| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virusfund NSIS:Bundlore-B[Adw]Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.07.2012, 16:52
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | ![Virusfund NSIS:Bundlore-B[Adw] - Standard](images/icons/icon1.gif){kind=icon} Virusfund NSIS:Bundlore-B[Adw] adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.07.2012, 17:04
| #17 |
 | Virusfund NSIS:Bundlore-B[Adw] Und hier wieder das gewünschte Log:
__________________Code:
ATTFilter # AdwCleaner v1.702 - Logfile created 07/16/2012 at 18:01:35
# Updated 13/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - MIRIAM-PC
# Running from : C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\AskBarDis
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [1371 octets] - [16/07/2012 17:25:14]
AdwCleaner[S1].txt - [1318 octets] - [16/07/2012 18:01:35]
########## EOF - C:\AdwCleaner[S1].txt - [1446 octets] ##########
|
|
16.07.2012, 21:56
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virusfund NSIS:Bundlore-B[Adw] Hätte da mal zwei Fragen bevor es weiter geht
__________________1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ |
|
17.07.2012, 07:06
| #19 |
| | Virusfund NSIS:Bundlore-B[Adw] Ich hatte vorher keine Probleme und habe jetzt auch keine, es funktioniert also alles und alles, was da sein sollte, ist auch da. Edit: Was mir nur wieder beim Herunterfahren aufgefallen ist ist, dass Windows zwar angibt, dass es sechs Updates macht, dann aber nur eines installiert und dann ganz normal wie sonst herunterfährt. Das ist jetzt bestimmt schon viermal hintereinander passiert und Windows gibt auch immer genau sechs Updates an, ist das so normal? Geändert von Linkashi (17.07.2012 um 07:16 Uhr) |
|
17.07.2012, 14:41
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virusfund NSIS:Bundlore-B[Adw] Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.07.2012, 15:22
| #21 |
| | Virusfund NSIS:Bundlore-B[Adw] Hier das OTL-Log: Code:
ATTFilter OTL logfile created on: 17.07.2012 15:57:49 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,48 Mb Total Physical Memory | 532,40 Mb Available Physical Memory | 52,02% Memory free
2,41 Gb Paging File | 2,02 Gb Available in Paging File | 84,01% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 24,41 Gb Total Space | 7,37 Gb Free Space | 30,20% Space Free | Partition Type: NTFS
Drive D: | 50,11 Gb Total Space | 26,83 Gb Free Space | 53,55% Space Free | Partition Type: NTFS
Computer Name: MIRIAM-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.17 15:53:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL (1).exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.03.27 04:28:45 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008.10.18 10:55:47 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.02.02 18:26:44 | 000,283,136 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\FRITZWLANMini.exe
PRC - [2006.11.13 14:50:28 | 001,289,000 | ---- | M] (Microsoft Corporation) -- D:\Programme\Microsoft ActiveSync\wcescomm.exe
PRC - [2006.11.13 14:50:16 | 000,199,464 | ---- | M] (Microsoft Corporation) -- D:\Programme\Microsoft ActiveSync\rapimgr.exe
PRC - [2004.09.29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
========== Modules (No Company Name) ==========
MOD - [2012.07.17 09:34:02 | 001,783,808 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12071700\algo.dll
MOD - [2012.07.16 20:34:17 | 001,783,296 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12071601\algo.dll
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2008.10.18 15:08:31 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.07.13 09:47:00 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.06.17 17:59:18 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.02.18 18:48:23 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.05.29 10:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.09.29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.07.03 18:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.07.03 18:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.10.18 15:29:03 | 000,437,760 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WlanUZXP.sys -- (ZY202_XP)
DRV - [2008.10.18 15:27:56 | 000,429,440 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2008.10.18 15:18:23 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2008.10.18 14:47:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2008.10.18 11:55:06 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2008.10.18 11:54:44 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.10.18 10:58:01 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2008.02.01 13:54:04 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2007.01.26 02:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.01.26 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2001.08.02 13:18:06 | 000,247,799 | ---- | M] (Avance Logic, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Avance AC'97 Audio (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-1957994488-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-861567501-1957994488-1343024091-500\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-861567501-1957994488-1343024091-500\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-861567501-1957994488-1343024091-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-861567501-1957994488-1343024091-500\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-861567501-1957994488-1343024091-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-861567501-1957994488-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-1957994488-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {1de0de3c-0b5c-4f67-90c6-689623894991}:0.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Apple\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.07.07 19:10:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.17 17:59:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.23 18:37:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: D:\Programme\Thunderbird\components [2012.04.11 13:38:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: D:\Programme\Thunderbird\plugins
[2009.02.18 18:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2012.07.13 10:11:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\eeuby0m3.default\extensions
[2012.01.01 19:40:57 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\eeuby0m3.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}(2)
[2009.02.18 19:21:20 | 000,000,000 | ---D | M] ("Tab Preview") -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\eeuby0m3.default\extensions\{1de0de3c-0b5c-4f67-90c6-689623894991}
[2010.04.28 10:44:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\eeuby0m3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.22 19:26:11 | 000,000,000 | ---D | M] (IE Tab) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\eeuby0m3.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2012.05.25 08:57:30 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\eeuby0m3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.01.01 19:31:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\eeuby0m3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2012.05.13 14:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.07 19:04:34 | 000,084,634 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EEUBY0M3.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2012.07.13 10:11:56 | 000,743,290 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EEUBY0M3.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.04.07 19:06:10 | 000,140,964 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EEUBY0M3.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI
[2012.07.07 19:10:23 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMME\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.04.08 17:28:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.06.17 17:59:19 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.04.08 17:28:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: about:blank
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Programme\Apple\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: WOT = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.0_0\
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: legend of zelda: skyward sword = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\gbopimonfdeologfhgopbocbioagaopk\1_0\
CHR - Extension: AdBlock = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\
CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.01.28 20:26:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-861567501-1957994488-1343024091-500..\Run: [H/PC Connection Agent] D:\Programme\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-1957994488-1343024091-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-861567501-1957994488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-861567501-1957994488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-21-861567501-1957994488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-861567501-1957994488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-861567501-1957994488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9548A432-5817-4D94-B165-9A39A9F4810E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACCCACB5-B007-44BE-85AC-17F4F211A461}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.18 18:13:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.07.17 15:53:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL (1).exe
[2012.07.17 08:11:50 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2012.07.15 22:11:14 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.07.15 22:09:57 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe
[2012.07.15 19:39:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
========== Files - Modified Within 30 Days ==========
[2012.07.17 15:53:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL (1).exe
[2012.07.17 15:50:22 | 000,073,451 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.07.17 15:50:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.17 15:50:07 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.17 08:12:37 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012.07.16 17:24:00 | 000,624,883 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe
[2012.07.15 22:10:03 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe
[2012.07.15 19:31:01 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd62af9a461ba0.job
[2012.07.14 20:19:05 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.07.14 20:17:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.13 17:11:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.13 12:27:59 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.13 09:47:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.07 19:10:25 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.07.07 19:10:24 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.07.03 18:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.07.03 18:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.07.03 18:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2012.07.16 17:23:57 | 000,624,883 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe
[2012.07.15 19:31:01 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd62af9a461ba0.job
[2012.07.07 19:10:24 | 000,000,308 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.03.16 14:51:55 | 001,456,640 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\Falk Navi-Manager.msi
