| |
| |||||||
Log-Analyse und Auswertung: HILFE für PC-DUMMIE---WIN32/Obfuscator.ZU und WIN32/ShopperReportsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
30.07.2012, 20:51
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  HILFE für PC-DUMMIE---WIN32/Obfuscator.ZU und WIN32/ShopperReports Indem man aufpasst was man an Software installiert und aus welchen Quelle diese kommt zB Finger weg von softonic! Software lädt man sich mit oberster Prio direkt vom Hersteller aber nicht von dieser Shice Plattform Softonic!  Und bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann. Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung. adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.07.2012, 06:27
| #17 |
 | HILFE für PC-DUMMIE---WIN32/Obfuscator.ZU und WIN32/ShopperReportsCode:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/31/2012 at 07:17:34
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Vroni - VRONI-PC
# Running from : C:\Users\Vroni\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Vroni\AppData\LocalLow\boost_interprocess
***** [Registry] *****
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\prefs.js
Deleted : user_pref("extensions.enabledAddons", "{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8,{635abd67-4fe9-1[...]
-\\ Google Chrome v20.0.1132.57
File : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [4964 octets] - [26/07/2012 18:07:38]
AdwCleaner[S1].txt - [5251 octets] - [28/07/2012 17:17:59]
AdwCleaner[R2].txt - [1266 octets] - [30/07/2012 19:54:05]
AdwCleaner[S2].txt - [1201 octets] - [31/07/2012 07:17:34]
########## EOF - C:\AdwCleaner[S2].txt - [1329 octets] ##########
Und wenn ich Deskoptsymbole anzeigen(aus) dann wieder (an), erscheinen sie und nach längerer Zeit sind sie wieder weg?! |
|
31.07.2012, 11:06
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HILFE für PC-DUMMIE---WIN32/Obfuscator.ZU und WIN32/ShopperReports Ok, ich brauch wieder wie o.g. ein neues OTL-Log
__________________
__________________ |
|
31.07.2012, 19:11
| #19 |
| | HILFE für PC-DUMMIE---WIN32/Obfuscator.ZU und WIN32/ShopperReports OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.07.2012 19:28:44 - Run 3 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Vroni\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,30% Memory free 6,19 Gb Paging File | 5,14 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 97,58 Gb Free Space | 65,47% Space Free | Partition Type: NTFS Drive D: | 139,28 Gb Total Space | 135,47 Gb Free Space | 97,26% Space Free | Partition Type: NTFS Computer Name: VRONI-PC | User Name: Vroni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.29 22:03:36 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Vroni\Desktop\OTL.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2009.04.11 08:27:48 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.08.13 01:21:11 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.07.09 18:14:06 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2008.06.19 21:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe PRC - [2008.06.18 07:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe PRC - [2008.06.04 02:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2008.02.02 00:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe PRC - [2008.01.24 00:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2008.01.23 19:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe PRC - [2008.01.21 04:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2008.01.12 07:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe PRC - [2007.12.04 19:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.11.05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe PRC - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007.08.15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.07.06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (No Company Name) ========== MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll MOD - [2008.01.24 00:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe MOD - [2008.01.12 07:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe MOD - [2007.11.13 00:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTran.dll MOD - [2007.08.08 11:52:08 | 000,331,776 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.19 15:01:18 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DCB19E84-D1D4-4D31-9D52-597342C6535D}\MpKsl95074b29.sys -- (MpKsl95074b29) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009.10.30 19:10:36 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2009.10.30 19:10:35 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2009.07.02 01:59:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009.04.07 09:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2008.06.03 23:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008.05.29 19:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby) DRV - [2008.05.16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.04.02 00:13:57 | 001,807,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2008.01.23 10:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11) DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007.11.16 06:09:03 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH) DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.08.09 05:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.07.30 20:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 19:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2006.12.15 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/webResults.html?src=ieb&q={searchTerms} IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.at" FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Vroni\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.27 10:51:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 15:01:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.22 22:37:50 | 000,000,000 | ---D | M] [2009.01.27 20:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vroni\AppData\Roaming\mozilla\Extensions [2012.07.20 19:16:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vroni\AppData\Roaming\mozilla\Firefox\Profiles\n6gbonvb.default\extensions [2010.09.16 07:28:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Vroni\AppData\Roaming\mozilla\Firefox\Profiles\n6gbonvb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.18 16:17:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Vroni\AppData\Roaming\mozilla\Firefox\Profiles\n6gbonvb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.05.21 10:26:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Vroni\AppData\Roaming\mozilla\Firefox\Profiles\n6gbonvb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.03.23 15:58:44 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Vroni\AppData\Roaming\mozilla\Firefox\Profiles\n6gbonvb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.14 13:03:21 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Vroni\AppData\Roaming\mozilla\Firefox\Profiles\n6gbonvb.default\extensions\2020Player_IKEA@2020Technologies.com [2009.07.18 01:02:48 | 000,002,476 | ---- | M] () -- C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\searchplugins\BearShareWebSearch.xml [2012.07.27 11:59:43 | 000,000,950 | ---- | M] () -- C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\searchplugins\icqplugin-1.xml [2009.03.05 21:07:30 | 000,000,962 | ---- | M] () -- C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\searchplugins\icqplugin.xml [2012.07.28 17:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2009.03.05 21:08:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.06.27 10:51:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.06.27 10:53:50 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\VRONI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N6GBONVB.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI [2012.07.19 15:01:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.07.18 01:02:48 | 000,002,476 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml [2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - Extension: No name found = C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O3 - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found. O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.) O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000..\Run: [Microsoft Security Client User Interface] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) O4 - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000..\RunOnce: [Shockwave Updater] "C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1100470.exe" -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" -"hxxp://www.dr-load.de/180107/funnygames/games/diner_dash.html" File not found F3 - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000 WinNT: Load - (C:\Users\Vroni\LOCALS~1\Temp\msirmurxo.exe) - File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vroni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.33.55.5 212.33.32.160 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B285989A-B40E-43B1-848E-FFAF486CD157}: DhcpNameServer = 212.33.55.5 212.33.32.160 O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{01082fdf-c945-11df-a920-002354729427}\Shell - "" = AutoRun O33 - MountPoints2\{01082fdf-c945-11df-a920-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{0a2becb6-6cdd-11e1-9757-806e6f6e6963}\Shell\AutoRun\command - "" = H:\ActivateWarranty(JF).exe O33 - MountPoints2\{189b2a17-2af5-11df-b2f5-002354729427}\Shell - "" = AutoRun O33 - MountPoints2\{189b2a17-2af5-11df-b2f5-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{2e55b85f-4979-11df-bd32-002354729427}\Shell - "" = AutoRun O33 - MountPoints2\{2e55b85f-4979-11df-bd32-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{2faf66e7-b3cb-11dd-bb2e-002354729427}\Shell - "" = AutoRun O33 - MountPoints2\{2faf66e7-b3cb-11dd-bb2e-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{2faf66ff-b3cb-11dd-bb2e-002354729427}\Shell - "" = AutoRun O33 - MountPoints2\{2faf66ff-b3cb-11dd-bb2e-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{382954fe-55e2-11de-a45e-002354729427}\Shell - "" = AutoRun O33 - MountPoints2\{382954fe-55e2-11de-a45e-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{3bef469a-0734-11de-a226-002354729427}\Shell - "" = AutoRun O33 - MountPoints2\{3bef469a-0734-11de-a226-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{61479177-ee4a-11de-8a6d-002354729427}\Shell - "" = AutoRun O33 - MountPoints2\{61479177-ee4a-11de-8a6d-002354729427}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{6801e173-153a-11df-b521-002354729427}\Shell - "" = AutoRun O33 - MountPoints2\{6801e173-153a-11df-b521-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6801e175-153a-11df-b521-002354729427}\Shell - "" = AutoRun O33 - MountPoints2\{6801e175-153a-11df-b521-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{73c383ec-2add-11df-8248-002354729427}\Shell - "" = AutoRun O33 - MountPoints2\{73c383ec-2add-11df-8248-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{73c3841b-2add-11df-8248-002354729427}\Shell - "" = AutoRun O33 - MountPoints2\{73c3841b-2add-11df-8248-002354729427}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{874fed5a-a31b-11e1-bfef-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{874fed5a-a31b-11e1-bfef-806e6f6e6963}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{88344f98-a31a-11e1-ba42-002354729427}\Shell - "" = AutoRun O33 - MountPoints2\{88344f98-a31a-11e1-ba42-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{94b25201-2ad9-11df-9530-002354729427}\Shell - "" = AutoRun O33 - MountPoints2\{94b25201-2ad9-11df-9530-002354729427}\Shell\AutoRun\command - "" = H:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{a96d42fe-2af5-11df-90fa-002354729427}\Shell - "" = AutoRun O33 - MountPoints2\{a96d42fe-2af5-11df-90fa-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{d3ea963a-b81c-11e0-a106-002354729427}\Shell - "" = AutoRun O33 - MountPoints2\{d3ea963a-b81c-11e0-a106-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{e0b74f11-2232-11e1-92e6-002354729427}\Shell - "" = AutoRun O33 - MountPoints2\{e0b74f11-2232-11e1-92e6-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) ========== Files/Folders - Created Within 30 Days ========== [2012.07.29 22:03:30 