| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Comodo meldet die ganze zeit QLK.exe.. in sandbox ausfüren (glaube virus)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.06.2010, 16:48
| #1 |
 |  Comodo meldet die ganze zeit QLK.exe.. in sandbox ausfüren (glaube virus) Hallo Habe euer Forum Zufällig Über die Google Suche gefunden , Ich habe ein Problem mit meinem Netbook ich denke das ich einen Virus habe . Comodo Zeigt mir immer an Das er eine Exe geblockt Hat Die sich QLK.exe oder auch mal Qll.exe nennt Die sich in einem Ordner Themp Befinden soll. Wenn ich diesen Ordner Öffne Ist da aber keine Datei mit diesem namen zu finden ... Deswegen gehe ich Davon aus Das es ein Virus ist Es ist auch eine Lange zeit Vorgekommen das der IE Von Selbst auf ging und eine Java Script Seite auf machen Wollte was die Firewall Aber geblockt hat ... Hoffe ihr könnt mir etwas helfen mit meinen nicht Grad fachmäsigen Ausdrücken Danke euch schon mal ganz lieb im Voraus |
|
20.06.2010, 18:08
| #2 |
| | Comodo meldet die ganze zeit QLK.exe.. in sandbox ausfüren (glaube virus) Soll ich Ein bild von Dem wie sagt ma dazu Status hochladen ?
__________________ |
|
20.06.2010, 18:14
| #3 |
| /// Malware-holic   | Comodo meldet die ganze zeit QLK.exe.. in sandbox ausfüren (glaube virus) ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "run Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste die beiden |
|
20.06.2010, 19:10
| #4 |
| |  Comodo meldet die ganze zeit QLK.exe.. in sandbox ausfüren (glaube virus) Ok er Ist noch am Scannen , wenn er fertig ist Melde ich mich wieder Musste nur etwas umdenken da diese exe auf deutsch ist und die Wort Beschreibung auf englisch  |
|
20.06.2010, 19:18
| #5 |
| /// Malware-holic | Comodo meldet die ganze zeit QLK.exe.. in sandbox ausfüren (glaube virus) jo sorry muss das mal anpassen :d |
|
20.06.2010, 20:16
| #6 |
| | Comodo meldet die ganze zeit QLK.exe.. in sandbox ausfüren (glaube virus) So fertig OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.06.2010 20:00:41 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Simone\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.013,00 Mb Total Physical Memory | 404,00 Mb Available Physical Memory | 40,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 50,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 49,01 Gb Total Space | 36,69 Gb Free Space | 74,86% Space Free | Partition Type: NTFS Drive D: | 100,04 Gb Total Space | 48,56 Gb Free Space | 48,54% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SIMONE-PC Current User Name: Simone Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Simone\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Simone\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) PRC - C:\Program Files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe (SRS Labs, Inc.) PRC - C:\Program Files\SRS Labs\WOWHD and TSXT Driver\SRSTrayApp.exe (SRS Labs, Inc.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) ========== Modules (SafeList) ========== MOD - C:\Users\Simone\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\guard32.dll (COMODO) MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation) MOD - C:\Windows\IME\SPTIP.DLL (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\Speech\SpeechUX\SpeechUXPS.DLL (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\RpcRtRemote.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptsp.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (SRS_PostInstaller) -- C:\Program Files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe (SRS Labs, Inc.) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO) DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO) DRV - (cmderd) -- C:\Windows\System32\drivers\cmderd.sys (COMODO) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (RTL8187Se) -- C:\Windows\System32\drivers\rtl8187Se.sys (Realtek Semiconductor Corporation ) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (wowfilter) -- C:\Windows\System32\drivers\WOWFilter.sys () DRV - (Ndisipo) -- C:\Windows\System32\drivers\Ndisipo.sys (Windows (R) 2000 DDK provider) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1410707162-3903787834-214492373-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1410707162-3903787834-214492373-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1410707162-3903787834-214492373-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 79 FD 0D 2A 0C CB 01 [binary data] IE - HKU\S-1-5-21-1410707162-3903787834-214492373-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.15 03:44:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.15 03:44:56 | 000,000,000 | ---D | M] [2010.06.15 03:55:34 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\mozilla\Extensions [2010.06.15 16:14:57 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\mozilla\Firefox\Profiles\zdv0nex9.default\extensions [2010.06.15 16:14:57 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\mozilla\Firefox\Profiles\zdv0nex9.default\extensions\ChoiceGuard@Microsoft [2010.06.18 13:56:43 | 000,001,819 | ---- | M] () -- C:\Users\Simone\AppData\Roaming\Mozilla\FireFox\Profiles\zdv0nex9.default\searchplugins\bing.xml [2010.06.15 03:43:55 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2010.06.15 03:43:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.06.15 03:43:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-1410707162-3903787834-214492373-1001..\Run: [M5T8QL3YW3] C:\Users\Simone\AppData\Local\Temp\Qll.exe File not found O4 - HKU\S-1-5-21-1410707162-3903787834-214492373-1001..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1410707162-3903787834-214492373-1001..