[2012.03.16 14:49:31 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc
[2012.02.21 18:37:58 | 000,008,041 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\.recently-used.xbel
[2012.02.17 15:36:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.28 16:16:05 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2011.12.07 21:01:55 | 000,265,680 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-861567501-1957994488-1343024091-500-0.dat
[2011.12.07 21:01:42 | 000,265,680 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.06.24 11:39:28 | 000,083,968 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2011.06.24 11:38:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2011.06.24 11:38:55 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2011.03.17 12:33:16 | 000,043,028 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.01.25 15:57:34 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2009.02.19 16:15:16 | 000,069,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2011.08.11 23:15:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\.minecraft
[2011.08.11 13:34:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoft
[2011.05.16 20:47:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers
[2009.03.01 17:24:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\e frontier
[2012.01.24 23:44:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0
[2012.02.06 00:41:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ
[2012.04.11 13:14:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Image Zone Express
[2011.12.07 20:20:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Samsung
[2012.04.10 18:24:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SoftGrid Client
[2012.04.11 13:38:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird
[2012.02.21 12:22:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TP
[2009.02.18 18:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2012.07.13 10:09:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WordToPDF
[2012.02.01 21:24:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2009.02.18 18:44:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DFX
[2012.02.05 22:20:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2012.01.01 19:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2009.02.18 18:48:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012.04.04 19:28:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VirtualizedApplications
[2011.02.17 11:07:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.02.05 22:20:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
[2009.02.18 19:00:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2012.07.07 19:10:24 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012.07.17 08:12:37 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.08.11 23:15:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\.minecraft
[2012.01.30 19:16:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
[2011.09.02 16:35:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Apple Computer
[2011.06.15 21:35:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\codeblocks
[2009.02.18 19:33:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CyberLink
[2012.01.27 21:15:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dvdcss
[2011.08.11 13:34:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoft
[2011.05.16 20:47:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers
[2009.03.01 17:24:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\e frontier
[2009.02.19 14:21:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Google
[2012.01.24 23:44:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0
[2009.07.18 18:03:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HP
[2012.02.06 00:41:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ
[2009.02.18 18:50:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities
[2012.04.11 13:14:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Image Zone Express
[2009.02.18 19:24:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia
[2012.01.30 15:17:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2009.02.19 15:47:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Media Player Classic
[2012.02.21 13:22:37 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2009.02.18 18:56:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2009.02.19 14:13:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nero
[2011.12.07 20:20:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Samsung
[2012.04.10 18:24:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SoftGrid Client
[2009.02.18 18:40:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun
[2012.04.11 13:38:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird
[2012.02.21 12:22:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TP
[2009.02.18 18:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2012.03.21 17:38:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
[2012.02.05 22:32:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Winamp
[2009.02.18 19:44:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WinRAR
[2012.07.13 10:09:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WordToPDF
< %APPDATA%\*.exe /s >
[2011.04.06 18:48:16 | 000,270,848 | ---- | M] (Teckda) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\.minecraft\Minecraft Custom Nickname Loader.exe
[2011.01.14 12:37:54 | 000,232,501 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\.minecraft\Minecraft.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008.10.18 11:04:54 | 017,819,574 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: AHCIX86.SYS >
[2008.10.18 15:16:23 | 000,119,808 | ---- | M] (ATI Technologies Inc.) MD5=F1B9E3A223CA684D98BB91FD82157601 -- C:\WINDOWS\NLDRV\255\ahcix86.sys
< MD5 for: ATAPI.SYS >
[2008.10.18 11:04:54 | 017,819,574 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.10.18 11:54:40 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.10.18 11:54:40 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: IASTOR.SYS >
[2008.10.18 15:16:45 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\NLDRV\287\iastor.sys
< MD5 for: NETLOGON.DLL >
[2008.10.18 10:56:39 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=B4D6D344EACDA356D4AAAC7757955F0C -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.10.18 10:56:39 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=B4D6D344EACDA356D4AAAC7757955F0C -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.10.18 10:56:39 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=B4D6D344EACDA356D4AAAC7757955F0C -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: NVATABUS.SYS >
[2008.10.18 15:17:31 | 000,089,856 | ---- | M] (NVIDIA Corporation) MD5=83F0275A21D9772B51CEF57E35AFAE61 -- C:\WINDOWS\NLDRV\309\nvatabus.sys
[2008.10.18 15:17:48 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\NLDRV\314\nvatabus.sys
< MD5 for: NVGTS.SYS >
[2008.10.18 15:17:46 | 000,105,984 | ---- | M] (NVIDIA Corporation) MD5=4BC4BAAED05161E0D331627E90A10745 -- C:\WINDOWS\NLDRV\313\nvgts.sys
< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: USER32.DLL >
[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2008.10.18 15:18:23 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=3A82A61E312ADDB3BE8F1FE3481842B1 -- C:\WINDOWS\NLDRV\366\viamraid.sys
< MD5 for: VIPRT.SYS >
[2008.10.18 15:18:24 | 000,053,248 | ---- | M] (VIA Technologies, Inc.) MD5=682D704CA5B1FEDE6C4BEF0E2188745C -- C:\WINDOWS\NLDRV\369\viprt.sys
< MD5 for: WINLOGON.EXE >
[2008.10.18 10:57:39 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=8069CBC1DAA6DE61A6B438EA0D4AE2A0 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.10.18 10:57:39 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=8069CBC1DAA6DE61A6B438EA0D4AE2A0 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.10.18 10:57:39 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=8069CBC1DAA6DE61A6B438EA0D4AE2A0 -- C:\WINDOWS\system32\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009.02.18 18:49:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.02.18 18:49:47 | 002,625,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.02.18 18:49:46 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< >
< End of report >
|
|
18.07.2012, 14:59
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virusfund NSIS:Bundlore-B[Adw] Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-861567501-1957994488-1343024091-500\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-861567501-1957994488-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-861567501-1957994488-1343024091-500\..\URLSearchHook: - No CLSID value found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-1957994488-1343024091-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-861567501-1957994488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-861567501-1957994488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-21-861567501-1957994488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-861567501-1957994488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-861567501-1957994488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
:Files
D:\Eigene Dateien\Downloads\setup.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.07.2012, 15:34
| #23 |
| | Virusfund NSIS:Bundlore-B[Adw] Mann, Mann, Mann, ziemlich viele Logs, und hier kommt schon das nächste: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-861567501-1957994488-1343024091-500\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
HKU\S-1-5-21-861567501-1957994488-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-861567501-1957994488-1343024091-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktopCleanupWizard deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-861567501-1957994488-1343024091-500\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-861567501-1957994488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-861567501-1957994488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMBalloonTip deleted successfully.
Registry value HKEY_USERS\S-1-5-21-861567501-1957994488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktopCleanupWizard deleted successfully.
Registry value HKEY_USERS\S-1-5-21-861567501-1957994488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood deleted successfully.
Registry value HKEY_USERS\S-1-5-21-861567501-1957994488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
========== FILES ==========
File\Folder D:\Eigene Dateien\Downloads\setup.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 398429 bytes
->Temporary Internet Files folder emptied: 170609 bytes
->Java cache emptied: 12935570 bytes
->FireFox cache emptied: 327774735 bytes
->Google Chrome cache emptied: 268428089 bytes
->Flash cache emptied: 3153 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 36098 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 234240 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 582,00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: LocalService
->Flash cache emptied: 0 bytes
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.54.0 log created on 07182012_162858
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\sigD.tmp not found!
PendingFileRenameOperations files...
File C:\WINDOWS\temp\sigD.tmp not found!
Registry entries deleted on Reboot...