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Vroni\Desktop\OTL.exe [2012.07.26 19:42:13 | 000,000,000 | ---D | C] -- C:\Users\Vroni\AppData\Local\Macromedia [2012.07.25 13:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.07.23 22:29:01 | 000,000,000 | ---D | C] -- C:\Users\Vroni\AppData\Roaming\Malwarebytes [2012.07.23 22:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.23 22:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.23 22:28:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.23 22:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.22 19:58:20 | 000,000,000 | ---D | C] -- C:\Users\Vroni\AppData\Local\Apple [2012.07.22 19:57:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.22 19:30:40 | 000,000,000 | ---D | C] -- C:\Users\Vroni\AppData\Local\Temp [2012.07.22 17:10:54 | 000,000,000 | ---D | C] -- C:\Users\Vroni\AppData\Roaming\GlarySoft [2012.07.22 15:19:44 | 000,000,000 | ---D | C] -- C:\Users\Vroni\{6ea777ac-cad2-4119-adb1-f85e1458b3ec} [2012.07.20 14:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\olbdvxfbegvdtbk [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.31 19:19:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.31 19:19:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.31 19:17:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.31 07:19:31 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.31 07:19:28 | 000,048,063 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.07.31 07:19:27 | 000,048,063 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.07.31 07:19:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.30 19:53:26 | 000,000,572 | ---- | M] () -- C:\Users\Vroni\Desktop\adwcleaner - Verknüpfung.lnk [2012.07.29 22:03:36 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Vroni\Desktop\OTL.exe [2012.07.27 13:38:29 | 540,089,018 | ---- | M] () -- C:\Users\Vroni\Documents\video.avi(4).ddp [2012.07.27 13:38:29 | 000,004,121 | ---- | M] () -- C:\Users\Vroni\Documents\video.avi(4).ddr [2012.07.27 13:38:29 | 000,000,803 | ---- | M] () -- C:\Users\Vroni\Documents\0.ddi [2012.07.27 13:34:18 | 540,089,018 | ---- | M] () -- C:\Users\Vroni\Documents\video.avi.ddp [2012.07.27 13:34:18 | 540,089,018 | ---- | M] () -- C:\Users\Vroni\Documents\video.avi(3).ddp [2012.07.27 13:34:18 | 540,089,018 | ---- | M] () -- C:\Users\Vroni\Documents\video.avi(2).ddp [2012.07.27 13:34:18 | 000,004,121 | ---- | M] () -- C:\Users\Vroni\Documents\video.avi.ddr [2012.07.27 13:34:18 | 000,004,121 | ---- | M] () -- C:\Users\Vroni\Documents\video.avi(3).ddr [2012.07.27 13:34:18 | 000,004,121 | ---- | M] () -- C:\Users\Vroni\Documents\video.avi(2).ddr [2012.07.26 11:38:55 | 001,107,500 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.26 11:38:54 | 002,173,984 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.26 11:38:54 | 000,638,384 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.26 11:38:54 | 000,570,372 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.25 11:17:49 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2012.07.23 22:28:52 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.20 14:34:57 | 000,000,051 | ---- | M] () -- C:\ProgramData\vhxukcdgwtaesys [2012.07.17 19:28:00 | 003,658,390 | ---- | M] () -- C:\Users\Vroni\Desktop\DSCN0891.JPG [2012.07.14 13:09:28 | 000,051,511 | ---- | M] () -- C:\Users\Vroni\Desktop\71_-1831738633.jpg [2012.07.12 08:54:16 | 000,417,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.11 18:50:13 | 000,347,552 | ---- | M] () -- C:\Users\Vroni\Desktop\SGD-Wo E 2.pdf [2012.07.11 08:53:30 | 000,518,919 | ---- | M] () -- C:\Users\Vroni\Desktop\Checkliste.pdf [2012.07.10 14:03:24 | 000,002,631 | ---- | M] () -- C:\Users\Vroni\Desktop\Microsoft Office Word 2007.lnk [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.30 19:53:26 | 000,000,572 | ---- | C] () -- C:\Users\Vroni\Desktop\adwcleaner - Verknüpfung.lnk [2012.07.27 13:37:48 | 000,000,803 | ---- | C] () -- C:\Users\Vroni\Documents\0.ddi [2012.07.27 13:37:28 | 540,089,018 | ---- | C] () -- C:\Users\Vroni\Documents\video.avi(4).ddp [2012.07.27 13:37:28 | 000,004,121 | ---- | C] () -- C:\Users\Vroni\Documents\video.avi(4).ddr [2012.07.27 13:32:13 | 000,004,121 | ---- | C] () -- C:\Users\Vroni\Documents\video.avi(3).ddr [2012.07.27 13:32:12 | 540,089,018 | ---- | C] () -- C:\Users\Vroni\Documents\video.avi(3).ddp [2012.07.27 13:09:20 | 540,089,018 | ---- | C] () -- C:\Users\Vroni\Documents\video.avi(2).ddp [2012.07.27 13:09:20 | 000,004,121 | ---- | C] () -- C:\Users\Vroni\Documents\video.avi(2).ddr [2012.07.27 12:51:27 | 540,089,018 | ---- | C] () -- C:\Users\Vroni\Documents\video.avi.ddp [2012.07.27 12:51:27 | 000,004,121 | ---- | C] () -- C:\Users\Vroni\Documents\video.avi.ddr [2012.07.23 22:28:52 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.20 14:34:42 | 000,000,051 | ---- | C] () -- C:\ProgramData\vhxukcdgwtaesys [2012.07.17 19:29:12 | 003,658,390 | ---- | C] () -- C:\Users\Vroni\Desktop\DSCN0891.JPG [2012.07.11 18:50:13 | 000,347,552 | ---- | C] () -- C:\Users\Vroni\Desktop\SGD-Wo E 2.pdf [2012.07.11 08:53:30 | 000,518,919 | ---- | C] () -- C:\Users\Vroni\Desktop\Checkliste.pdf [2012.07.07 12:12:07 | 000,051,511 | ---- | C] () -- C:\Users\Vroni\Desktop\71_-1831738633.jpg [2012.03.06 22:31:50 | 000,000,680 | ---- | C] () -- C:\Users\Vroni\AppData\Local\d3d9caps.dat [2011.05.06 20:04:45 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI [2008.11.21 15:34:19 | 000,000,084 | -H-- | C] () -- C:\ProgramData\aspg.dat [2008.11.16 21:03:57 | 000,048,063 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.11.16 21:03:50 | 000,048,063 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.11.15 22:07:19 | 000,100,352 | ---- | C] () -- C:\Users\Vroni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll [2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg ========== LOP Check ========== [2012.05.14 08:49:36 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\3DataManager [2012.03.23 15:58:55 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\DVDVideoSoft [2012.03.23 15:58:44 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.13 23:17:38 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Gaijin Ent [2012.02.08 11:55:45 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\GitarreroSoftware [2012.07.22 20:13:04 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\GlarySoft [2012.03.25 14:57:05 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\HappyFoto [2012.04.11 16:00:05 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Image Zone Express [2009.03.08 21:13:52 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\MAGIX [2012.03.18 18:49:49 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\MediaWmplay [2009.07.21 15:42:06 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Merscom [2009.11.06 20:15:22 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\oberon [2008.12.30 11:12:51 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\OpenOffice.org [2010.04.12 17:27:06 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\PC Suite [2009.11.14 11:44:39 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Printer Info Cache [2010.03.08 19:55:37 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Program Files [2009.01.16 13:29:38 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\ProtectDisc [2011.01.24 21:43:49 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Samsung [2012.03.22 19:20:55 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\TuneUp Software [2010.03.09 08:03:50 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Upgrades [2012.07.31 07:18:00 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.05.14 08:49:36 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\3DataManager [2008.11.15 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Adobe [2011.03.15 11:00:53 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Apple Computer [2012.06.27 10:50:42 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\DivX [2012.03.23 15:58:55 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\DVDVideoSoft [2012.03.23 15:58:44 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.13 23:17:38 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Gaijin Ent [2012.02.08 11:55:45 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\GitarreroSoftware [2012.07.22 20:13:04 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\GlarySoft [2012.03.25 14:57:05 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\HappyFoto [2009.11.05 17:34:16 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\HP [2010.11.26 20:29:29 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\HpUpdate [2010.10.02 19:25:25 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Identities [2012.04.11 16:00:05 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Image Zone Express [2012.03.06 22:04:53 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\kodak [2010.11.25 11:31:07 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Macromedia [2009.03.08 21:13:52 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\MAGIX [2012.07.23 22:29:01 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Media Center Programs [2012.03.18 18:49:49 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\MediaWmplay [2009.07.21 15:42:06 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Merscom [2012.07.26 19:42:13 | 000,000,000 | --SD | M] -- C:\Users\Vroni\AppData\Roaming\Microsoft [2009.01.27 20:05:59 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Mozilla [2009.11.06 20:15:22 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\oberon [2008.12.30 11:12:51 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\OpenOffice.org [2010.04.12 17:27:06 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\PC Suite [2009.11.14 11:44:39 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Printer Info Cache [2010.03.08 19:55:37 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Program Files [2009.01.16 13:29:38 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\ProtectDisc [2011.01.24 21:43:49 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Samsung [2008.11.16 01:02:28 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Symantec [2012.03.22 19:20:55 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\TuneUp Software [2010.12.28 22:08:29 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\U3 [2010.03.09 08:03:50 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Upgrades < %APPDATA%\*.exe /s > [2011.11.19 17:55:11 | 003,800,224 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Vroni\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2011.08.19 14:00:11 | 003,089,056 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Vroni\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2006.12.14 11:00:02 | 000,110,592 | ---- | M] () -- C:\Users\Vroni\AppData\Roaming\U3\temp\cleanup.exe [2007.02.12 18:46:54 | 003,096,576 | ---- | M] (SanDisk Corporation) -- C:\Users\Vroni\AppData\Roaming\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2012.02.17 09:06:19 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2012.02.17 09:06:19 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll < CREATERESTOREPOIN > ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:CBEB737E @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:AD727397 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:7AF9CAEB @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0DFE2AE1 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:700CD00E @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:059167AF @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:41099CE9 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FECEF728 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:87FA5E8A @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:FD444D31 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:D994162E @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B093E177 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:8BCF4DE2 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:12EA4DC9 @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:A688EF17 @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:6BF0805F @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:1A4BF204 @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:097FF903 @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:1941675B @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A23D24E7 @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:B268A25C @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:71FA8B7F @Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:B6DD2C7E @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:52E1DB1D @Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:BDF08FAF < End of report > |
