03-07 10:12 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll
2012-03-07 10:11 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-03-07 10:11 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-03-07 10:11 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-07 10:09 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-03-06 12:31 . 2012-03-06 12:31 -------- d-----w- c:\dokumente und einstellungen\flo\Anwendungsdaten\Malwarebytes
2012-03-06 12:31 . 2012-03-06 12:31 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-03-06 12:31 . 2012-03-06 12:31 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-03-06 12:31 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 11:35 . 2012-03-06 16:28 -------- d-----w- c:\programme\rkfree
2012-03-06 11:35 . 2012-03-06 11:35 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\rkfree
2012-03-06 04:51 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2012-03-06 04:48 . 2012-03-06 04:48 -------- d-----w- C:\_OTL
2012-03-05 23:16 . 2012-03-05 23:16 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2012-03-05 23:16 . 2012-03-05 23:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-29 09:41 . 2012-02-29 09:41 -------- d-----w- c:\dokumente und einstellungen\flo\Anwendungsdaten\Nokia Suite
2012-02-29 09:25 . 2012-02-29 09:29 -------- d-----w- c:\dokumente und einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Nokia
2012-02-29 09:24 . 2012-02-29 09:41 -------- d-----w- c:\dokumente und einstellungen\flo\Anwendungsdaten\Nokia
2012-02-29 09:24 . 2012-02-29 09:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Suite
2012-02-29 09:24 . 2012-02-29 09:40 -------- d-----w- c:\dokumente und einstellungen\flo\Anwendungsdaten\PC Suite
2012-02-29 09:23 . 2012-02-29 09:24 -------- d-----w- c:\programme\Gemeinsame Dateien\Nokia
2012-02-29 09:23 . 2012-02-29 09:23 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Nokia
2012-02-28 12:18 . 2012-02-28 12:18 -------- d-----w- c:\programme\Dropbox
2012-02-28 11:40 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-02-28 11:40 . 2012-02-28 11:40 -------- d-----w- c:\programme\PC Connectivity Solution
2012-02-28 11:40 . 2011-11-01 09:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-02-28 11:40 . 2011-11-01 09:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2012-02-28 11:40 . 2011-11-01 09:07 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2012-02-28 11:40 . 2011-11-01 09:07 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2012-02-28 11:40 . 2011-11-01 09:07 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2012-02-28 11:40 . 2011-11-01 09:07 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll
2012-02-28 11:40 . 2011-11-01 09:07 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll
2012-02-28 11:40 . 2011-11-01 09:07 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2012-02-28 11:38 . 2008-04-14 02:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-02-28 11:37 . 2012-02-29 09:37 -------- d-----w- c:\windows\system32\drivers\UMDF
2012-02-28 11:35 . 2012-02-29 09:23 -------- d-----w- c:\programme\Nokia
2012-02-14 11:30 . 2012-02-14 11:30 -------- d-----w- c:\programme\ESET
2012-02-11 21:45 . 2012-02-11 21:45 715038 ----a-w- c:\windows\unins002.exe
2012-02-11 21:45 . 2011-09-23 13:41 2557440 ----a-w- c:\programme\Mozilla Firefox\plugins\NpFp530.dll
2012-02-11 21:27 . 2011-09-23 13:43 1623552 ----a-w- c:\programme\Mozilla Firefox\plugins\NpFv530.dll
2012-02-11 21:27 . 2012-02-11 21:27 715038 ----a-w- c:\windows\unins001.exe
2012-02-11 21:23 . 2009-09-21 10:00 1447328 ----a-w- c:\programme\Mozilla Firefox\plugins\NpFv522.dll
2012-02-11 21:23 . 2012-02-11 21:23 -------- d-----w- c:\dokumente und einstellungen\flo\Anwendungsdaten\Flatcast
2012-02-11 21:23 . 2012-02-11 21:23 695578 ----a-w- c:\windows\unins000.exe
2012-02-11 10:29 . 2012-02-11 10:29 -------- d-----w- c:\programme\Karaoke Anything!