|
|
18.07.2012, 20:29
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virusfund NSIS:Bundlore-B[Adw] Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.07.2012, 07:18
| #25 |
| | Virusfund NSIS:Bundlore-B[Adw] Guten Morgen Arne! Hier das Log: Code:
ATTFilter 08:12:59.0498 3960 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
08:12:59.0698 3960 ============================================================
08:12:59.0698 3960 Current date / time: 2012/07/19 08:12:59.0698
08:12:59.0698 3960 SystemInfo:
08:12:59.0698 3960
08:12:59.0698 3960 OS Version: 5.1.2600 ServicePack: 3.0
08:12:59.0698 3960 Product type: Workstation
08:12:59.0698 3960 ComputerName: MIRIAM-PC
08:12:59.0698 3960 UserName: Administrator
08:12:59.0698 3960 Windows directory: C:\WINDOWS
08:12:59.0698 3960 System windows directory: C:\WINDOWS
08:12:59.0698 3960 Processor architecture: Intel x86
08:12:59.0698 3960 Number of processors: 1
08:12:59.0698 3960 Page size: 0x1000
08:12:59.0698 3960 Boot type: Normal boot
08:12:59.0698 3960 ============================================================
08:13:01.0941 3960 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:13:01.0961 3960 ============================================================
08:13:01.0961 3960 \Device\Harddisk0\DR0:
08:13:01.0961 3960 MBR partitions:
08:13:01.0961 3960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30D3C74
08:13:01.0971 3960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30D3CF2, BlocksNum 0x643690E
08:13:01.0971 3960 ============================================================
08:13:02.0031 3960 C: <-> \Device\Harddisk0\DR0\Partition0
08:13:02.0142 3960 D: <-> \Device\Harddisk0\DR0\Partition1
08:13:02.0242 3960 ============================================================
08:13:02.0242 3960 Initialize success
08:13:02.0242 3960 ============================================================
08:13:19.0286 3976 ============================================================
08:13:19.0286 3976 Scan started
08:13:19.0286 3976 Mode: Manual; SigCheck; TDLFS;
08:13:19.0286 3976 ============================================================
08:13:19.0887 3976 Aavmker4 (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
08:13:20.0148 3976 Aavmker4 - ok
08:13:20.0178 3976 Abiosdsk - ok
08:13:20.0218 3976 abp480n5 - ok
08:13:20.0298 3976 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:13:21.0209 3976 ACPI - ok
08:13:21.0279 3976 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:13:21.0509 3976 ACPIEC - ok
08:13:21.0600 3976 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:13:21.0660 3976 AdobeFlashPlayerUpdateSvc - ok
08:13:21.0710 3976 adpu160m - ok
08:13:21.0790 3976 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:13:22.0070 3976 aec - ok
08:13:22.0130 3976 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
08:13:22.0180 3976 AFD - ok
08:13:22.0230 3976 Aha154x - ok
08:13:22.0271 3976 aic78u2 - ok
08:13:22.0321 3976 aic78xx - ok
08:13:22.0401 3976 ALCXWDM (0f1c1165e6e741b29242e0621fac6924) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
08:13:22.0481 3976 ALCXWDM - ok
08:13:22.0511 3976 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
08:13:22.0761 3976 Alerter - ok
08:13:22.0801 3976 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
08:13:22.0921 3976 ALG - ok
08:13:22.0952 3976 AliIde - ok
08:13:22.0982 3976 amsint - ok
08:13:23.0112 3976 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:13:23.0142 3976 Apple Mobile Device - ok
08:13:23.0222 3976 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
08:13:23.0342 3976 AppMgmt - ok
08:13:23.0372 3976 asc - ok
08:13:23.0422 3976 asc3350p - ok
08:13:23.0462 3976 asc3550 - ok
08:13:23.0562 3976 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
08:13:23.0582 3976 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
08:13:23.0582 3976 Aspi32 - detected UnsignedFile.Multi.Generic (1)
08:13:23.0683 3976 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:13:23.0703 3976 aspnet_state - ok
08:13:23.0793 3976 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:13:23.0823 3976 aswFsBlk - ok
08:13:23.0873 3976 aswMon2 (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
08:13:23.0903 3976 aswMon2 - ok
08:13:23.0973 3976 aswRdr (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\aswRdr.sys
08:13:23.0993 3976 aswRdr - ok
08:13:24.0113 3976 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
08:13:24.0183 3976 aswSnx - ok
08:13:24.0253 3976 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
08:13:24.0313 3976 aswSP - ok
08:13:24.0364 3976 aswTdi (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
08:13:24.0394 3976 aswTdi - ok
08:13:24.0434 3976 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:13:24.0664 3976 AsyncMac - ok
08:13:24.0724 3976 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:13:24.0984 3976 atapi - ok
08:13:25.0035 3976 Atdisk - ok
08:13:25.0085 3976 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:13:25.0345 3976 Atmarpc - ok
08:13:25.0385 3976 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
08:13:25.0675 3976 AudioSrv - ok
08:13:25.0716 3976 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:13:26.0006 3976 audstub - ok
08:13:26.0116 3976 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Programme\AVAST Software\Avast\AvastSvc.exe
08:13:26.0166 3976 avast! Antivirus - ok
08:13:26.0236 3976 avmeject (263cf9d248fd5e020a1333ed4f7eaa88) C:\WINDOWS\system32\drivers\avmeject.sys
08:13:26.0246 3976 avmeject ( UnsignedFile.Multi.Generic ) - warning
08:13:26.0246 3976 avmeject - detected UnsignedFile.Multi.Generic (1)
08:13:26.0306 3976 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:13:26.0557 3976 Beep - ok
08:13:26.0657 3976 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
08:13:26.0977 3976 BITS - ok
08:13:27.0118 3976 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
08:13:27.0168 3976 Bonjour Service - ok
08:13:27.0238 3976 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
08:13:27.0488 3976 Browser - ok
08:13:27.0829 3976 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
08:13:28.0099 3976 BthEnum - ok
08:13:28.0159 3976 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
08:13:28.0429 3976 BTHMODEM - ok
08:13:28.0479 3976 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
08:13:28.0750 3976 BthPan - ok
08:13:28.0840 3976 BTHPORT (f55bfd05892c321fb7470d334d6b44e1) C:\WINDOWS\system32\Drivers\BTHport.sys
08:13:28.0900 3976 BTHPORT - ok
08:13:28.0950 3976 BthServ (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll
08:13:29.0221 3976 BthServ - ok
08:13:29.0261 3976 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
08:13:29.0541 3976 BTHUSB - ok
08:13:29.0611 3976 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:13:29.0851 3976 cbidf2k - ok
08:13:29.0902 3976 cd20xrnt - ok
08:13:29.0952 3976 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:13:30.0192 3976 Cdaudio - ok
08:13:30.0242 3976 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:13:30.0502 3976 Cdfs - ok
08:13:30.0562 3976 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:13:30.0613 3976 Cdrom - ok
08:13:30.0633 3976 Changer - ok
08:13:30.0693 3976 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
08:13:30.0943 3976 CiSvc - ok
08:13:30.0983 3976 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
08:13:31.0263 3976 ClipSrv - ok
08:13:31.0364 3976 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:13:31.0404 3976 clr_optimization_v2.0.50727_32 - ok
08:13:31.0494 3976 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:13:31.0554 3976 clr_optimization_v4.0.30319_32 - ok
08:13:31.0574 3976 CmdIde - ok
08:13:31.0624 3976 COMSysApp - ok
08:13:31.0684 3976 Cpqarray - ok
08:13:31.0774 3976 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
08:13:32.0035 3976 CryptSvc - ok
08:13:32.0075 3976 dac2w2k - ok
08:13:32.0125 3976 dac960nt - ok
08:13:32.0215 3976 DcomLaunch (d3d765e8455a961ae567b408f767d4f9) C:\WINDOWS\system32\rpcss.dll
08:13:32.0315 3976 DcomLaunch - ok
08:13:32.0385 3976 Dhcp (820110cffee9690d64f67d941ddb7879) C:\WINDOWS\System32\dhcpcsvc.dll
08:13:32.0445 3976 Dhcp - ok
08:13:32.0495 3976 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
08:13:32.0525 3976 Disk - ok
08:13:32.0585 3976 dmadmin - ok
08:13:32.0726 3976 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
08:13:33.0026 3976 dmboot - ok
08:13:33.0076 3976 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
08:13:33.0326 3976 dmio - ok
08:13:33.0397 3976 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:13:33.0667 3976 dmload - ok
08:13:33.0727 3976 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
08:13:33.0987 3976 dmserver - ok
08:13:34.0037 3976 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:13:34.0278 3976 DMusic - ok
08:13:34.0348 3976 Dnscache (4548494812ba3b416d489e0c6af8d643) C:\WINDOWS\System32\dnsrslvr.dll
08:13:34.0388 3976 Dnscache - ok
08:13:34.0458 3976 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
08:13:34.0718 3976 Dot3svc - ok
08:13:34.0748 3976 dpti2o - ok
08:13:34.0809 3976 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:13:35.0059 3976 drmkaud - ok
08:13:35.0109 3976 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
08:13:35.0399 3976 EapHost - ok
08:13:35.0429 3976 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
08:13:35.0730 3976 ERSvc - ok
08:13:35.0780 3976 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
08:13:36.0030 3976 es1371 - ok
08:13:36.0080 3976 Eventlog (f0a7d59af279326528715b206669b86c) C:\WINDOWS\system32\services.exe
08:13:36.0120 3976 Eventlog - ok
08:13:36.0211 3976 EventSystem (ada7241c16f3f42c7f210539fad5f3aa) C:\WINDOWS\system32\es.dll
08:13:36.0261 3976 EventSystem - ok
08:13:36.0321 3976 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:13:36.0561 3976 Fastfat - ok
08:13:36.0621 3976 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
08:13:36.0691 3976 FastUserSwitchingCompatibility - ok
08:13:36.0751 3976 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:13:37.0022 3976 Fdc - ok