|
01.08.2012, 19:00
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HILFE für PC-DUMMIE---WIN32/Obfuscator.ZU und WIN32/ShopperReports Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/webResults.html?src=ieb&q={searchTerms}
FF - user.js - File not found
[2009.07.18 01:02:48 | 000,002,476 | ---- | M] () -- C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\searchplugins\BearShareWebSearch.xml
[2012.07.27 11:59:43 | 000,000,950 | ---- | M] () -- C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\searchplugins\icqplugin-1.xml
[2009.03.05 21:07:30 | 000,000,962 | ---- | M] () -- C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\searchplugins\icqplugin.xml
[2012.07.28 17:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2009.03.05 21:08:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.07.18 01:02:48 | 000,002,476 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{01082fdf-c945-11df-a920-002354729427}\Shell - "" = AutoRun
O33 - MountPoints2\{01082fdf-c945-11df-a920-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{0a2becb6-6cdd-11e1-9757-806e6f6e6963}\Shell\AutoRun\command - "" = H:\ActivateWarranty(JF).exe
O33 - MountPoints2\{189b2a17-2af5-11df-b2f5-002354729427}\Shell - "" = AutoRun
O33 - MountPoints2\{189b2a17-2af5-11df-b2f5-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{2e55b85f-4979-11df-bd32-002354729427}\Shell - "" = AutoRun
O33 - MountPoints2\{2e55b85f-4979-11df-bd32-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{2faf66e7-b3cb-11dd-bb2e-002354729427}\Shell - "" = AutoRun
O33 - MountPoints2\{2faf66e7-b3cb-11dd-bb2e-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2faf66ff-b3cb-11dd-bb2e-002354729427}\Shell - "" = AutoRun
O33 - MountPoints2\{2faf66ff-b3cb-11dd-bb2e-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{382954fe-55e2-11de-a45e-002354729427}\Shell - "" = AutoRun
O33 - MountPoints2\{382954fe-55e2-11de-a45e-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3bef469a-0734-11de-a226-002354729427}\Shell - "" = AutoRun
O33 - MountPoints2\{3bef469a-0734-11de-a226-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{61479177-ee4a-11de-8a6d-002354729427}\Shell - "" = AutoRun
O33 - MountPoints2\{61479177-ee4a-11de-8a6d-002354729427}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{6801e173-153a-11df-b521-002354729427}\Shell - "" = AutoRun
O33 - MountPoints2\{6801e173-153a-11df-b521-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6801e175-153a-11df-b521-002354729427}\Shell - "" = AutoRun
O33 - MountPoints2\{6801e175-153a-11df-b521-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{73c383ec-2add-11df-8248-002354729427}\Shell - "" = AutoRun
O33 - MountPoints2\{73c383ec-2add-11df-8248-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{73c3841b-2add-11df-8248-002354729427}\Shell - "" = AutoRun
O33 - MountPoints2\{73c3841b-2add-11df-8248-002354729427}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{874fed5a-a31b-11e1-bfef-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{874fed5a-a31b-11e1-bfef-806e6f6e6963}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{88344f98-a31a-11e1-ba42-002354729427}\Shell - "" = AutoRun
O33 - MountPoints2\{88344f98-a31a-11e1-ba42-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{94b25201-2ad9-11df-9530-002354729427}\Shell - "" = AutoRun
O33 - MountPoints2\{94b25201-2ad9-11df-9530-002354729427}\Shell\AutoRun\command - "" = H:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{a96d42fe-2af5-11df-90fa-002354729427}\Shell - "" = AutoRun
O33 - MountPoints2\{a96d42fe-2af5-11df-90fa-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{d3ea963a-b81c-11e0-a106-002354729427}\Shell - "" = AutoRun
O33 - MountPoints2\{d3ea963a-b81c-11e0-a106-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{e0b74f11-2232-11e1-92e6-002354729427}\Shell - "" = AutoRun
O33 - MountPoints2\{e0b74f11-2232-11e1-92e6-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:CBEB737E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:AD727397
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:7AF9CAEB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0DFE2AE1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:700CD00E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:059167AF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FECEF728
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:87FA5E8A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:FD444D31
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:D994162E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B093E177
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:8BCF4DE2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:12EA4DC9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:A688EF17
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:6BF0805F
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:1A4BF204
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:097FF903
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:1941675B
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A23D24E7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:B268A25C
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:71FA8B7F
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:B6DD2C7E
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:52E1DB1D
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:BDF08FAF
:Files
c:\user.js
C:\Users\Vroni\{6ea777ac-cad2-4119-adb1-f85e1458b3ec}
C:\ProgramData\olbdvxfbegvdtbk
C:\ProgramData\vhxukcdgwtaesys
C:\Users\Vroni\Downloads\Facemoods.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.08.2012, 05:56
| #21 |
| | HILFE für PC-DUMMIE---WIN32/Obfuscator.ZU und WIN32/ShopperReportsCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-4195003514-2229833858-1086125095-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-4195003514-2229833858-1086125095-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found.
C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\searchplugins\BearShareWebSearch.xml moved successfully.
C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\searchplugins\icqplugin.xml moved successfully.
C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Program Files\mozilla firefox\extensions folder moved successfully.
Folder C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01082fdf-c945-11df-a920-002354729427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01082fdf-c945-11df-a920-002354729427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01082fdf-c945-11df-a920-002354729427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01082fdf-c945-11df-a920-002354729427}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2becb6-6cdd-11e1-9757-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2becb6-6cdd-11e1-9757-806e6f6e6963}\ not found.
File H:\ActivateWarranty(JF).exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{189b2a17-2af5-11df-b2f5-002354729427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{189b2a17-2af5-11df-b2f5-002354729427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{189b2a17-2af5-11df-b2f5-002354729427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{189b2a17-2af5-11df-b2f5-002354729427}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e55b85f-4979-11df-bd32-002354729427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e55b85f-4979-11df-bd32-002354729427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e55b85f-4979-11df-bd32-002354729427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e55b85f-4979-11df-bd32-002354729427}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2faf66e7-b3cb-11dd-bb2e-002354729427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2faf66e7-b3cb-11dd-bb2e-002354729427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2faf66e7-b3cb-11dd-bb2e-002354729427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2faf66e7-b3cb-11dd-bb2e-002354729427}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2faf66ff-b3cb-11dd-bb2e-002354729427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2faf66ff-b3cb-11dd-bb2e-002354729427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2faf66ff-b3cb-11dd-bb2e-002354729427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2faf66ff-b3cb-11dd-bb2e-002354729427}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{382954fe-55e2-11de-a45e-002354729427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{382954fe-55e2-11de-a45e-002354729427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{382954fe-55e2-11de-a45e-002354729427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{382954fe-55e2-11de-a45e-002354729427}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bef469a-0734-11de-a226-002354729427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bef469a-0734-11de-a226-002354729427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bef469a-0734-11de-a226-002354729427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bef469a-0734-11de-a226-002354729427}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61479177-ee4a-11de-8a6d-002354729427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61479177-ee4a-11de-8a6d-002354729427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61479177-ee4a-11de-8a6d-002354729427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61479177-ee4a-11de-8a6d-002354729427}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6801e173-153a-11df-b521-002354729427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6801e173-153a-11df-b521-002354729427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6801e173-153a-11df-b521-002354729427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6801e173-153a-11df-b521-002354729427}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6801e175-153a-11df-b521-002354729427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6801e175-153a-11df-b521-002354729427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6801e175-153a-11df-b521-002354729427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6801e175-153a-11df-b521-002354729427}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73c383ec-2add-11df-8248-002354729427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73c383ec-2add-11df-8248-002354729427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73c383ec-2add-11df-8248-002354729427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73c383ec-2add-11df-8248-002354729427}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73c3841b-2add-11df-8248-002354729427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73c3841b-2add-11df-8248-002354729427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73c3841b-2add-11df-8248-002354729427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73c3841b-2add-11df-8248-002354729427}\ not found.
File G:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{874fed5a-a31b-11e1-bfef-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{874fed5a-a31b-11e1-bfef-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{874fed5a-a31b-11e1-bfef-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{874fed5a-a31b-11e1-bfef-806e6f6e6963}\ not found.
File G:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88344f98-a31a-11e1-ba42-002354729427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88344f98-a31a-11e1-ba42-002354729427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88344f98-a31a-11e1-ba42-002354729427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88344f98-a31a-11e1-ba42-002354729427}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94b25201-2ad9-11df-9530-002354729427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94b25201-2ad9-11df-9530-002354729427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94b25201-2ad9-11df-9530-002354729427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94b25201-2ad9-11df-9530-002354729427}\ not found.