\Run: [SRSTrayApp] C:\Program Files\SRS Labs\WOWHD and TSXT Driver\SRSTrayApp.exe (SRS Labs, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:05:39 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2009.07.14 04:37:08 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) ========== Files/Folders - Created Within 30 Days ========== [2010.06.20 16:35:53 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Simone\Desktop\mbam-setup-1.45.exe [2010.06.19 15:35:47 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2010.06.19 15:35:46 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys [2010.06.19 15:35:46 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys [2010.06.19 15:35:44 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys [2010.06.19 15:35:42 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2010.06.19 15:33:53 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe [2010.06.19 15:33:53 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr [2010.06.19 15:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010.06.19 15:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010.06.17 23:15:21 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\COMODO [2010.06.17 21:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK RTL8187SE Wireless LAN Driver [2010.06.17 19:50:24 | 000,000,000 | ---D | C] -- C:\Users\Simone\Documents\DriverGenius [2010.06.17 18:14:13 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Roaming\OpenOffice.org [2010.06.16 22:37:28 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\Adobe [2010.06.16 21:32:22 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010.06.16 21:12:27 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp [2010.06.16 20:56:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang [2010.06.16 20:56:37 | 001,002,008 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpun.exe [2010.06.16 20:23:55 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010.06.16 20:23:53 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.06.16 20:23:53 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.06.16 20:23:48 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2010.06.16 20:23:26 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010.06.16 20:22:50 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2010.06.16 20:22:50 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys [2010.06.16 20:22:44 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.06.16 20:22:34 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll [2010.06.16 20:22:33 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2010.06.16 20:22:31 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2010.06.16 20:22:29 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.06.16 20:22:08 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.06.16 20:22:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2010.06.16 20:22:02 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.06.16 20:21:50 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.06.16 20:21:48 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.06.16 20:21:48 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.06.16 20:21:46 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.06.16 20:21:41 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2010.06.16 20:21:41 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2010.06.16 20:21:40 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2010.06.16 20:21:34 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.06.16 20:21:32 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.06.16 20:21:29 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.06.16 20:21:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.06.16 20:20:54 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2010.06.16 20:20:54 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2010.06.16 20:20:52 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2010.06.16 20:20:52 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2010.06.16 20:20:52 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2010.06.16 20:20:51 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2010.06.16 20:20:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2010.06.16 20:20:50 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2010.06.16 20:20:33 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.06.16 20:20:33 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.06.16 20:20:33 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.06.15 16:54:07 | 000,000,000 | ---D | C] -- C:\Users\Simone\Documents\Meine empfangenen Dateien [2010.06.15 16:15:09 | 000,000,000 | ---D | C] -- C:\Users\Simone\Tracing [2010.06.15 16:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2010.06.15 16:08:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010.06.15 16:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive [2010.06.15 16:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2010.06.15 16:06:37 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010.06.15 16:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2010.06.15 13:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2010.06.15 13:49:20 | 000,000,000 | ---D | C] -- C:\Users\Simone\Documents\Youcam [2010.06.15 12:59:53 | 000,000,000 | ---D | C] -- C:\Users\Simone\Documents\Bluetooth [2010.06.15 12:58:35 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\Toshiba [2010.06.15 12:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2010.06.15 12:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Toshiba [2010.06.15 12:48:27 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Roaming\InstallShield [2010.06.15 12:48:16 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010.06.15 12:46:49 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Roaming\SRSCPL [2010.06.15 12:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\SRS