08:13:37.0072 3976 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
08:13:37.0332 3976 Fips - ok
08:13:37.0382 3976 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:13:37.0653 3976 Flpydisk - ok
08:13:37.0703 3976 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:13:37.0943 3976 FltMgr - ok
08:13:38.0043 3976 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:13:38.0083 3976 FontCache3.0.0.0 - ok
08:13:38.0123 3976 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:13:38.0384 3976 Fs_Rec - ok
08:13:38.0434 3976 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:13:38.0684 3976 Ftdisk - ok
08:13:38.0754 3976 FWLANUSB (ff12fa487265da2ac7de4be53f72ff1a) C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
08:13:38.0794 3976 FWLANUSB - ok
08:13:38.0864 3976 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
08:13:39.0145 3976 gameenum - ok
08:13:39.0185 3976 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
08:13:39.0215 3976 GEARAspiWDM - ok
08:13:39.0275 3976 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:13:39.0565 3976 Gpc - ok
08:13:39.0646 3976 gupdate1c9928c6e787940 (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe
08:13:39.0696 3976 gupdate1c9928c6e787940 - ok
08:13:39.0736 3976 gupdatem (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe
08:13:39.0766 3976 gupdatem - ok
08:13:39.0796 3976 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
08:13:39.0836 3976 hamachi - ok
08:13:39.0906 3976 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:13:40.0166 3976 helpsvc - ok
08:13:40.0196 3976 HidServ - ok
08:13:40.0226 3976 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:13:40.0487 3976 hidusb - ok
08:13:40.0537 3976 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
08:13:40.0817 3976 hkmsvc - ok
08:13:40.0847 3976 hpn - ok
08:13:40.0907 3976 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
08:13:40.0957 3976 HPZid412 - ok
08:13:40.0997 3976 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
08:13:41.0068 3976 HPZipr12 - ok
08:13:41.0108 3976 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
08:13:41.0158 3976 HPZius12 - ok
08:13:41.0228 3976 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
08:13:41.0458 3976 HSFHWBS2 - ok
08:13:41.0608 3976 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
08:13:41.0909 3976 HSF_DP - ok
08:13:41.0979 3976 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:13:42.0029 3976 HTTP - ok
08:13:42.0069 3976 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
08:13:42.0319 3976 HTTPFilter - ok
08:13:42.0349 3976 i2omgmt - ok
08:13:42.0379 3976 i2omp - ok
08:13:42.0430 3976 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:13:42.0680 3976 i8042prt - ok
08:13:42.0790 3976 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:13:42.0810 3976 IDriverT ( UnsignedFile.Multi.Generic ) - warning
08:13:42.0810 3976 IDriverT - detected UnsignedFile.Multi.Generic (1)
08:13:42.0980 3976 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:13:43.0060 3976 idsvc - ok
08:13:43.0121 3976 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:13:43.0381 3976 Imapi - ok
08:13:43.0461 3976 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
08:13:43.0681 3976 ImapiService - ok
08:13:43.0751 3976 ini910u - ok
08:13:43.0822 3976 IntelIde - ok
08:13:43.0872 3976 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:13:44.0112 3976 intelppm - ok
08:13:44.0142 3976 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:13:44.0422 3976 Ip6Fw - ok
08:13:44.0482 3976 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:13:44.0733 3976 IpFilterDriver - ok
08:13:44.0783 3976 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:13:45.0023 3976 IpInIp - ok
08:13:45.0083 3976 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:13:45.0314 3976 IpNat - ok
08:13:45.0464 3976 iPod Service (49918803b661367023bf325cf602afdc) C:\Programme\iPod\bin\iPodService.exe
08:13:45.0564 3976 iPod Service - ok
08:13:45.0614 3976 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:13:45.0864 3976 IPSec - ok
08:13:45.0935 3976 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:13:46.0035 3976 IRENUM - ok
08:13:46.0095 3976 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:13:46.0335 3976 isapnp - ok
08:13:46.0435 3976 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
08:13:46.0465 3976 JavaQuickStarterService - ok
08:13:46.0515 3976 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:13:46.0776 3976 Kbdclass - ok
08:13:46.0826 3976 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:13:47.0066 3976 kmixer - ok
08:13:47.0116 3976 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
08:13:47.0166 3976 KSecDD - ok
08:13:47.0226 3976 LanmanServer (41202c42c8d1a4465ab121f806e93f24) C:\WINDOWS\System32\srvsvc.dll
08:13:47.0266 3976 LanmanServer - ok
08:13:47.0337 3976 lanmanworkstation (c9b816901c1abf28ba6c5b6cb65eb75b) C:\WINDOWS\System32\wkssvc.dll
08:13:47.0397 3976 lanmanworkstation - ok
08:13:47.0417 3976 lbrtfdc - ok
08:13:47.0497 3976 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
08:13:47.0757 3976 LmHosts - ok
08:13:47.0857 3976 MDM (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
08:13:47.0897 3976 MDM - ok
08:13:47.0957 3976 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:13:48.0218 3976 mdmxsdk - ok
08:13:48.0268 3976 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
08:13:48.0538 3976 Messenger - ok
08:13:48.0568 3976 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:13:48.0809 3976 mnmdd - ok
08:13:48.0869 3976 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
08:13:49.0109 3976 mnmsrvc - ok
08:13:49.0179 3976 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
08:13:49.0430 3976 Modem - ok
08:13:49.0460 3976 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
08:13:49.0730 3976 MODEMCSA - ok
08:13:49.0760 3976 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:13:50.0020 3976 Mouclass - ok
08:13:50.0091 3976 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:13:50.0361 3976 mouhid - ok
08:13:50.0431 3976 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:13:50.0691 3976 MountMgr - ok
08:13:50.0772 3976 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
08:13:50.0812 3976 MozillaMaintenance - ok
08:13:50.0852 3976 mraid35x - ok
08:13:50.0922 3976 MRxDAV (0a25b866933d126d1e831fd025a278c2) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:13:50.0982 3976 MRxDAV - ok
08:13:51.0082 3976 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:13:51.0152 3976 MRxSmb - ok
08:13:51.0182 3976 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
08:13:51.0422 3976 MSDTC - ok
08:13:51.0533 3976 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:13:51.0783 3976 Msfs - ok
08:13:51.0813 3976 MSIServer - ok
08:13:51.0863 3976 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:13:52.0103 3976 MSKSSRV - ok
08:13:52.0144 3976 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:13:52.0394 3976 MSPCLOCK - ok
08:13:52.0434 3976 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:13:52.0684 3976 MSPQM - ok
08:13:52.0744 3976 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:13:52.0975 3976 mssmbios - ok
08:13:53.0045 3976 Mup (f7b1ad991491f02af6da70b00b8bf114) C:\WINDOWS\system32\drivers\Mup.sys
08:13:53.0105 3976 Mup - ok
08:13:53.0185 3976 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
08:13:53.0435 3976 napagent - ok
08:13:53.0505 3976 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys
08:13:53.0546 3976 NDIS - ok
08:13:53.0576 3976 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:13:53.0626 3976 NdisTapi - ok
08:13:53.0676 3976 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:13:53.0926 3976 Ndisuio - ok
08:13:53.0976 3976 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:13:54.0026 3976 NdisWan - ok
08:13:54.0076 3976 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:13:54.0106 3976 NDProxy - ok
08:13:54.0146 3976 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:13:54.0407 3976 NetBIOS - ok
08:13:54.0467 3976 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:13:54.0707 3976 NetBT - ok
08:13:54.0767 3976 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
08:13:55.0018 3976 NetDDE - ok
08:13:55.0038 3976 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
08:13:55.0378 3976 NetDDEdsdm - ok
08:13:55.0448 3976 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:13:55.0759 3976 Netlogon - ok
08:13:55.0879 3976 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
08:13:56.0159 3976 Netman - ok
08:13:56.0269 3976 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:13:56.0289 3976 NetTcpPortSharing - ok
08:13:56.0380 3976 Nla (4aa50627b01c0e9c6b4c6bd3af648f12) C:\WINDOWS\System32\mswsock.dll
08:13:56.0440 3976 Nla - ok
08:13:56.0480 3976 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:13:56.0740 3976 Npfs - ok
08:13:56.0820 3976 Ntfs (a0857c97770034fd2af17dc4014b5abd) C:\WINDOWS\system32\drivers\Ntfs.sys
08:13:56.0900 3976 Ntfs - ok
08:13:56.0930 3976 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:13:57.0171 3976 NtLmSsp - ok
08:13:57.0261 3976 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
08:13:57.0541 3976 NtmsSvc - ok
08:13:57.0581 3976 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:13:57.0822 3976 Null - ok
08:13:58.0192 3976 nv (b19c2aae0922072ff4a467f2a37620ad) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:13:58.0473 3976 nv - ok
08:13:58.0743 3976 NVSvc (8dd96310e0559ccad87eb52b5258b84b) C:\WINDOWS\system32\nvsvc32.exe
08:13:58.0823 3976 NVSvc - ok
08:13:58.0883 3976 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:13:59.0134 3976 NwlnkFlt - ok
08:13:59.0184 3976 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:13:59.0414 3976 NwlnkFwd - ok
08:13:59.0514 3976 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
08:13:59.0544 3976 ose - ok
08:13:59.0624 3976 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
08:13:59.0915 3976 Parport - ok