File H:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a96d42fe-2af5-11df-90fa-002354729427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a96d42fe-2af5-11df-90fa-002354729427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a96d42fe-2af5-11df-90fa-002354729427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a96d42fe-2af5-11df-90fa-002354729427}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3ea963a-b81c-11e0-a106-002354729427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3ea963a-b81c-11e0-a106-002354729427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3ea963a-b81c-11e0-a106-002354729427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3ea963a-b81c-11e0-a106-002354729427}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0b74f11-2232-11e1-92e6-002354729427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0b74f11-2232-11e1-92e6-002354729427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0b74f11-2232-11e1-92e6-002354729427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0b74f11-2232-11e1-92e6-002354729427}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\.\Autorun.exe AUTORUN=1 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:CBEB737E @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:AD727397 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:7AF9CAEB @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0DFE2AE1 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:700CD00E @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:059167AF @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:41099CE9 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FECEF728 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:87FA5E8A @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:FD444D31 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:D994162E @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B093E177 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:8BCF4DE2 @Alternat not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Vroni
->Temp folder emptied: 680897 bytes
->Temporary Internet Files folder emptied: 8692183 bytes
->Java cache emptied: 20225538 bytes
->FireFox cache emptied: 60766798 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 6895515 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 586324 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 94,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: Vroni
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.55.0 log created on 08022012_064645
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 Aber das Desktopfenster kommt noch immer  |
|
03.08.2012, 09:00
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HILFE für PC-DUMMIE---WIN32/Obfuscator.ZU und WIN32/ShopperReports Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2012, 10:45
| #23 |
| | HILFE für PC-DUMMIE---WIN32/Obfuscator.ZU und WIN32/ShopperReportsCode:
ATTFilter 14:55:41.0412 3376 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:55:43.0112 3376 ============================================================
14:55:43.0112 3376 Current date / time: 2012/08/03 14:55:43.0112
14:55:43.0112 3376 SystemInfo:
14:55:43.0112 3376
14:55:43.0112 3376 OS Version: 6.0.6002 ServicePack: 2.0
14:55:43.0112 3376 Product type: Workstation
14:55:43.0112 3376 ComputerName: VRONI-PC
14:55:43.0112 3376 UserName: Vroni
14:55:43.0112 3376 Windows directory: C:\Windows
14:55:43.0112 3376 System windows directory: C:\Windows
14:55:43.0112 3376 Processor architecture: Intel x86
14:55:43.0112 3376 Number of processors: 2
14:55:43.0112 3376 Page size: 0x1000
14:55:43.0112 3376 Boot type: Normal boot
14:55:43.0112 3376 ============================================================
14:55:47.0660 3376 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:55:47.0680 3376 ============================================================
14:55:47.0680 3376 \Device\Harddisk0\DR0:
14:55:47.0690 3376 MBR partitions:
14:55:47.0690 3376 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388B3B, BlocksNum 0x12A14C00
14:55:47.0760 3376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13D9D77A, BlocksNum 0x1168FF47
14:55:47.0760 3376 ============================================================
14:55:47.0830 3376 C: <-> \Device\Harddisk0\DR0\Partition0
14:55:47.0900 3376 D: <-> \Device\Harddisk0\DR0\Partition1
14:55:47.0900 3376 ============================================================
14:55:47.0900 3376 Initialize success
14:55:47.0900 3376 ============================================================
14:57:27.0833 4180 ============================================================
14:57:27.0833 4180 Scan started
14:57:27.0833 4180 Mode: Manual; SigCheck; TDLFS;
14:57:27.0833 4180 ============================================================
14:57:37.0349 4180 acedrv11 (66dc3740111238c91b875d8a0021834d) C:\Windows\system32\drivers\acedrv11.sys
14:57:37.0801 4180 acedrv11 - ok
14:57:37.0942 4180 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:57:38.0004 4180 ACPI - ok
14:57:38.0316 4180 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:57:38.0378 4180 adp94xx - ok
14:57:38.0441 4180 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:57:38.0472 4180 adpahci - ok
14:57:38.0503 4180 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:57:38.0534 4180 adpu160m - ok
14:57:38.0566 4180 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:57:38.0597 4180 adpu320 - ok
14:57:38.0722 4180 ADSMService (609a6f49b6af0f25837f8a0edddb0745) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
14:57:38.0768 4180 ADSMService ( UnsignedFile.Multi.Generic ) - warning
14:57:38.0768 4180 ADSMService - detected UnsignedFile.Multi.Generic (1)
14:57:38.0971 4180 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:57:39.0938 4180 AeLookupSvc - ok
14:57:40.0188 4180 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:57:40.0422 4180 AFD - ok
14:57:41.0311 4180 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:57:41.0342 4180 agp440 - ok
14:57:41.0530 4180 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:57:41.0592 4180 aic78xx - ok
14:57:41.0701 4180 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:57:43.0464 4180 ALG - ok
14:57:43.0558 4180 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:57:43.0604 4180 aliide - ok
14:57:43.0714 4180 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:57:43.0776 4180 amdagp - ok
14:57:43.0838 4180 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:57:43.0870 4180 amdide - ok
14:57:44.0026 4180 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:57:44.0104 4180 AmdK7 - ok
14:57:44.0244 4180 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:57:44.0322 4180 AmdK8 - ok
14:57:44.0431 4180 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:57:44.0525 4180 Appinfo - ok
14:57:44.0728 4180 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:57:44.0806 4180 arc - ok
14:57:44.0977 4180 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:57:45.0040 4180 arcsas - ok
14:57:45.0149 4180 AsDsm (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys
14:57:45.0164 4180 AsDsm - ok
14:57:45.0445 4180 ASLDRService (5a055a4777cbbc8845dd598cb2eebf69) C:\Program Files\ATK Hotkey\ASLDRSrv.exe
14:57:45.0476 4180 ASLDRService ( UnsignedFile.Multi.Generic ) - warning
14:57:45.0476 4180 ASLDRService - detected UnsignedFile.Multi.Generic (1)
14:57:45.0632 4180 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
14:57:45.0648 4180 ASMMAP - ok
14:57:46.0022 4180 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:57:46.0553 4180 aspnet_state - ok
14:57:46.0646 4180 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:57:46.0756 4180 AsyncMac - ok
14:57:46.0849 4180 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:57:46.0880 4180 atapi - ok
14:57:49.0252 4180 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
14:57:49.0626 4180 athr - ok
14:57:49.0954 4180 ATKGFNEXSrv (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe
14:57:50.0016 4180 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
14:57:50.0016 4180 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
14:57:51.0139 4180 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:57:51.0217 4180 AudioEndpointBuilder - ok
14:57:51.0233 4180 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:57:51.0280 4180 Audiosrv - ok
14:57:51.0498 4180 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:57:51.0592 4180 Beep - ok
14:57:52.0403 4180 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
14:57:52.0574 4180 BFE - ok
14:57:54.0493 4180 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
14:57:54.0899 4180 BITS - ok
14:57:55.0055 4180 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:57:55.0180 4180 blbdrive - ok
14:57:55.0398 4180 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:57:55.0538 4180 bowser - ok
14:57:55.0648 4180 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:57:55.0726 4180 BrFiltLo - ok
14:57:55.0788 4180 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:57:55.0866 4180 BrFiltUp - ok
14:57:56.0038 4180 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:57:56.0116 4180 Browser - ok
14:57:56.0334 4180 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:57:57.0894 4180 Brserid - ok
14:57:58.0066 4180 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:57:58.0190 4180 BrSerWdm - ok
14:57:58.0237 4180 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:57:58.0346 4180 BrUsbMdm - ok
14:57:58.0424 4180 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:57:58.0534 4180 BrUsbSer - ok
14:57:58.0643 4180 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:57:58.0768 4180 BTHMODEM - ok
14:57:58.0892 4180 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:57:58.0970 4180 cdfs - ok
14:57:59.0158 4180 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:57:59.0251 4180 cdrom - ok
14:57:59.0360 4180 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:57:59.0423 4180 CertPropSvc - ok
14:57:59.0797 4180 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:57:59.0875 4180 circlass - ok
14:58:00.0484 4180 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:58:00.0593 4180 CLFS - ok
14:58:00.0983 4180 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:58:01.0981 4180 clr_optimization_v2.0.50727_32 - ok
14:58:02.0418 4180 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:58:02.0792 4180 clr_optimization_v4.0.30319_32 - ok
14:58:02.0902 4180 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:58:02.0995 4180 CmBatt - ok
14:58:03.0073 4180 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:58:03.0104 4180 cmdide - ok
14:58:03.0198 4180 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:58:03.0214 4180 Compbatt - ok
14:58:03.0229 4180 COMSysApp - ok
14:58:03.0338 4180 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:58:03.0370 4180 crcdisk - ok
14:58:03.0463 4180 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:58:03.0541 4180 Crusoe - ok
14:58:03.0931 4180 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
14:58:04.0025 4180 CryptSvc - ok
14:58:05.0148 4180 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:58:05.0538 4180 DcomLaunch - ok
14:58:05.0772 4180 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:58:05.0912 4180 DfsC - ok
14:58:09.0001 4180 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:58:09.0235 4180 DFSR - ok
14:58:09.0578 4180 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:58:09.0672 4180 Dhcp - ok
14:58:09.0844 4180 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:58:09.0890 4180 disk - ok
14:58:09.0953 4180 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:58:10.0046 4180 Dnscache - ok
14:58:10.0296 4180 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:58:10.0436 4180 dot3svc - ok
14:58:10.0608 4180 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
14:58:10.0686 4180 Dot4 - ok
14:58:10.0702 4180 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:58:10.0780 4180 Dot4Print - ok
14:58:10.0842 4180 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
14:58:10.0920 4180 dot4usb - ok
14:58:10.0951 4180 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:58:11.0045 4180 DPS - ok
14:58:11.0092 4180 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:58:11.0170 4180 drmkaud - ok
14:58:11.0326 4180 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:58:11.0388 4180 DXGKrnl - ok
14:58:11.0419 4180 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:58:11.0482 4180 E1G60 - ok
14:58:11.0528 4180 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:58:11.0622 4180 EapHost - ok
14:58:11.0684 4180 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:58:11.0716 4180 Ecache - ok
14:58:11.0809 4180 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
14:58:11.0856 4180 ehRecvr - ok
14:58:11.0887 4180 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
14:58:11.0950 4180 ehSched - ok
14:58:11.0965 4180 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
14:58:12.0012 4180 ehstart - ok
14:58:12.0074 4180 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:58:12.0121 4180 elxstor - ok
14:58:12.0230 4180 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:58:12.0371 4180 EMDMgmt - ok