Labs [2010.06.15 12:40:53 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll [2010.06.15 12:40:47 | 002,333,728 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll [2010.06.15 12:40:45 | 000,067,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\DaisyWrp.dll [2010.06.15 12:37:21 | 000,000,000 | -H-D | C] -- C:\VritualRoot [2010.06.15 12:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\BIOSUPDATE [2010.06.15 12:30:55 | 000,015,232 | ---- | C] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\drivers\Ndisipo.sys [2010.06.15 12:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\LG Software [2010.06.15 12:27:56 | 000,000,000 | ---D | C] -- C:\Intel [2010.06.15 12:27:31 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2010.06.15 12:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink [2010.06.15 12:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2010.06.15 12:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows 7 Loader 1.7.7 by Daz [2010.06.15 12:07:18 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Roaming\WinRAR [2010.06.15 12:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2010.06.15 09:35:28 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\Microsoft Games [2010.06.15 03:55:22 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Roaming\Mozilla [2010.06.15 03:55:22 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\Mozilla [2010.06.15 03:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO [2010.06.15 03:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2010.06.15 03:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader [2010.06.15 03:46:53 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Roaming\Macromedia [2010.06.15 03:46:52 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Roaming\Adobe [2010.06.15 03:46:01 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.06.15 03:45:30 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2010.06.15 03:45:29 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll [2010.06.15 03:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2010.06.15 03:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine [2010.06.15 03:44:45 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Roaming\Winamp [2010.06.15 03:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2010.06.15 03:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.06.15 03:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010.06.15 03:43:53 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.06.15 03:43:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.06.15 03:43:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.06.15 03:43:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.06.15 03:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010.06.15 03:42:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2010.06.15 03:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.06.15 03:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010.06.15 03:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010.06.15 03:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010.06.15 03:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2010.06.15 03:35:39 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010.06.15 03:31:42 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\Google [2010.06.15 03:31:19 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\Deployment [2010.06.15 03:31:19 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\Apps [2010.06.15 03:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010.06.15 03:23:43 | 000,000,000 | ---D | C] -- C:\Windows\de-DE [2010.06.15 03:23:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\XPSViewer [2010.06.15 03:23:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\0407 [2010.06.15 03:23:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\de-DE [2010.06.15 03:23:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\de [2010.06.15 03:16:45 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\volsnap.sys.mui [2010.06.15 03:16:45 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbport.sys.mui [2010.06.15 03:16:45 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbhub.sys.mui [2010.06.15 03:16:45 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\de-DE\pscr.sys.mui [2010.06.15 03:16:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vhdmp.sys.mui [2010.06.15 03:16:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tpm.sys.mui [2010.06.15 03:16:45 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\portcls.sys.mui [2010.06.15 03:16:45 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\umbus.sys.mui [2010.06.15 03:16:45 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\serscan.sys.mui [2010.06.15 03:16:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wd.sys.mui [2010.06.15 03:16:42 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pcmcia.sys.mui [2010.06.15 03:16:41 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mpio.sys.mui [2010.06.15 03:16:41 | 000,033,280 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\de-DE\yk62x86.sys.mui [2010.06.15 03:16:41 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1y6032.sys.mui [2010.06.15 03:16:41 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1e6032.sys.mui [2010.06.15 03:16:41 | 000,022,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\E1G60I32.sys.mui [2010.06.15 03:16:41 | 000,013,312 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1q6032.sys.mui [2010.06.15 03:16:41 | 000,013,312 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1k6032.sys.mui [2010.06.15 03:16:41 | 000,013,312 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\k57nd60x.sys.mui [2010.06.15 03:16:41 | 000,013,312 