08:13:59.0935 3976 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:14:00.0215 3976 PartMgr - ok
08:14:00.0275 3976 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
08:14:00.0516 3976 ParVdm - ok
08:14:00.0586 3976 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
08:14:00.0826 3976 PCI - ok
08:14:00.0856 3976 PCIDump - ok
08:14:00.0906 3976 PCIIde - ok
08:14:00.0976 3976 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:14:01.0257 3976 Pcmcia - ok
08:14:01.0297 3976 PDCOMP - ok
08:14:01.0347 3976 PDFRAME - ok
08:14:01.0387 3976 PDRELI - ok
08:14:01.0437 3976 PDRFRAME - ok
08:14:01.0487 3976 perc2 - ok
08:14:01.0527 3976 perc2hib - ok
08:14:01.0717 3976 PlugPlay (f0a7d59af279326528715b206669b86c) C:\WINDOWS\system32\services.exe
08:14:01.0767 3976 PlugPlay - ok
08:14:01.0827 3976 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
08:14:01.0847 3976 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:14:01.0847 3976 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:14:01.0918 3976 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:14:02.0158 3976 PolicyAgent - ok
08:14:02.0238 3976 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:14:02.0478 3976 PptpMiniport - ok
08:14:02.0528 3976 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:14:02.0769 3976 ProtectedStorage - ok
08:14:02.0819 3976 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:14:03.0089 3976 PSched - ok
08:14:03.0159 3976 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:14:03.0390 3976 Ptilink - ok
08:14:03.0450 3976 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:14:03.0480 3976 PxHelp20 - ok
08:14:03.0530 3976 ql1080 - ok
08:14:03.0590 3976 Ql10wnt - ok
08:14:03.0640 3976 ql12160 - ok
08:14:03.0690 3976 ql1240 - ok
08:14:03.0730 3976 ql1280 - ok
08:14:03.0790 3976 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:14:04.0061 3976 RasAcd - ok
08:14:04.0151 3976 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
08:14:04.0411 3976 RasAuto - ok
08:14:04.0471 3976 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:14:04.0752 3976 Rasl2tp - ok
08:14:04.0822 3976 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
08:14:05.0072 3976 RasMan - ok
08:14:05.0122 3976 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:14:05.0373 3976 RasPppoe - ok
08:14:05.0443 3976 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:14:05.0673 3976 Raspti - ok
08:14:05.0743 3976 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:14:05.0803 3976 Rdbss - ok
08:14:05.0843 3976 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:14:06.0064 3976 RDPCDD - ok
08:14:06.0144 3976 rdpdr (c694a927eb7c354f7ae97955043a9641) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:14:06.0184 3976 rdpdr - ok
08:14:06.0254 3976 RDPWD (997c59b9955f911ec460241dd9e01b04) C:\WINDOWS\system32\drivers\RDPWD.sys
08:14:06.0324 3976 RDPWD - ok
08:14:06.0374 3976 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
08:14:06.0644 3976 RDSessMgr - ok
08:14:06.0694 3976 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:14:06.0935 3976 redbook - ok
08:14:06.0985 3976 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
08:14:07.0245 3976 RemoteAccess - ok
08:14:07.0295 3976 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
08:14:07.0556 3976 RemoteRegistry - ok
08:14:07.0596 3976 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
08:14:07.0846 3976 RFCOMM - ok
08:14:07.0916 3976 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
08:14:08.0187 3976 RpcLocator - ok
08:14:08.0297 3976 RpcSs (d3d765e8455a961ae567b408f767d4f9) C:\WINDOWS\System32\rpcss.dll
08:14:08.0347 3976 RpcSs - ok
08:14:08.0397 3976 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
08:14:08.0427 3976 rspndr - ok
08:14:08.0507 3976 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
08:14:08.0737 3976 RSVP - ok
08:14:08.0838 3976 RT73 (5eff124bfabac3e7fc2908be28906b1b) C:\WINDOWS\system32\DRIVERS\rt73.sys
08:14:08.0898 3976 RT73 - ok
08:14:08.0948 3976 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:14:09.0178 3976 SamSs - ok
08:14:09.0258 3976 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
08:14:09.0529 3976 SCardSvr - ok
08:14:09.0589 3976 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
08:14:09.0829 3976 Schedule - ok
08:14:09.0869 3976 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:14:09.0969 3976 Secdrv - ok
08:14:10.0019 3976 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
08:14:10.0250 3976 seclogon - ok
08:14:10.0300 3976 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
08:14:10.0540 3976 SENS - ok
08:14:10.0590 3976 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:14:10.0860 3976 serenum - ok
08:14:10.0910 3976 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
08:14:11.0141 3976 Serial - ok
08:14:11.0301 3976 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:14:11.0551 3976 Sfloppy - ok
08:14:11.0632 3976 SharedAccess (65746507b64818a0dbaf7607c0d07c54) C:\WINDOWS\System32\ipnathlp.dll
08:14:11.0722 3976 SharedAccess - ok
08:14:11.0772 3976 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
08:14:11.0822 3976 ShellHWDetection - ok
08:14:11.0842 3976 Simbad - ok
08:14:11.0932 3976 Sparrow - ok
08:14:11.0972 3976 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:14:12.0222 3976 splitter - ok
08:14:12.0292 3976 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:14:12.0333 3976 Spooler - ok
08:14:12.0373 3976 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
08:14:12.0503 3976 sr - ok
08:14:12.0553 3976 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
08:14:12.0683 3976 srservice - ok
08:14:12.0783 3976 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
08:14:12.0843 3976 Srv - ok
08:14:12.0883 3976 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
08:14:13.0004 3976 SSDPSRV - ok
08:14:13.0104 3976 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
08:14:13.0344 3976 stisvc - ok
08:14:13.0414 3976 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:14:13.0664 3976 swenum - ok
08:14:13.0715 3976 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:14:13.0955 3976 swmidi - ok
08:14:13.0995 3976 SwPrv - ok
08:14:14.0045 3976 symc810 - ok
08:14:14.0085 3976 symc8xx - ok
08:14:14.0135 3976 sym_hi - ok
08:14:14.0185 3976 sym_u3 - ok
08:14:14.0255 3976 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:14:14.0506 3976 sysaudio - ok
08:14:14.0576 3976 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
08:14:14.0846 3976 SysmonLog - ok
08:14:14.0916 3976 TapiSrv (6c02b5d856674eccce64ce8bb8dce8d9) C:\WINDOWS\System32\tapisrv.dll
08:14:14.0976 3976 TapiSrv - ok
08:14:15.0076 3976 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:14:15.0137 3976 Tcpip - ok
08:14:15.0197 3976 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:14:15.0437 3976 TDPIPE - ok
08:14:15.0467 3976 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:14:15.0737 3976 TDTCP - ok
08:14:15.0788 3976 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:14:16.0028 3976 TermDD - ok
08:14:16.0098 3976 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
08:14:16.0358 3976 TermService - ok
08:14:16.0438 3976 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
08:14:16.0468 3976 Themes - ok
08:14:16.0539 3976 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
08:14:16.0679 3976 TlntSvr - ok
08:14:16.0729 3976 TosIde - ok
08:14:16.0789 3976 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
08:14:17.0029 3976 TrkWks - ok
08:14:17.0169 3976 TuneUp.Defrag (0d630405311e1ae574bc2ec6681e485e) C:\WINDOWS\System32\TuneUpDefragService.exe
08:14:17.0250 3976 TuneUp.Defrag - ok
08:14:17.0290 3976 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:14:17.0540 3976 Udfs - ok
08:14:17.0560 3976 ultra - ok
08:14:17.0660 3976 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:14:17.0911 3976 Update - ok
08:14:17.0961 3976 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
08:14:18.0111 3976 upnphost - ok
08:14:18.0151 3976 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
08:14:18.0391 3976 UPS - ok
08:14:18.0461 3976 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:14:18.0491 3976 usbccgp - ok
08:14:18.0541 3976 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:14:18.0592 3976 usbehci - ok
08:14:18.0642 3976 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:14:18.0872 3976 usbhub - ok
08:14:18.0942 3976 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:14:19.0192 3976 usbprint - ok
08:14:19.0232 3976 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:14:19.0463 3976 usbscan - ok
08:14:19.0513 3976 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:14:19.0753 3976 USBSTOR - ok
08:14:19.0823 3976 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:14:20.0064 3976 usbuhci - ok
08:14:20.0114 3976 UxTuneUp (838c97b3d28bfebdd11d12adfe957004) C:\WINDOWS\System32\uxtuneup.dll
08:14:20.0144 3976 UxTuneUp - ok
08:14:20.0194 3976 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:14:20.0434 3976 VgaSave - ok
08:14:20.0524 3976 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
08:14:20.0564 3976 viaagp1 - ok
08:14:20.0614 3976 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\drivers\ViaIde.sys
08:14:20.0865 3976 ViaIde - ok
08:14:20.0905 3976 videX32 (eefa971bf5ebbfc7d93692ec60afcb78) C:\WINDOWS\system32\DRIVERS\videX32.sys
08:14:20.0925 3976 videX32 ( UnsignedFile.Multi.Generic ) - warning
08:14:20.0925 3976 videX32 - detected UnsignedFile.Multi.Generic (1)
08:14:20.0965 3976 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
08:14:21.0195 3976 VolSnap - ok
08:14:21.0275 3976 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
08:14:21.0416 3976 VSS - ok
08:14:21.0476 3976 W32Time (e2e2d6b1c3ba607e297c26139cb4aa58) C:\WINDOWS\system32\w32time.dll
08:14:21.0536 3976 W32Time - ok
08:14:21.0606 3976 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:14:21.0876 3976 Wanarp - ok
08:14:21.0916 3976 WDICA - ok
08:14:21.0986 3976 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:14:22.0217 3976 wdmaud - ok