14:58:12.0402 4180 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:58:12.0464 4180 ErrDev - ok
14:58:12.0542 4180 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:58:12.0652 4180 EventSystem - ok
14:58:12.0745 4180 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:58:12.0808 4180 exfat - ok
14:58:12.0870 4180 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:58:12.0932 4180 fastfat - ok
14:58:12.0979 4180 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:58:13.0042 4180 fdc - ok
14:58:13.0073 4180 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:58:13.0182 4180 fdPHost - ok
14:58:13.0198 4180 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:58:13.0369 4180 FDResPub - ok
14:58:13.0447 4180 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:58:13.0478 4180 FileInfo - ok
14:58:13.0525 4180 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:58:13.0588 4180 Filetrace - ok
14:58:13.0993 4180 FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
14:58:14.0118 4180 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
14:58:14.0118 4180 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
14:58:14.0399 4180 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:58:14.0492 4180 flpydisk - ok
14:58:14.0555 4180 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:58:14.0586 4180 FltMgr - ok
14:58:14.0789 4180 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:58:14.0929 4180 FontCache - ok
14:58:15.0054 4180 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:58:15.0101 4180 FontCache3.0.0.0 - ok
14:58:15.0179 4180 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
14:58:15.0257 4180 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
14:58:15.0257 4180 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
14:58:15.0304 4180 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
14:58:15.0397 4180 Fs_Rec - ok
14:58:15.0428 4180 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:58:15.0460 4180 gagp30kx - ok
14:58:15.0491 4180 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
14:58:15.0522 4180 ggflt - ok
14:58:15.0569 4180 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
14:58:15.0584 4180 ggsemc - ok
14:58:15.0787 4180 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:58:15.0896 4180 gpsvc - ok
14:58:16.0037 4180 gupdate1caded068ded7d8 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
14:58:16.0052 4180 gupdate1caded068ded7d8 - ok
14:58:16.0068 4180 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
14:58:16.0084 4180 gupdatem - ok
14:58:16.0162 4180 gusvc (1bf044e23206fddc16891a32922d571b) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:58:16.0177 4180 gusvc - ok
14:58:16.0255 4180 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:58:16.0380 4180 HdAudAddService - ok
14:58:16.0536 4180 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:58:16.0676 4180 HDAudBus - ok
14:58:16.0708 4180 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:58:16.0801 4180 HidBth - ok
14:58:16.0864 4180 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:58:16.0988 4180 HidIr - ok
14:58:17.0051 4180 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
14:58:17.0176 4180 hidserv - ok
14:58:17.0207 4180 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:58:17.0269 4180 HidUsb - ok
14:58:17.0300 4180 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:58:17.0456 4180 hkmsvc - ok
14:58:17.0503 4180 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:58:17.0550 4180 HpCISSs - ok
14:58:17.0628 4180 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:58:17.0706 4180 HTTP - ok
14:58:17.0722 4180 hwdatacard - ok
14:58:17.0737 4180 hwusbdev - ok
14:58:17.0862 4180 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:58:17.0909 4180 i2omp - ok
14:58:17.0971 4180 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:58:18.0034 4180 i8042prt - ok
14:58:18.0112 4180 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:58:18.0158 4180 iaStorV - ok
14:58:18.0268 4180 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:58:18.0299 4180 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:58:18.0299 4180 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:58:18.0502 4180 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:58:18.0642 4180 idsvc - ok
14:58:18.0704 4180 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:58:18.0736 4180 iirsp - ok
14:58:18.0892 4180 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:58:19.0048 4180 IKEEXT - ok
14:58:19.0516 4180 IntcAzAudAddService (0557aaee4c86e2c333acd2baf42a7619) C:\Windows\system32\drivers\RTKVHDA.sys
14:58:19.0672 4180 IntcAzAudAddService - ok
14:58:19.0874 4180 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:58:19.0906 4180 intelide - ok
14:58:19.0937 4180 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:58:19.0999 4180 intelppm - ok
14:58:20.0062 4180 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:58:20.0202 4180 IPBusEnum - ok
14:58:20.0233 4180 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:58:20.0311 4180 IpFilterDriver - ok
14:58:20.0358 4180 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
14:58:20.0498 4180 iphlpsvc - ok
14:58:20.0498 4180 IpInIp - ok
14:58:20.0545 4180 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:58:20.0608 4180 IPMIDRV - ok
14:58:20.0654 4180 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:58:20.0717 4180 IPNAT - ok
14:58:20.0748 4180 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:58:20.0842 4180 IRENUM - ok
14:58:20.0904 4180 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:58:20.0951 4180 isapnp - ok
14:58:21.0044 4180 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:58:21.0091 4180 iScsiPrt - ok
14:58:21.0138 4180 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:58:21.0169 4180 iteatapi - ok
14:58:21.0200 4180 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:58:21.0232 4180 iteraid - ok
14:58:21.0278 4180 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:58:21.0341 4180 kbdclass - ok
14:58:21.0403 4180 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
14:58:21.0481 4180 kbdhid - ok
14:58:21.0512 4180 kbfiltr (27bd4ac228ef6c0d490617c32e86a672) C:\Windows\system32\DRIVERS\kbfiltr.sys
14:58:21.0528 4180 kbfiltr - ok
14:58:21.0590 4180 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:58:21.0746 4180 KeyIso - ok
14:58:21.0793 4180 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
14:58:21.0840 4180 KSecDD - ok
14:58:21.0902 4180 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:58:22.0105 4180 KtmRm - ok
14:58:22.0183 4180 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
14:58:22.0433 4180 LanmanServer - ok
14:58:22.0511 4180 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:58:22.0776 4180 LanmanWorkstation - ok
14:58:22.0885 4180 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:58:22.0916 4180 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:58:22.0916 4180 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:58:22.0963 4180 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:58:23.0041 4180 lltdio - ok
14:58:23.0135 4180 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:58:23.0291 4180 lltdsvc - ok
14:58:23.0322 4180 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:58:23.0540 4180 lmhosts - ok
14:58:23.0665 4180 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:58:23.0696 4180 LSI_FC - ok
14:58:23.0759 4180 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:58:23.0806 4180 LSI_SAS - ok
14:58:23.0852 4180 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:58:23.0884 4180 LSI_SCSI - ok
14:58:23.0915 4180 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:58:23.0993 4180 luafv - ok
14:58:24.0055 4180 lullaby (8039f480c192dd99fed4ebc71ffbf795) C:\Windows\system32\DRIVERS\lullaby.sys
14:58:24.0086 4180 lullaby - ok
14:58:24.0086 4180 massfilter - ok
14:58:24.0164 4180 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
14:58:24.0180 4180 MBAMProtector - ok
14:58:24.0336 4180 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:58:24.0414 4180 MBAMService - ok
14:58:24.0476 4180 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
14:58:24.0617 4180 Mcx2Svc - ok
14:58:24.0664 4180 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:58:24.0695 4180 megasas - ok
14:58:24.0773 4180 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:58:24.0851 4180 MegaSR - ok
14:58:24.0944 4180 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:58:24.0960 4180 Microsoft Office Groove Audit Service - ok
14:58:25.0007 4180 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:58:25.0178 4180 MMCSS - ok
14:58:25.0210 4180 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:58:25.0272 4180 Modem - ok
14:58:25.0381 4180 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:58:25.0459 4180 monitor - ok
14:58:25.0506 4180 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:58:25.0537 4180 mouclass - ok
14:58:25.0568 4180 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:58:25.0646 4180 mouhid - ok
14:58:25.0678 4180 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:58:25.0709 4180 MountMgr - ok
14:58:25.0756 4180 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:58:25.0771 4180 MozillaMaintenance - ok
14:58:25.0865 4180 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
14:58:25.0943 4180 MpFilter - ok
14:58:25.0958 4180 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:58:26.0036 4180 mpio - ok
14:58:26.0208 4180 MpKsl0f26ce61 (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6622BA4-77C7-493F-A217-7CE81B3B23E5}\MpKsl0f26ce61.sys
14:58:26.0224 4180 MpKsl0f26ce61 - ok
14:58:26.0286 4180 MpKsld7381dd8 (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6622BA4-77C7-493F-A217-7CE81B3B23E5}\MpKsld7381dd8.sys
14:58:26.0286 4180 Suspicious file (Forged): C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6622BA4-77C7-493F-A217-7CE81B3B23E5}\MpKsld7381dd8.sys. Real md5: a69630d039c38018689190234f866d77, Fake md5: 4137ee420481d10734da3018d0325582
14:58:26.0286 4180 MpKsld7381dd8 ( ForgedFile.Multi.Generic ) - warning
14:58:26.0286 4180 MpKsld7381dd8 - detected ForgedFile.Multi.Generic (1)
14:58:26.0317 4180 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:58:26.0364 4180 mpsdrv - ok
14:58:26.0489 4180 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
14:58:26.0660 4180 MpsSvc - ok
14:58:26.0707 4180 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:58:26.0738 4180 Mraid35x - ok
14:58:26.0801 4180 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:58:26.0848 4180 MRxDAV - ok
14:58:26.0926 4180 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:58:26.0988 4180 mrxsmb - ok
14:58:27.0035 4180 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:58:27.0066 4180 mrxsmb10 - ok
14:58:27.0082 4180 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:58:27.0160 4180 mrxsmb20 - ok
14:58:27.0191 4180 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
14:58:27.0238 4180 msahci - ok
14:58:27.0284 4180 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:58:27.0316 4180 msdsm - ok
14:58:27.0347 4180 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:58:27.0503 4180 MSDTC - ok
14:58:27.0550 4180 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:58:27.0612 4180 Msfs - ok
14:58:27.0674 4180 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:58:27.0706 4180 msisadrv - ok
14:58:27.0768 4180 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:58:27.0908 4180 MSiSCSI - ok
14:58:27.0908 4180 msiserver - ok
14:58:27.0971 4180 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:58:28.0033 4180 MSKSSRV - ok
14:58:28.0142 4180 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:58:28.0158 4180 MsMpSvc - ok
14:58:28.0220 4180 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:58:28.0283 4180 MSPCLOCK - ok
14:58:28.0314 4180 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:58:28.0376 4180 MSPQM - ok
14:58:28.0439 4180 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:58:28.0486 4180 MsRPC - ok
14:58:28.0532 4180 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:58:28.0579 4180 mssmbios - ok
14:58:28.0642 4180 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:58:28.0704 4180 MSTEE - ok
14:58:28.0735 4180 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
14:58:28.0798 4180 MTsensor - ok
14:58:28.0844 4180 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:58:28.0891 4180 Mup - ok
14:58:28.0922 4180 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:58:29.0110 4180 napagent - ok
14:58:29.0172 4180 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:58:29.0281 4180 NativeWifiP - ok
14:58:29.0578 4180 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:58:29.0687 4180 NDIS - ok
14:58:29.0718 4180 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:58:29.0765 4180 NdisTapi - ok
14:58:29.0796 4180 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:58:29.0874 4180 Ndisuio - ok
14:58:29.0952 4180 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:58:30.0030 4180 NdisWan - ok
14:58:30.0077 4180 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:58:30.0139 4180 NDProxy - ok