2012-02-11 10:27 . 2012-02-11 10:27 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Sibelius Software
2012-02-11 10:27 . 2012-02-11 10:31 -------- d-----w- c:\dokumente und einstellungen\flo\Anwendungsdaten\Sibelius Software
2012-02-10 11:59 . 2012-02-10 11:59 -------- d-----w- c:\programme\Sibelius Software
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 23:16 . 2011-06-19 21:47 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2012-03-05 23:01 . 2012-03-05 23:01 883431 ----a-w- C:\_OTL.zip
2012-01-14 15:58 . 2012-01-14 15:58 6656 ----a-w- c:\windows\system32\haspvdd.dll
2012-01-14 15:58 . 2012-01-14 15:58 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2012-01-12 17:20 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-07 12:21 . 2012-01-07 12:21 1122304 ---h--w- c:\windows\system32\wodfamop.dll
2012-01-07 12:19 . 2011-11-23 19:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-19 08:53 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:53 . 2006-02-28 12:00 672768 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-12-19 08:52 . 2006-02-28 12:00 371200 ----a-w- c:\windows\system32\html.iec
2009-05-29 12:02 . 2011-04-02 16:11 818176 ----a-w- c:\programme\Kopie von FL Studio VSTi.dll
2012-02-18 11:08 . 2012-01-12 21:38 134104 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\flo\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\flo\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\flo\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\flo\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
"TabletTip"="c:\programme\Gemeinsame Dateien\microsoft shared\ink\tabtip.exe" [2008-04-14 271872]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"QlbCtrl.exe"="c:\programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"UIExec"="c:\programme\Join Air\UIExec.exe" [2010-04-27 138072]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\dokumente und einstellungen\flo\Startmenü\Programme\Autostart\
Adobe Gamma.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\programme\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-27 581693]
Watch.lnk - c:\programme\4.0M MPEG4 DV\Console\Watch.exe [2011-4-6 208896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 02:22 47104 ----a-w- c:\programme\Gemeinsame Dateien\Microsoft Shared\Ink\loginkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 02:43 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 02:22 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programme\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programme\\1&1\\1&1 SoftPhone\\IPPHONEUI.EXE"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Sibelius Software\\Sibelius 6\\RegTool.exe"=
"c:\\Programme\\Sibelius Software\\Sibelius 6\\Sibelius.exe"=
"c:\\Dokumente und Einstellungen\\flo\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\WINDOWS\\system32\\WUAUCLT.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.03.2011 12:51 722416]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [28.07.2011 18:23 99896]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [06.03.2012 13:31 652360]
R2 UI Assistant Service;UI Assistant Service;c:\programme\Join Air\AssistantServices.exe [27.05.2011 13:34 247152]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [16.03.2011 11:21 33792]
R3 Com4QLBEx;Com4QLBEx;c:\programme\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21.04.2011 11:25 193840]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [09.05.2007 13:27 97280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06.03.2012 13:31 20464]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [22.01.2007 13:09 34736]
S2 Ca536av;4.0M MPEG4 DV Video Capture;c:\windows\system32\drivers\Ca536av.sys [06.04.2011 15:58 514155]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [31.05.2011 10:49 136176]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [31.05.2011 10:49 136176]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [27.05.2011 13:34 9216]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [28.07.2011 18:23 17408]
S3 WacomPen;Wacom HID-Treiber für seriellen Stift;c:\windows\system32\drivers\wacompen.sys [15.03.2011 00:44 14208]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 56877647
*Deregistered* - 56877647
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-05-31 09:49]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-05-31 09:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uDefault_Search_URL =
uInternet Settings,ProxyOverride = <local>
uSearchAssistant =
IE: &Download by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/202
IE: In 1&&1 SoftPhone wählen - c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\ContextMenuHandler.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Senden an &Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.ftp - 10.1.0.0
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 10.1.0.0
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 10.1.0.0
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 10.1.0.0
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Karaoke Anything!1.0 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-08 13:51
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:ae,a4,ff,78,f5,77,36,25,7b,67,5f,be,27,c5,3b,b8,27,30,d6,93,5d,
be,af,75,29,08,7a,a4,4d,3d,36,88,b5,43,c4,03,2f,df,6b,b4,be,ee,6f,a2,76,2c,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:ae,a4,ff,78,f5,77,36,25,7b,67,5f,be,27,c5,3b,b8,27,30,d6,93,5d,
be,af,75,29,08,7a,a4,4d,3d,36,88,b5,43,c4,03,2f,df,6b,b4,be,ee,6f,a2,76,2c,\
.
Zeit der Fertigstellung: 2012-03-08 13:56:32
ComboFix-quarantined-files.txt 2012-03-08 12:56
.
Vor Suchlauf: 1.080.221.696 Bytes frei
Nach Suchlauf: 1.107.738.624 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 07C82FC4D6B89D01CE18FD9FFFB2B514
|
|
08.03.2012, 13:39
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | gema-trojaner (100 euro-version) win xp Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"=-
"1947:UDP"=-
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
| Themen zu gema-trojaner (100 euro-version) win xp |
| 0x00000001, adobe, alternate, bho, bluescreen, conduit, desktop, disabletaskmgr, downloader, einstellungen, error, excel, explorer, firefox, format, google, helper, logfile, microsoft office word, port, registry, rundll, scan, senden, services.exe, software, starten, studio, tablet, windows, windows xp, winlogon.exe |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