08:14:22.0257 3976 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
08:14:22.0507 3976 WebClient - ok
08:14:22.0607 3976 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
08:14:22.0878 3976 winachsf - ok
08:14:22.0968 3976 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:14:23.0208 3976 winmgmt - ok
08:14:23.0308 3976 WinRM (eb4919c36fc13494b696a5e033c90dc8) C:\WINDOWS\system32\WsmSvc.dll
08:14:23.0408 3976 WinRM - ok
08:14:23.0489 3976 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
08:14:23.0539 3976 WmdmPmSN - ok
08:14:23.0639 3976 Wmi (57fa31a965d8fc3172641a93618fbe9e) C:\WINDOWS\System32\advapi32.dll
08:14:23.0729 3976 Wmi - ok
08:14:23.0829 3976 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:14:24.0049 3976 WmiApSrv - ok
08:14:24.0200 3976 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
08:14:24.0320 3976 WMPNetworkSvc - ok
08:14:24.0470 3976 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:14:24.0560 3976 WPFFontCache_v0400 - ok
08:14:24.0851 3976 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:14:25.0091 3976 WS2IFSL - ok
08:14:25.0141 3976 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
08:14:25.0401 3976 wscsvc - ok
08:14:25.0451 3976 wuauserv (e53ae6443f6319d7ec22672cd473eadb) C:\WINDOWS\system32\wuauserv.dll
08:14:25.0491 3976 wuauserv - ok
08:14:25.0532 3976 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:14:25.0582 3976 WudfPf - ok
08:14:25.0672 3976 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:14:25.0712 3976 WudfRd - ok
08:14:25.0762 3976 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:14:25.0812 3976 WudfSvc - ok
08:14:25.0962 3976 WZCSVC (dee347dc347c633aa04e2fda8af332cc) C:\WINDOWS\System32\wzcsvc.dll
08:14:26.0042 3976 WZCSVC - ok
08:14:26.0102 3976 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
08:14:26.0343 3976 xmlprov - ok
08:14:26.0433 3976 ZY202_XP (6d0b121fe665626d266678ea97c75622) C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys
08:14:26.0493 3976 ZY202_XP ( UnsignedFile.Multi.Generic ) - warning
08:14:26.0503 3976 ZY202_XP - detected UnsignedFile.Multi.Generic (1)
08:14:26.0643 3976 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (5867ce254625645345c833510d24f124) C:\Programme\CyberLink\PowerDVD8\000.fcl
08:14:26.0673 3976 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
08:14:26.0723 3976 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
08:14:27.0524 3976 \Device\Harddisk0\DR0 - ok
08:14:27.0564 3976 Boot (0x1200) (bf5e66d2474f56ef367d90914e85aee3) \Device\Harddisk0\DR0\Partition0
08:14:27.0574 3976 \Device\Harddisk0\DR0\Partition0 - ok
08:14:27.0605 3976 Boot (0x1200) (ed65a3b88422d0fa78b09ca2761d9cba) \Device\Harddisk0\DR0\Partition1
08:14:27.0615 3976 \Device\Harddisk0\DR0\Partition1 - ok
08:14:27.0635 3976 ============================================================
08:14:27.0635 3976 Scan finished
08:14:27.0635 3976 ============================================================
08:14:27.0775 2936 Detected object count: 6
08:14:27.0775 2936 Actual detected object count: 6
08:14:47.0593 2936 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
08:14:47.0593 2936 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:14:47.0623 2936 avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
08:14:47.0623 2936 avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:14:47.0623 2936 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
08:14:47.0623 2936 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:14:47.0623 2936 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:14:47.0623 2936 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:14:47.0643 2936 videX32 ( UnsignedFile.Multi.Generic ) - skipped by user
08:14:47.0643 2936 videX32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:14:47.0643 2936 ZY202_XP ( UnsignedFile.Multi.Generic ) - skipped by user
08:14:47.0643 2936 ZY202_XP ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:16:39.0965 3964 Deinitialize success
|
|
19.07.2012, 16:55
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virusfund NSIS:Bundlore-B[Adw] Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.07.2012, 17:36
| #27 |
| | Virusfund NSIS:Bundlore-B[Adw] Hier das gewünschte ComboFix-Log: Code:
ATTFilter ComboFix 12-07-19.02 - Administrator 19.07.2012 18:20:09.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1023.546 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-19 bis 2012-07-19 ))))))))))))))))))))))))))))))
.
.
2012-07-18 14:28 . 2012-07-18 14:28 -------- d-----w- C:\_OTL
2012-07-15 20:11 . 2012-07-15 20:11 -------- d-----w- c:\programme\ESET
2012-07-15 17:39 . 2012-07-15 17:39 -------- d--h--w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 07:46 . 2012-04-04 17:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-13 07:46 . 2012-01-30 17:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 16:21 . 2012-02-01 19:25 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-02-01 19:25 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2012-02-01 19:25 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2012-02-01 19:25 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2012-02-01 19:25 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2012-02-01 19:25 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-03 16:21 . 2012-02-01 19:25 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-03 16:21 . 2012-02-01 19:25 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-03 16:21 . 2012-02-01 19:24 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2012-02-01 19:24 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-03 11:46 . 2012-01-30 13:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-05 15:49 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:35 . 2008-10-18 08:58 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:31 . 2008-10-18 08:56 153088 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2009-02-18 16:10 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-02-18 16:10 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-10-18 08:58 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-10-18 08:58 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-10-18 08:57 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-02-18 16:10 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-02-18 16:10 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-10-18 08:58 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-10-18 08:58 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-10-18 08:55 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-10-18 08:58 23576 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-02-18 16:10 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-02-18 16:10 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2008-10-18 08:58 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2008-10-18 08:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:19 . 2008-10-18 08:55 604672 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2008-10-18 09:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2008-10-18 08:57 1872256 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:40 . 2008-10-18 08:59 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2008-10-18 08:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-02 13:45 . 2009-02-18 16:07 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-28 08:14 . 2012-03-16 12:51 1456640 ----a-w- c:\programme\Gemeinsame Dateien\Falk Navi-Manager.msi
2012-06-17 15:59 . 2011-09-04 11:07 85472 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-10-18 . 451D0981F4CCA5697307AF90D799BDC3 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\programme\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="d:\programme\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-18 7626752]
"AVMWlanClient"="c:\programme\avmwlanstick\FRITZWLANMini.exe" [2007-02-02 283136]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avast"="c:\programme\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IE7"="advpack.dll" [2009-03-08 128512]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
"FileHippo.com"="c:\programme\FileHippo.com\UpdateChecker.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\programme\HP\HP Software Update\HPWuSchd2.exe
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
"QuickTime Task"="d:\programme\Apple\QuickTime\QTTask.exe" -atboottime
"SoundMan"=SOUNDMAN.EXE
"AppleSyncNotifier"=c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
"UnlockerAssistant"="d:\programme\Unlocker\UnlockerAssistant.exe"
"iTunesHelper"="d:\programme\Apple\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Programme\\Apple\\iTunes\\iTunes.exe"=
"d:\programme\Microsoft ActiveSync\rapimgr.exe"= d:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\programme\Microsoft ActiveSync\wcescomm.exe"= d:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\programme\Microsoft ActiveSync\WCESMgr.exe"= d:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [01.02.2012 21:25 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [01.02.2012 21:25 353688]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\programme\CyberLink\PowerDVD8\000.fcl [01.02.2008 13:54 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01.02.2012 21:25 21256]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [19.02.2009 14:00 265088]
S2 gupdate1c9928c6e787940;Google Update Service (gupdate1c9928c6e787940);c:\programme\Google\Update\GoogleUpdate.exe [19.02.2009 14:20 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [04.04.2012 19:19 250056]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [19.02.2009 14:01 4352]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [19.02.2009 14:20 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [13.05.2012 14:31 113120]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2009-02-18 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-11 10:54]
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 07:47]
.