14:58:30.0170 4180 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
14:58:30.0264 4180 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:58:30.0264 4180 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:58:30.0295 4180 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:58:30.0373 4180 NetBIOS - ok
14:58:30.0451 4180 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:58:30.0514 4180 netbt - ok
14:58:30.0560 4180 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:58:30.0670 4180 Netlogon - ok
14:58:30.0748 4180 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:58:30.0935 4180 Netman - ok
14:58:31.0028 4180 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:58:31.0216 4180 netprofm - ok
14:58:31.0294 4180 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:58:31.0325 4180 NetTcpPortSharing - ok
14:58:31.0465 4180 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:58:31.0512 4180 nfrd960 - ok
14:58:31.0590 4180 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:58:31.0621 4180 NisDrv - ok
14:58:31.0855 4180 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
14:58:31.0886 4180 NisSrv - ok
14:58:31.0964 4180 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:58:32.0152 4180 NlaSvc - ok
14:58:32.0261 4180 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:58:32.0308 4180 Npfs - ok
14:58:32.0432 4180 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:58:32.0604 4180 nsi - ok
14:58:32.0651 4180 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:58:32.0713 4180 nsiproxy - ok
14:58:33.0072 4180 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:58:33.0244 4180 Ntfs - ok
14:58:33.0290 4180 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:58:33.0400 4180 ntrigdigi - ok
14:58:33.0431 4180 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:58:33.0493 4180 Null - ok
14:58:37.0705 4180 nvlddmkm (5ce5b23855262acabaecce156f48dd88) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:58:38.0516 4180 nvlddmkm - ok
14:58:38.0766 4180 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:58:38.0797 4180 nvraid - ok
14:58:38.0813 4180 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:58:38.0860 4180 nvstor - ok
14:58:38.0922 4180 nvsvc (6df4cc671cd9704840c5522627f3ed43) C:\Windows\system32\nvvsvc.exe
14:58:39.0078 4180 nvsvc - ok
14:58:39.0140 4180 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:58:39.0172 4180 nv_agp - ok
14:58:39.0187 4180 NwlnkFlt - ok
14:58:39.0203 4180 NwlnkFwd - ok
14:58:39.0359 4180 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:58:39.0406 4180 odserv - ok
14:58:39.0452 4180 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:58:39.0546 4180 ohci1394 - ok
14:58:39.0640 4180 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:58:39.0671 4180 ose - ok
14:58:39.0874 4180 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:58:40.0123 4180 p2pimsvc - ok
14:58:40.0139 4180 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:58:40.0310 4180 p2psvc - ok
14:58:40.0373 4180 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:58:40.0482 4180 Parport - ok
14:58:40.0529 4180 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
14:58:40.0591 4180 partmgr - ok
14:58:40.0622 4180 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:58:40.0732 4180 Parvdm - ok
14:58:40.0794 4180 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:58:41.0028 4180 PcaSvc - ok
14:58:41.0075 4180 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
14:58:41.0137 4180 pccsmcfd - ok
14:58:41.0184 4180 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:58:41.0231 4180 pci - ok
14:58:41.0262 4180 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:58:41.0309 4180 pciide - ok
14:58:41.0371 4180 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:58:41.0418 4180 pcmcia - ok
14:58:41.0590 4180 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:58:41.0730 4180 PEAUTH - ok
14:58:42.0026 4180 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:58:42.0276 4180 pla - ok
14:58:42.0650 4180 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:58:42.0869 4180 PlugPlay - ok
14:58:42.0916 4180 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
14:58:43.0009 4180 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:58:43.0009 4180 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:58:43.0118 4180 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:58:43.0321 4180 PNRPAutoReg - ok
14:58:43.0337 4180 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:58:43.0524 4180 PNRPsvc - ok
14:58:43.0586 4180 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:58:43.0774 4180 PolicyAgent - ok
14:58:43.0836 4180 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:58:43.0898 4180 PptpMiniport - ok
14:58:43.0945 4180 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:58:44.0008 4180 Processor - ok
14:58:44.0132 4180 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:58:44.0304 4180 ProfSvc - ok
14:58:44.0366 4180 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:58:44.0476 4180 ProtectedStorage - ok
14:58:44.0663 4180 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:58:44.0756 4180 PSched - ok
14:58:44.0788 4180 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
14:58:44.0819 4180 PxHelp20 - ok
14:58:45.0053 4180 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:58:45.0146 4180 ql2300 - ok
14:58:45.0209 4180 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:58:45.0240 4180 ql40xx - ok
14:58:45.0318 4180 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:58:45.0536 4180 QWAVE - ok
14:58:45.0583 4180 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:58:45.0630 4180 QWAVEdrv - ok
14:58:45.0817 4180 RapiMgr (70dbdab246c18b78e2200d6401d038be) C:\Windows\WindowsMobile\rapimgr.dll
14:58:45.0895 4180 RapiMgr - ok
14:58:45.0926 4180 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:58:46.0004 4180 RasAcd - ok
14:58:46.0082 4180 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:58:46.0285 4180 RasAuto - ok
14:58:46.0348 4180 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:58:46.0457 4180 Rasl2tp - ok
14:58:46.0753 4180 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:58:46.0972 4180 RasMan - ok
14:58:47.0128 4180 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:58:47.0252 4180 RasPppoe - ok
14:58:47.0362 4180 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:58:47.0393 4180 RasSstp - ok
14:58:47.0502 4180 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:58:47.0549 4180 rdbss - ok
14:58:47.0611 4180 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:58:47.0674 4180 RDPCDD - ok
14:58:47.0720 4180 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:58:47.0783 4180 rdpdr - ok
14:58:47.0798 4180 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:58:47.0892 4180 RDPENCDD - ok
14:58:47.0954 4180 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
14:58:48.0032 4180 RDPWD - ok
14:58:48.0064 4180 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:58:48.0220 4180 RemoteAccess - ok
14:58:48.0282 4180 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:58:48.0485 4180 RemoteRegistry - ok
14:58:48.0563 4180 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys
14:58:48.0594 4180 rimmptsk - ok
14:58:48.0656 4180 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
14:58:48.0688 4180 rimsptsk - ok
14:58:48.0703 4180 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
14:58:48.0766 4180 rismxdp - ok
14:58:48.0828 4180 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:58:48.0953 4180 RpcLocator - ok
14:58:49.0109 4180 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:58:49.0312 4180 RpcSs - ok
14:58:49.0358 4180 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:58:49.0421 4180 rspndr - ok
14:58:49.0468 4180 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys
14:58:49.0499 4180 s0016bus - ok
14:58:49.0530 4180 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys
14:58:49.0561 4180 s0016mdfl - ok
14:58:49.0592 4180 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys
14:58:49.0655 4180 s0016mdm - ok
14:58:49.0702 4180 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys
14:58:49.0764 4180 s0016mgmt - ok
14:58:49.0795 4180 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys
14:58:49.0826 4180 s0016nd5 - ok
14:58:49.0904 4180 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys
14:58:49.0936 4180 s0016obex - ok
14:58:49.0982 4180 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys
14:58:50.0014 4180 s0016unic - ok
14:58:50.0092 4180 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:58:50.0216 4180 SamSs - ok
14:58:50.0263 4180 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:58:50.0326 4180 sbp2port - ok
14:58:50.0404 4180 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:58:50.0622 4180 SCardSvr - ok
14:58:50.0825 4180 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:58:51.0090 4180 Schedule - ok
14:58:51.0121 4180 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:58:51.0168 4180 SCPolicySvc - ok
14:58:51.0246 4180 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
14:58:51.0293 4180 sdbus - ok
14:58:51.0340 4180 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:58:51.0558 4180 SDRSVC - ok
14:58:51.0589 4180 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:58:51.0714 4180 secdrv - ok
14:58:51.0761 4180 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:58:51.0979 4180 seclogon - ok
14:58:52.0010 4180 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
14:58:52.0057 4180 seehcri - ok
14:58:52.0088 4180 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
14:58:52.0291 4180 SENS - ok
14:58:52.0338 4180 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:58:52.0463 4180 Serenum - ok
14:58:52.0494 4180 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:58:52.0619 4180 Serial - ok
14:58:52.0712 4180 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:58:52.0790 4180 sermouse - ok
14:58:53.0118 4180 ServiceLayer (9d38320bb32230349379df5ddbbf7fce) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
14:58:53.0227 4180 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
14:58:53.0227 4180 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
14:58:53.0321 4180 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:58:53.0524 4180 SessionEnv - ok
14:58:53.0570 4180 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
14:58:53.0617 4180 sffdisk - ok
14:58:53.0664 4180 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:58:53.0726 4180 sffp_mmc - ok
14:58:53.0804 4180 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:58:53.0867 4180 sffp_sd - ok
14:58:53.0898 4180 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
14:58:53.0976 4180 sfloppy - ok
14:58:54.0070 4180 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:58:54.0194 4180 SharedAccess - ok
14:58:54.0335 4180 ShellHWDetection (c818c44c201898399bf999bb6b35d4e3) C:\Windows\System32\shsvcs.dll
14:58:54.0553 4180 ShellHWDetection - ok
14:58:54.0616 4180 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:58:54.0647 4180 sisagp - ok
14:58:54.0678 4180 SiSGbeLH (73838461f11fc7daee7922c945b2d74f) C:\Windows\system32\DRIVERS\SiSGB6.sys
14:58:54.0725 4180 SiSGbeLH - ok
14:58:54.0787 4180 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:58:54.0834 4180 SiSRaid2 - ok
14:58:54.0881 4180 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:58:54.0912 4180 SiSRaid4 - ok
14:58:55.0583 4180 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:58:56.0800 4180 slsvc - ok
14:58:57.0049 4180 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:58:57.0252 4180 SLUINotify - ok
14:58:57.0330 4180 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:58:57.0392 4180 Smb - ok
14:58:57.0626 4180 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
14:58:57.0876 4180 smserial - ok
14:58:57.0954 4180 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:58:58.0126 4180 SNMPTRAP - ok
14:58:58.0438 4180 SNP2UVC (85da7b2a2f248c8c69d7d0a526342683) C:\Windows\system32\DRIVERS\snp2uvc.sys
14:58:58.0906 4180 SNP2UVC - ok
14:58:59.0233 4180 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:58:59.0264 4180 spldr - ok
14:58:59.0311 4180 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:58:59.0514 4180 Spooler - ok
14:58:59.0608 4180 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:58:59.0670 4180 srv - ok
14:58:59.0748 4180 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:58:59.0810 4180 srv2 - ok
14:58:59.0842 4180 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:58:59.0920 4180 srvnet - ok
14:59:00.0013 4180 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:59:00.0263 4180 SSDPSRV - ok
14:59:00.0294 4180 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:59:00.0481 4180 SstpSvc - ok
14:59:00.0637 4180 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:59:00.0918 4180 stisvc - ok
14:59:00.0965 4180 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:59:00.0996 4180 swenum - ok
14:59:01.0136 4180 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:59:01.0386 4180 swprv - ok
14:59:01.0448 4180 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:59:01.0480 4180 Symc8xx - ok