2011-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2012-07-07 c:\windows\Tasks\avast! Emergency Update.job
- c:\programme\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-07 16:21]
.
2011-10-04 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-19 15:36]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd62af9a461ba0.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-19 12:20]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1957994488-1343024091-500Core.job
- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2012-02-01 16:15]
.
2012-07-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-30 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = hxxp://www.apple.com/quicktime/download
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\eeuby0m3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-19 18:30
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\programme\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-861567501-1957994488-1343024091-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,da,2d,ba,59,c3,c1,4c,82,ae,41,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,8e,1b,cf,76,26,7b,4a,96,fe,8a,\
.
[HKEY_USERS\S-1-5-21-861567501-1957994488-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**%¸*]*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-861567501-1957994488-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**%¸*]*\OpenWithList]
@Class="Shell"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3552)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\AVAST Software\Avast\AvastSvc.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\rundll32.exe
d:\progra~1\MICROS~1\rapimgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-19 18:36:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-19 16:36
.
Vor Suchlauf: 8.718.282.752 Bytes frei
Nach Suchlauf: 8.852.721.664 Bytes frei
.
- - End Of File - - 17DCD9392C01CE9E6E3DA43ABEFCE8E3
|
|
19.07.2012, 20:00
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virusfund NSIS:Bundlore-B[Adw] Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.07.2012, 21:53
| #29 |
| | Virusfund NSIS:Bundlore-B[Adw] Guten Abend Arne! Der GMER-Scan ist durch, aber die anderen beiden werde ich erst morgen durchführen, da es jetzt schon ziemlich spät ist. Die Logs poste ich dann morgen zusammen in einem Post, damit du alles auf einem Blick hast  Das GMER-Log habe ich vorsichtshalber auch noch einmal separat gespeichert, falls ich es nicht mehr wiederfinde. Also dann, schönen Abend noch und bis Morgen! Guten Tag lieber Arne! Die Scans sind durch und hier sind die Ergebnisse: GMER-Log: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-19 22:52:09
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-00CAA1 rev.17.07W17
Running: sjs1mwx1.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\uxryypod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF59D0536]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF5AA17BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xF59D0F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF5A10C31]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF59DBD7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF59DBDC6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF59DBF48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF5A105E5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF59DBCE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF59DBE0A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF59DBD30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xF59D1146]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF59DBF02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xF59D18CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF59D0584]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF5A112F7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF5A115AD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF59D4F36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF5A11162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF5A10FCD]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF5AA189E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF59D01EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF59D05D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF59D52A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF59D2292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF59DBDA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF59DBDE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF59DBF6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF5A10941]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF59DBD0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF59D4AAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF59DBE8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF59DBD58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF59D4CDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF59DBF26]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF5AA1A1E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF5A10E48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF59D215E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF5A10C9A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xF59D1D08]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF5AAD338]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF5A0FC58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF59D0620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF59D066E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xF59D174A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF59D0276]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF59D0426]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF5A113FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF59D03CC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xF59D1A2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xF59D1B88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF59D0496]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xF59D1468]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xF59D15CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF59D06BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xF59D0F96]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF5AB9744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + F8 804E2764 4 Bytes CALL 9A43C525
.text ntoskrnl.exe!_abnormal_termination + 398 804E2A04 12 Bytes [20, 06, 9D, F5, 6E, 06, 9D, ...] {AND [ESI], AL; POPF ; CMC ; OUTSB ; PUSH ES; POPF ; CMC ; DEC EDX; POP SS; POPF ; CMC }
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [2C, 1A, 9D, F5, 88, 1B, 9D, ...] {SUB AL, 0x1a; POPF ; CMC ; MOV [EBX], BL; POPF ; CMC ; XCHG ESI, EAX; ADD AL, 0x9d; CMC }
PAGE ntoskrnl.exe!ObInsertObject 8056513A 5 Bytes JMP F5AB80FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB88 4 Bytes CALL F59D2943 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058304C 7 Bytes JMP F5AB9748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059EA53 5 Bytes JMP F5AB661C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6FCA360, 0x242F4E, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF8098C2 5 Bytes JMP F59D68C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C81E 5 Bytes JMP F59D67B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138B6 5 Bytes JMP F59D676A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E57B 5 Bytes JMP F59D53FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 197D BF820C88 5 Bytes JMP F59D5E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 11A6 BF82D486 5 Bytes JMP F59D5538 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLockSurface + C09 BF82E604 5 Bytes JMP F59D6A2A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 654A BF83D87B 5 Bytes JMP F59D6C32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + BEF8 BF843229 5 Bytes JMP F59D6670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + DB9A BF844ECB 5 Bytes JMP F59D55A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + B0E1 BF864F7D 5 Bytes JMP F59D5E04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 350F BF8700CA 5 Bytes JMP F59D5EDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 5807 BF8723C2 5 Bytes JMP F59D5992 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 5892 BF87244D 4 Bytes JMP F59D5C58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 646A BF873025 5 Bytes JMP F59D53E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + B839 BF8783F4 5 Bytes JMP F59D67FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 67E7 BF87F617 5 Bytes JMP F59D6972 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35FB BF8988FD 5 Bytes JMP F59D5A52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4138 BF89943A 5 Bytes JMP F59D5C12 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF8B6696 5 Bytes JMP F59D5EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 2862 BF8B9DB5 5 Bytes JMP F59D6B90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 1A3D BF8C1DD0 4 Bytes JMP F59D56B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA232 5 Bytes JMP F59D5790 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA4B2 3 Bytes JMP F59D58BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 179B BF8CA4B6 1 Byte [36]
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EBE67 5 Bytes JMP F59D52DE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB41 BF8F4E6A 5 Bytes JMP F59D5E34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A2D BF9138DA 5 Bytes JMP F59D54D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2601 BF9144AE 5 Bytes JMP F59D5664 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F7A BF916E27 5 Bytes JMP F59D5D72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 193E BF94706C 5 Bytes JMP F59D6AE8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
C:\Programme\CyberLink\PowerDVD8\000.fcl entry point in "" section [0xB94D9000]
.clc C:\Programme\CyberLink\PowerDVD8\000.fcl unknown last section [0xB94DA000, 0x1000, 0x00000000]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\svchost.exe[192] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Programme\Microsoft ActiveSync\Wcescomm.exe[368] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Microsoft ActiveSync\Wcescomm.exe[368] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[448] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[512] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[512] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\PROGRA~1\MICROS~1\rapimgr.exe[580] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\PROGRA~1\MICROS~1\rapimgr.exe[580] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[716] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[740] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[796] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Bonjour\mDNSResponder.exe[1116] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\Programme\Bonjour\mDNSResponder.exe[1116] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Dokumente und Einstellungen\Administrator\Desktop\sjs1mwx1.exe[1284] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\Dokumente und Einstellungen\Administrator\Desktop\sjs1mwx1.exe[1284] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\HPZipm12.exe[1308] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\WINDOWS\system32\HPZipm12.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Java\jre6\bin\jqs.exe[1444] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\Programme\Java\jre6\bin\jqs.exe[1444] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[1672] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[1672] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[1672] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1696] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Google\Update\GoogleUpdate.exe[1740] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\Programme\Google\Update\GoogleUpdate.exe[1740] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[1844] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[1844] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1876] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1876] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\avmwlanstick\FRITZWLANMini.exe[1944] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\Programme\avmwlanstick\FRITZWLANMini.exe[1944] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[1952] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[1952] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\avastUI.exe[1960] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\avastUI.exe[1960] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1996] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1996] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2000] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2920] ntdll.dll!LdrLoadDll 7C925C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2920] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2920] ntdll.dll!LdrUnloadDll 7C926AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2920] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2920] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2920] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2920] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2920] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2920] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2920] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2920] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2920] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2920] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2920] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3164] ntdll.dll!LdrLoadDll 7C925C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3164] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3164] ntdll.dll!LdrUnloadDll 7C926AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3164] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3164] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3164] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3164] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3164] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3164] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3164] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3164] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3164] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3164] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3164] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3164] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3164] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3164] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[3168] ntdll.dll!LdrLoadDll 7C925C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3168] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3168] ntdll.dll!LdrUnloadDll 7C926AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3168] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3168] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[3168] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[3168] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[3168] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[3168] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[3168] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[3168] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[3168] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[3168] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[3168] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[3168] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[3168] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[3168] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wuauclt.exe[3860] ntdll.dll!LdrLoadDll 7C925C35 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[3860] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3860] ntdll.dll!LdrUnloadDll 7C926AD5 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[3860] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3860] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wuauclt.exe[3860] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wuauclt.exe[3860] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wuauclt.exe[3860] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wuauclt.exe[3860] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wuauclt.exe[3860] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wuauclt.exe[3860] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wuauclt.exe[3860] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wuauclt.exe[3860] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wuauclt.exe[3860] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wuauclt.exe[3860] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wuauclt.exe[3860] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wuauclt.exe[3860] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\Programme\AVAST Software\Avast\AvastSvc.exe[1672] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Programme\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Programme\AVAST Software\Avast\avastUI.exe[1960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Programme\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\BTHUSB \Device\00000071 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000073 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000ea13302ef (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000ea13302ef@001262a3e5b6 0xB5 0x0D 0x7E 0xE0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000ea13302ef@60a10aba82b9 0xBB 0xB0 0x22 0xAA ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000ea13302ef (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000ea13302ef@001262a3e5b6 0xB5 0x0D 0x7E 0xE0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000ea13302ef@60a10aba82b9 0xBB 0xB0 0x22 0xAA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000ea13302ef
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000ea13302ef@001262a3e5b6 0xB5 0x0D 0x7E 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000ea13302ef@60a10aba82b9 0xBB 0xB0 0x22 0xAA ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 11:11:37 on 20.07.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "avast! Emergency Update.job" - "AVAST Software" - C:\Programme\AVAST Software\Avast\AvastEmUpdate.exe "GoogleUpdateTaskMachineCore1cd62af9a461ba0.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-861567501-1957994488-1343024091-500Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe "WGASetup.job" - "Microsoft Corporation" - C:\WINDOWS\system32\KB905474\wgasetup.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ALSNDMGR.CPL" - ? - C:\WINDOWS\system32\ALSNDMGR.CPL (File found, but it contains no detailed information) "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - ? - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl (File not found) "QuickTime" - "Apple Inc." - D:\Programme\Apple\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys "avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys "avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys "AVM Eject" (avmeject) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmeject.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "videX32" (videX32) - "VIA Technologies, Inc." - C:\WINDOWS\System32\DRIVERS\videX32.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "ZyXEL 802.11g XG202 1211 Driver" (ZY202_XP) - "ZyDAS Technology Corporation" - C:\WINDOWS\System32\DRIVERS\WlanUZXP.sys "{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}" ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) - "Cyberlink Corp." - C:\Programme\CyberLink\PowerDVD8\000.fcl [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} "Ausführen..." - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Programme\AVAST Software\Avast\ashShell.dll {67EA19A0-CCEF-11d0-8024-00C04FD75D13} "CDF Extension Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} "E-Mail" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {EFA24E64-B078-11d0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {EFA24E61-B078-11d0-89E4-00C04FC9E26E} "Favorites Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} "Hilfe und Support" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {EFA24E62-B078-11d0-89E4-00C04FC9E26E} "History Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} "IE4 Suite-Begrüßungsbildschirm" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} "Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {131A6951-7F78-11D0-A979-00C04FD705A2} "ISFBand OC" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - D:\Programme\Apple\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} "Microsoft Browser Architecture" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Wcesview.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {D20EA4E1-3957-11d2-A40B-0C5020524152} "Schriftarten" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {9461b922-3c5a-11d2-bf8b-00c04fb93661} "Search Assistant OC" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} "Set Program Access and Defaults" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {0A89A860-D7B1-11CE-8350-444553540000} "Shell Automation Inproc Service" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} "Suchen" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2008\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll {D20EA4E1-3957-11d2-A40B-0C5020524153} "Verwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} "Windows-Sicherheit" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {EFA24E64-B078-11D0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342679195381 {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash11e.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\INetRepl.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\INetRepl.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "avast! WebRep" - "AVAST Software" - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "H/PC Connection Agent" - "Microsoft Corporation" - "D:\Programme\Microsoft ActiveSync\Wcescomm.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avast" - "AVAST Software" - "C:\Programme\AVAST Software\Avast\avastUI.exe" /nogui "AVMWlanClient" - "AVM Berlin" - C:\Programme\avmwlanstick\FRITZWLANMini.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\HpTcpMon.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Automatic Updates" (wuauserv) - "Microsoft Corporation" - C:\WINDOWS\system32\wuauserv.dll "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Programme\AVAST Software\Avast\AvastSvc.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "Google Update Service (gupdate1c9928c6e787940)" (gupdate1c9928c6e787940) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\WINDOWS\System32\TuneUpDefragService.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-20 11:15:57
-----------------------------
11:15:57.875 OS Version: Windows 5.1.2600 Service Pack 3
11:15:57.875 Number of processors: 1 586 0x204
11:15:57.875 ComputerName: MIRIAM-PC UserName:
11:15:59.918 Initialize success
11:16:00.349 AVAST engine defs: 12071902
11:19:20.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:19:20.296 Disk 0 Vendor: WDC_WD800BB-00CAA1 17.07W17 Size: 76319MB BusType: 3
11:19:20.377 Disk 0 MBR read successfully
11:19:20.377 Disk 0 MBR scan
11:19:20.377 Disk 0 Windows XP default MBR code
11:19:20.377 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 24999 MB offset 63
11:19:20.387 Disk 0 Partition - 00 0F Extended LBA 51309 MB offset 51199155
11:19:20.397 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 51309 MB offset 51199218
11:19:20.437 Disk 0 scanning sectors +156280320
11:19:20.597 Disk 0 scanning C:\WINDOWS\system32\drivers
11:19:46.434 Service scanning
11:20:39.420 Modules scanning
11:21:08.462 Disk 0 trace - called modules:
11:21:08.802 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys
11:21:08.802 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f5fab8]
11:21:08.802 3 CLASSPNP.SYS[f75eefd7] -> nt!IofCallDriver -> \Device\0000005e[0x86fcaf18]
11:21:08.802 5 ACPI.sys[f7564620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f9f940]
11:21:09.764 AVAST engine scan C:\WINDOWS
11:21:23.223 AVAST engine scan C:\WINDOWS\system32
11:33:18.472 AVAST engine scan C:\WINDOWS\system32\drivers
11:33:44.098 AVAST engine scan C:\Dokumente und Einstellungen\Administrator
11:36:39.541 AVAST engine scan C:\Dokumente und Einstellungen\All Users
11:37:10.285 Scan finished successfully
11:39:12.431 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat"
11:39:12.431 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.txt"
|
|
25.07.2012, 10:31
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virusfund NSIS:Bundlore-B[Adw] Sry für meinen kleinen Ausbruch im Erinnerungsstrang, aber ich reagiere da leider etwas allergisch wenn jmd schon nach wenigen Stunden da herumdrängelt Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Virusfund NSIS:Bundlore-B[Adw] |
| anti-malware, autostart, avast, beseitigen, code, dateien, erstellt, explorer, heuristiks/extra, heuristiks/shuriken, hängen, lag, log-datei, neu, problem, rechner, scan, service, service pack 3, sp3, speicher, system, version, virenproblem, virus, windows, windows xp |
![Virusfund NSIS:Bundlore-B[Adw]](iconimages/plagegeister-aller-art-deren-bekaempfung/virusfund-nsis-bundlore-b-adw_ltr.gif)
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