14:59:01.0558 4180 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:59:01.0589 4180 Sym_hi - ok
14:59:01.0636 4180 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:59:01.0667 4180 Sym_u3 - ok
14:59:01.0792 4180 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
14:59:01.0823 4180 SynTP - ok
14:59:02.0041 4180 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:59:02.0369 4180 SysMain - ok
14:59:02.0416 4180 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:59:02.0634 4180 TabletInputService - ok
14:59:02.0743 4180 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:59:02.0993 4180 TapiSrv - ok
14:59:03.0071 4180 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:59:03.0305 4180 TBS - ok
14:59:03.0523 4180 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
14:59:03.0695 4180 Tcpip - ok
14:59:03.0710 4180 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
14:59:03.0788 4180 Tcpip6 - ok
14:59:03.0851 4180 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
14:59:03.0898 4180 tcpipreg - ok
14:59:03.0944 4180 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:59:04.0007 4180 TDPIPE - ok
14:59:04.0038 4180 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:59:04.0116 4180 TDTCP - ok
14:59:04.0194 4180 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:59:04.0256 4180 tdx - ok
14:59:04.0288 4180 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:59:04.0334 4180 TermDD - ok
14:59:04.0506 4180 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:59:04.0724 4180 TermService - ok
14:59:04.0849 4180 Themes (c818c44c201898399bf999bb6b35d4e3) C:\Windows\system32\shsvcs.dll
14:59:05.0036 4180 Themes - ok
14:59:05.0068 4180 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:59:05.0208 4180 THREADORDER - ok
14:59:05.0255 4180 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:59:05.0520 4180 TrkWks - ok
14:59:05.0629 4180 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:59:05.0738 4180 TrustedInstaller - ok
14:59:05.0801 4180 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:59:05.0894 4180 tssecsrv - ok
14:59:05.0926 4180 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:59:06.0004 4180 tunmp - ok
14:59:06.0050 4180 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:59:06.0113 4180 tunnel - ok
14:59:06.0160 4180 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:59:06.0206 4180 uagp35 - ok
14:59:06.0269 4180 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:59:06.0331 4180 udfs - ok
14:59:06.0394 4180 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:59:06.0628 4180 UI0Detect - ok
14:59:06.0690 4180 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:59:06.0721 4180 uliagpkx - ok
14:59:06.0799 4180 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:59:06.0846 4180 uliahci - ok
14:59:06.0893 4180 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:59:06.0955 4180 UlSata - ok
14:59:07.0049 4180 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:59:07.0096 4180 ulsata2 - ok
14:59:07.0158 4180 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:59:07.0220 4180 umbus - ok
14:59:07.0298 4180 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
14:59:07.0314 4180 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
14:59:07.0314 4180 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
14:59:07.0423 4180 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:59:07.0657 4180 upnphost - ok
14:59:07.0876 4180 UPnPService (7ce0fe34fd8fb7f52d1e503b0c1e4fa9) C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
14:59:08.0000 4180 UPnPService ( UnsignedFile.Multi.Generic ) - warning
14:59:08.0000 4180 UPnPService - detected UnsignedFile.Multi.Generic (1)
14:59:08.0078 4180 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:59:08.0141 4180 usbccgp - ok
14:59:08.0203 4180 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:59:08.0344 4180 usbcir - ok
14:59:08.0390 4180 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:59:08.0453 4180 usbehci - ok
14:59:08.0500 4180 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:59:08.0578 4180 usbhub - ok
14:59:08.0593 4180 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
14:59:08.0671 4180 usbohci - ok
14:59:08.0702 4180 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:59:08.0780 4180 usbprint - ok
14:59:08.0812 4180 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:59:08.0874 4180 usbscan - ok
14:59:08.0952 4180 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:59:09.0030 4180 USBSTOR - ok
14:59:09.0077 4180 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:59:09.0155 4180 usbuhci - ok
14:59:09.0217 4180 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
14:59:09.0311 4180 usbvideo - ok
14:59:09.0373 4180 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:59:09.0576 4180 UxSms - ok
14:59:09.0748 4180 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:59:10.0028 4180 vds - ok
14:59:10.0091 4180 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:59:10.0184 4180 vga - ok
14:59:10.0216 4180 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:59:10.0309 4180 VgaSave - ok
14:59:10.0372 4180 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:59:10.0418 4180 viaagp - ok
14:59:10.0434 4180 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:59:10.0512 4180 ViaC7 - ok
14:59:10.0543 4180 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:59:10.0590 4180 viaide - ok
14:59:10.0668 4180 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:59:10.0699 4180 volmgr - ok
14:59:10.0808 4180 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:59:10.0886 4180 volmgrx - ok
14:59:10.0980 4180 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:59:11.0027 4180 volsnap - ok
14:59:11.0105 4180 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:59:11.0152 4180 vsmraid - ok
14:59:11.0386 4180 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:59:11.0729 4180 VSS - ok
14:59:11.0854 4180 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:59:12.0103 4180 W32Time - ok
14:59:12.0197 4180 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:59:12.0322 4180 WacomPen - ok
14:59:12.0368 4180 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:59:12.0431 4180 Wanarp - ok
14:59:12.0446 4180 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:59:12.0493 4180 Wanarpv6 - ok
14:59:12.0634 4180 WcesComm (779f9c90d3fe9c70b6ffd8ef035f3e83) C:\Windows\WindowsMobile\wcescomm.dll
14:59:12.0743 4180 WcesComm - ok
14:59:12.0868 4180 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:59:13.0133 4180 wcncsvc - ok
14:59:13.0180 4180 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:59:13.0429 4180 WcsPlugInService - ok
14:59:13.0492 4180 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:59:13.0538 4180 Wd - ok
14:59:13.0632 4180 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:59:13.0710 4180 Wdf01000 - ok
14:59:13.0757 4180 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:59:14.0006 4180 WdiServiceHost - ok
14:59:14.0006 4180 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:59:14.0225 4180 WdiSystemHost - ok
14:59:14.0318 4180 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:59:14.0521 4180 WebClient - ok
14:59:14.0599 4180 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:59:14.0818 4180 Wecsvc - ok
14:59:14.0864 4180 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:59:15.0083 4180 wercplsupport - ok
14:59:15.0161 4180 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:59:15.0395 4180 WerSvc - ok
14:59:15.0582 4180 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:59:15.0613 4180 WinDefend - ok
14:59:15.0629 4180 WinHttpAutoProxySvc - ok
14:59:15.0754 4180 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:59:16.0331 4180 Winmgmt - ok
14:59:16.0612 4180 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:59:17.0002 4180 WinRM - ok
14:59:17.0142 4180 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
14:59:17.0220 4180 winusb - ok
14:59:17.0438 4180 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:59:17.0766 4180 Wlansvc - ok
14:59:17.0828 4180 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:59:17.0891 4180 WmiAcpi - ok
14:59:18.0016 4180 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:59:18.0094 4180 wmiApSrv - ok
14:59:18.0343 4180 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:59:18.0468 4180 WMPNetworkSvc - ok
14:59:18.0546 4180 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
14:59:18.0827 4180 WPCSvc - ok
14:59:18.0936 4180 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:59:19.0201 4180 WPDBusEnum - ok
14:59:19.0279 4180 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:59:19.0326 4180 WpdUsb - ok
14:59:19.0622 4180 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:59:19.0794 4180 WPFFontCache_v0400 - ok
14:59:19.0825 4180 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:59:19.0919 4180 ws2ifsl - ok
14:59:19.0981 4180 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
14:59:20.0200 4180 wscsvc - ok
14:59:20.0200 4180 WSearch - ok
14:59:20.0668 4180 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
14:59:20.0980 4180 wuauserv - ok
14:59:21.0307 4180 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:59:21.0370 4180 WUDFRd - ok
14:59:21.0416 4180 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:59:21.0682 4180 wudfsvc - ok
14:59:21.0713 4180 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
14:59:21.0900 4180 yukonwlh - ok
14:59:21.0916 4180 ZTEusbmdm6k - ok
14:59:21.0931 4180 ZTEusbnmea - ok
14:59:21.0947 4180 ZTEusbser6k - ok
14:59:21.0994 4180 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
14:59:23.0195 4180 \Device\Harddisk0\DR0 - ok
14:59:23.0226 4180 Boot (0x1200) (dc5bebaa0836eb57b1151d144e9c2b68) \Device\Harddisk0\DR0\Partition0
14:59:23.0242 4180 \Device\Harddisk0\DR0\Partition0 - ok
14:59:23.0242 4180 Boot (0x1200) (437b759a6a2848136cef98208b1a2512) \Device\Harddisk0\DR0\Partition1
14:59:23.0257 4180 \Device\Harddisk0\DR0\Partition1 - ok
14:59:23.0257 4180 ============================================================
14:59:23.0257 4180 Scan finished
14:59:23.0257 4180 ============================================================
14:59:23.0288 4520 Detected object count: 13
14:59:23.0288 4520 Actual detected object count: 13
15:03:35.0647 4520 ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:35.0647 4520 ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:35.0663 4520 ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:35.0663 4520 ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:35.0663 4520 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:35.0663 4520 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:35.0663 4520 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:35.0663 4520 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:35.0663 4520 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:35.0663 4520 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:35.0679 4520 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:35.0679 4520 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:35.0679 4520 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:35.0679 4520 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:35.0679 4520 MpKsld7381dd8 ( ForgedFile.Multi.Generic ) - skipped by user
15:03:35.0679 4520 MpKsld7381dd8 ( ForgedFile.Multi.Generic ) - User select action: Skip
15:03:35.0679 4520 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:35.0679 4520 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:35.0694 4520 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:35.0694 4520 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:35.0694 4520 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:35.0694 4520 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:35.0710 4520 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:35.0710 4520 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:35.0710 4520 UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:35.0710 4520 UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:43.0167 5116 Deinitialize success
weil ich geglaubt habe so viel... war unnötig.lg |
|
06.08.2012, 12:25
| #24 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | HILFE für PC-DUMMIE---WIN32/Obfuscator.ZU und WIN32/ShopperReportsZitat:
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2012, 14:24
| #25 |
| | HILFE für PC-DUMMIE---WIN32/Obfuscator.ZU und WIN32/ShopperReports entschuldigung ich glaube das hast du jetzt falsch verstanden... ich habe gemeint das der TDSS-Killer so viel gefunden hat ( und das nach meinen Verständiss nicht so gut ist) und darum !Ich bin dir wirklich sehr dankbar das du mir hilfst. [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-08-05.02 - Vroni 06.08.2012 16:18:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.3071.1952 [GMT 2:00]
ausgeführt von:: c:\users\Vroni\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\ASPG_icon.ico
c:\programdata\vhxukcdgwtaesys
c:\users\Vroni\AppData\Roaming\602024875.log
c:\windows\IsUn0407.exe
c:\windows\msvcr71.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-06 bis 2012-08-06 ))))))))))))))))))))))))))))))
.
.
2012-08-06 14:32 . 2012-08-06 14:32 -------- d-----w- c:\users\Vroni\AppData\Local\temp
2012-08-06 14:32 . 2012-08-06 14:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 13:11 . 2012-08-06 13:11 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6235D29E-3F02-4316-BBDB-A31613DC0523}\MpKsl9111d226.sys
2012-08-05 14:31 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6235D29E-3F02-4316-BBDB-A31613DC0523}\mpengine.dll
2012-08-03 13:04 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-02 04:46 . 2012-08-02 04:46 -------- d-----w- C:\_OTL
2012-07-26 17:42 . 2012-07-26 17:42 -------- d-----w- c:\users\Vroni\AppData\Local\Macromedia
2012-07-26 17:41 . 2012-07-26 17:41 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-25 11:38 . 2012-07-25 11:38 -------- d-----w- c:\program files\ESET
2012-07-23 20:29 . 2012-07-23 20:29 -------- d-----w- c:\users\Vroni\AppData\Roaming\Malwarebytes
2012-07-23 20:28 . 2012-07-23 20:28 -------- d-----w- c:\programdata\Malwarebytes
2012-07-23 20:28 . 2012-08-06 14:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-22 17:58 . 2012-07-22 17:58 -------- d-----w- c:\users\Vroni\AppData\Local\Apple
2012-07-22 15:10 . 2012-07-22 18:13 -------- d-----w- c:\users\Vroni\AppData\Roaming\GlarySoft
2012-07-22 13:19 . 2012-07-22 13:19 -------- d-----w- c:\users\Vroni\{6ea777ac-cad2-4119-adb1-f85e1458b3ec}
2012-07-20 12:34 . 2012-07-25 09:49 -------- d-----w- c:\programdata\olbdvxfbegvdtbk
2012-07-12 06:13 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 06:46 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 06:46 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 06:46 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 06:45 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 06:45 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 06:45 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 04:48 . 2008-10-31 20:56 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-07-26 17:41 . 2011-08-19 12:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-22 06:10 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 06:10 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 06:09 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 06:09 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 06:10 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 06:10 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 06:09 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 06:09 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 06:09 33792 ----a-w- c:\windows\system32\wuapp.exe
2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2012-07-19 13:01 . 2012-03-22 20:37 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]
"Microsoft Security Client User Interface"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 54672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Skytel"="Skytel.exe" [2008-08-12 1833504]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
c:\users\Vroni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HP Software Update"=d:\hp software update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="D:\iTunesHelper.exe"
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe"
"ATKMEDIA"=c:\program files\ASUS\ATK Media\DMedia.exe
"ASUS Camera ScreenSaver"=c:\windows\AsScrProlog.exe
"ASUS Screen Saver Protector"=c:\windows\ASScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL9111D226
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 08:21]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 08:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Vroni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 212.33.55.5 212.33.32.160
FF - ProfilePath - c:\users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.at
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-06 16:32
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{33420e29-6319-49a4-b419-f73ef867e746}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f001e8c
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{43b3a21d-ad89-4897-b996-0be9e8d7f5fd}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1a020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{b285989a-b40e-43b1-848e-ffaf486cd157}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:11002243
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{db5d69ae-4b8e-4b8f-8b1a-9ed28c96f23c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d002354
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
Zeit der Fertigstellung: 2012-08-06 16:37:28
ComboFix-quarantined-files.txt 2012-08-06 14:37
.
Vor Suchlauf: 7 Verzeichnis(se), 98.150.203.392 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 99.097.653.248 Bytes frei
.
- - End Of File - - BD0E13C5B2233CD3AF3C8A391F0957FB
|
|
06.08.2012, 20:13
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HILFE für PC-DUMMIE---WIN32/Obfuscator.ZU und WIN32/ShopperReports Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter Folder::
c:\programdata\olbdvxfbegvdtbk
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2012, 21:28
| #27 |
| | HILFE für PC-DUMMIE---WIN32/Obfuscator.ZU und WIN32/ShopperReports [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-08-05.02 - Vroni 06.08.2012 22:10:45.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.3071.1931 [GMT 2:00]
ausgeführt von:: c:\users\Vroni\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Vroni\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\olbdvxfbegvdtbk
c:\programdata\olbdvxfbegvdtbk\at-flag.png
c:\programdata\olbdvxfbegvdtbk\at-image.png
c:\programdata\olbdvxfbegvdtbk\btn-green.png
c:\programdata\olbdvxfbegvdtbk\corners-btn.png
c:\programdata\olbdvxfbegvdtbk\corners1.png
c:\programdata\olbdvxfbegvdtbk\corners2.png
c:\programdata\olbdvxfbegvdtbk\corners3.png
c:\programdata\olbdvxfbegvdtbk\corners4.png
c:\programdata\olbdvxfbegvdtbk\ie6-7.css
c:\programdata\olbdvxfbegvdtbk\jquery.main.js
c:\programdata\olbdvxfbegvdtbk\McAfee.png
c:\programdata\olbdvxfbegvdtbk\pay17.png
c:\programdata\olbdvxfbegvdtbk\steps-de.png
c:\programdata\olbdvxfbegvdtbk\steps-en.png
c:\programdata\olbdvxfbegvdtbk\style.css
c:\programdata\olbdvxfbegvdtbk\tabs.png
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-06 bis 2012-08-06 ))))))))))))))))))))))))))))))
.
.
2012-08-06 20:21 . 2012-08-06 20:22 -------- d-----w- c:\users\Vroni\AppData\Local\temp
2012-08-06 20:21 . 2012-08-06 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 15:04 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92AFA062-D30C-4405-B247-5621E6EC1007}\mpengine.dll
2012-08-06 14:41 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-02 04:46 . 2012-08-02 04:46 -------- d-----w- C:\_OTL
2012-07-26 17:42 . 2012-07-26 17:42 -------- d-----w- c:\users\Vroni\AppData\Local\Macromedia
2012-07-26 17:41 . 2012-07-26 17:41 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-25 11:38 . 2012-07-25 11:38 -------- d-----w- c:\program files\ESET
2012-07-23 20:29 . 2012-07-23 20:29 -------- d-----w- c:\users\Vroni\AppData\Roaming\Malwarebytes
2012-07-23 20:28 . 2012-07-23 20:28 -------- d-----w- c:\programdata\Malwarebytes
2012-07-22 17:58 . 2012-07-22 17:58 -------- d-----w- c:\users\Vroni\AppData\Local\Apple
2012-07-22 15:10 . 2012-07-22 18:13 -------- d-----w- c:\users\Vroni\AppData\Roaming\GlarySoft
2012-07-22 13:19 . 2012-07-22 13:19 -------- d-----w- c:\users\Vroni\{6ea777ac-cad2-4119-adb1-f85e1458b3ec}
2012-07-12 06:13 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 06:46 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 06:46 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 06:46 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 06:45 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 06:45 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 06:45 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 04:48 . 2008-10-31 20:56 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-07-26 17:41 . 2011-08-19 12:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-22 06:10 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 06:10 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 06:09 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 06:09 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 06:10 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 06:10 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 06:09 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 06:09 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 06:09 33792 ----a-w- c:\windows\system32\wuapp.exe
2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2012-07-19 13:01 . 2012-03-22 20:37 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]
"Microsoft Security Client User Interface"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 54672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Skytel"="Skytel.exe" [2008-08-12 1833504]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
c:\users\Vroni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HP Software Update"=d:\hp software update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="D:\iTunesHelper.exe"
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe"
"ATKMEDIA"=c:\program files\ASUS\ATK Media\DMedia.exe
"ASUS Camera ScreenSaver"=c:\windows\AsScrProlog.exe
"ASUS Screen Saver Protector"=c:\windows\ASScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLE1915210
*NewlyCreated* - WS2IFSL
*Deregistered* - MpKsle1915210
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 08:21]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 08:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Vroni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 212.33.55.5 212.33.32.160
FF - ProfilePath - c:\users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.at
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-06 22:22
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-08-06 22:26:00
ComboFix-quarantined-files.txt 2012-08-06 20:25
ComboFix2.txt 2012-08-06 14:37
.
Vor Suchlauf: 12 Verzeichnis(se), 97.084.891.136 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 97.059.381.248 Bytes frei
.
- - End Of File - - 8B1BF5870BF36AC8697FD65430904B9B
|
|
07.08.2012, 20:48
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HILFE für PC-DUMMIE---WIN32/Obfuscator.ZU und WIN32/ShopperReports Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.08.2012, 17:05
| #29 |
| | HILFE für PC-DUMMIE---WIN32/Obfuscator.ZU und WIN32/ShopperReports Hallo, irgendwie funktioniert das bei mir überhaupt nicht. GMER kann ich nicht runterladen,weil bei dem LINK kommt immer eine leere Seite mit Erro. Und wenn ich OSAM runterlade, zeigt der Pc sie mir als Mediendatei an, bei der sich nichts entpacken lässt?! Sorry hab´s ein paar Mal probiert. Lg Vroni |
|
10.08.2012, 19:42
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HILFE für PC-DUMMIE---WIN32/Obfuscator.ZU und WIN32/ShopperReports Nimm von GMER das Archiv => http://www2.gmer.net/gmer.zip Runterladen, entpacken, ausführen Dasselbe mit OSAM => runterladen egal als was für ein Dateityp Windows meint das erkennen zu müssen => Rechtsklick => 7zip => entpacken nach "osam-portable....."
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu HILFE für PC-DUMMIE---WIN32/Obfuscator.ZU und WIN32/ShopperReports |
| ahnung, aufsetzen, bilder, bildschirm, bräuchte, datei, direkt, einfach, entfernen, erste mal, fenster, frage, hallo zusammen, internet, modus, neu, neu aufgesetzt, neu aufsetzen, neu aufsetzten, nicht geladen, programme, rufzeichen, speicher, speichern, startet, temp, trojaner, öffnen |
Linear-Darstellung