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\b57nd60x.sys.mui [2010.06.15 03:16:41 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\serial.sys.mui [2010.06.15 03:16:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui [2010.06.15 03:16:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\msdsm.sys.mui [2010.06.15 03:16:41 | 000,006,144 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\bcm4sbxp.sys.mui [2010.06.15 03:16:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\sermouse.sys.mui [2010.06.15 03:16:41 | 000,005,120 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e100b325.sys.mui [2010.06.15 03:16:41 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouclass.sys.mui [2010.06.15 03:16:41 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\parport.sys.mui [2010.06.15 03:16:41 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ataport.sys.mui [2010.06.15 03:16:41 | 000,003,072 | ---- | C] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\de-DE\getn62.sys.mui [2010.06.15 03:16:41 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\scsiport.sys.mui [2010.06.15 03:16:41 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rndismpx.sys.mui [2010.06.15 03:16:41 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rndismp6.sys.mui [2010.06.15 03:16:41 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\parvdm.sys.mui [2010.06.15 03:16:41 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouhid.sys.mui [2010.06.15 03:16:41 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vwifibus.sys.mui [2010.06.15 03:16:41 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\MTConfig.sys.mui [2010.06.15 03:16:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdide.sys.mui [2010.06.15 03:16:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\afd.sys.mui [2010.06.15 03:16:37 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bfe.dll.mui [2010.06.15 03:16:37 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui [2010.06.15 03:16:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ws2ifsl.sys.mui [2010.06.15 03:16:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbrpm.sys.mui [2010.06.15 03:16:36 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tcpip.sys.mui [2010.06.15 03:16:36 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tunnel.sys.mui [2010.06.15 03:16:36 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\modem.sys.mui [2010.06.15 03:16:33 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\srv.sys.mui [2010.06.15 03:16:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\fvevol.sys.mui [2010.06.15 03:16:32 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\scfilter.sys.mui [2010.06.15 03:16:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rdbss.sys.mui [2010.06.15 03:16:20 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pacer.sys.mui [2010.06.15 03:16:20 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\RNDISMP.sys.mui [2010.06.15 03:16:20 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\qwavedrv.sys.mui [2010.06.15 03:16:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\partmgr.sys.mui [2010.06.15 03:16:16 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ntfs.sys.mui [2010.06.15 03:16:16 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\nwifi.sys.mui [2010.06.15 03:16:15 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndis.sys.mui [2010.06.15 03:16:15 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndisuio.sys.mui [2010.06.15 03:16:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndiscap.sys.mui [2010.06.15 03:16:12 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mountmgr.sys.mui [2010.06.15 03:16:11 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\luafv.sys.mui [2010.06.15 03:16:10 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ipnat.sys.mui [2010.06.15 03:16:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\http.sys.mui [2010.06.15 03:16:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\fltmgr.sys.mui [2010.06.15 03:16:04 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\volmgrx.sys.mui [2010.06.15 03:16:00 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\viac7.sys.mui [2010.06.15 03:16:00 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\processr.sys.mui [2010.06.15 03:16:00 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\intelppm.sys.mui [2010.06.15 03:16:00 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdppm.sys.mui [2010.06.15 03:16:00 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdk8.sys.mui [2010.06.15 03:16:00 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerIb.sys.mui [2010.06.15 03:16:00 | 000,010,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\de-DE\ltmdmnt.sys.mui [2010.06.15 03:16:00 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pci.sys.mui [2010.06.15 03:16:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\IPMIDrv.sys.mui [2010.06.15 03:16:00 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui [2010.06.15 03:16:00 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthpan.sys.mui [2010.06.15 03:16:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wacompen.sys.mui [2010.06.15 03:16:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vdrvroot.sys.mui [2010.06.15 03:16:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\isapnp.sys.mui [2010.06.15 03:16:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\hdaudbus.sys.mui [2010.06.15 03:16:00 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\HdAudio.sys.mui [2010.06.15 03:16:00 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mssmbios.sys.mui [2010.06.15 03:16:00 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\hidbth.sys.mui [2010.06.15 03:16:00 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\VIAAGP.SYS.mui [2010.06.15 03:16:00 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ULIAGPKX.SYS.mui [2010.06.15 03:16:00 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\SISAGP.SYS.mui [2010.06.15 03:16:00 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pnpmem.sys.mui [2010.06.15 03:16:00 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\NV_AGP.SYS.mui [2010.06.15 03:16:00 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdhid.sys.mui [2010.06.15 03:16:00 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\Dot4usb.sys.mui [2010.06.15 03:16:00 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\AMDAGP.SYS.mui [2010.06.15 03:16:00 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\AGP440.sys.mui [2010.06.15 03:16:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\disk.sys.mui [2010.06.15 03:16:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\cdrom.sys.mui [2010.06.15 03:15:59 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ohci1394.sys.mui [2010.06.15 03:15:59 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\1394ohci.sys.mui [2010.06.15 03:15:59 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerId.sys.mui [2010.06.15 03:15:59 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\acpi.sys.mui [2010.06.15 03:15:59 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\battc.sys.mui [2010.06.15 03:15:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthport.sys.mui [2010.06.15 03:15:59 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\de-DE\atikmdag.sys.mui [2010.06.15 03:15:59 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\UAGP35.SYS.mui [2010.06.15 03:15:59 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\GAGP30KX.SYS.mui [2010.06.15 03:15:59 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\BTHUSB.SYS.mui [2010.06.15 03:15:59 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrParwdm.sys.mui [2010.06.15 03:15:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthenum.sys.mui [2010.06.15 03:13:33 | 000,000,000 | R--D | C] -- C:\Users\Simone\Searches [2010.06.15 03:13:20 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Roaming\Identities [2010.06.15 03:13:16 | 000,000,000 | R--D | C] -- C:\Users\Simone\Contacts [2010.06.15 03:13:01 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\VirtualStore [2010.06.15 03:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Simone\AppData\Local\Temporary Internet Files [2010.06.15 03:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Simone\Templates [2010.06.15 03:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Simone\Start Menu [2010.06.15 03:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Simone\SendTo [2010.06.15 03:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Simone\Recent [2010.06.15 03:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Simone\PrintHood [2010.06.15 03:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Simone\NetHood [2010.06.15 03:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Simone\Documents\My Videos [2010.06.15 03:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Simone\Documents\My Pictures [2010.06.15 03:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Simone\Documents\My Music [2010.06.15 03:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Simone\My Documents [2010.06.15 03:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Simone\Local Settings [2010.06.15 03:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Simone\AppData\Local\History [2010.06.15 03:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Simone\Cookies [2010.06.15 03:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Simone\Application Data [2010.06.15 03:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Simone\AppData\Local\Application Data [2010.06.15 03:12:49 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\Temp [2010.06.15 03:12:49 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\Microsoft [2010.06.15 03:12:49 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Roaming\Media Center Programs [2010.06.15 03:12:48 | 000,000,000 | --SD | C] -- C:\Users\Simone\AppData\Roaming\Microsoft [2010.06.15 03:12:48 | 000,000,000 | R--D | C] -- C:\Users\Simone\Videos [2010.06.15 03:12:48 | 000,000,000 | R--D | C] -- C:\Users\Simone\Saved Games [2010.06.15 03:12:48 | 000,000,000 | R--D | C] -- C:\Users\Simone\Pictures [2010.06.15 03:12:48 | 000,000,000 | R--D | C] -- C:\Users\Simone\Music [2010.06.15 03:12:48 | 000,000,000 | R--D | C] -- C:\Users\Simone\Links [2010.06.15 03:12:48 | 000,000,000 | R--D | C] -- C:\Users\Simone\Favorites [2010.06.15 03:12:48 | 000,000,000 | R--D | C] -- C:\Users\Simone\Downloads [2010.06.15 03:12:48 | 000,000,000 | R--D | C] -- C:\Users\Simone\Documents [2010.06.15 03:12:48 | 000,000,000 | R--D | C] -- C:\Users\Simone\Desktop [2010.06.15 03:12:48 | 000,000,000 | -H-D | C] -- C:\Users\Simone\AppData [2010.06.15 03:08:09 | 000,000,000 | -HSD | C] -- C:\Recovery [2010.06.15 02:56:00 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010.06.15 02:53:48 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010.06.15 02:52:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010.06.04 11:55:48 | 000,224,240 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys [2010.06.01 19:00:52 | 000,278,288 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll [2010.06.01 19:00:14 | 000,075,944 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys [2010.06.01 19:00:14 | 000,030,112 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys [2010.06.01 19:00:12 | 000,016,744 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys ========== Files - Modified Within 30 Days ========== [2010.06.20 20:12:19 | 001,048,576 | -HS- | M] () -- C:\Users\Simone\NTUSER.DAT [2010.06.20 20:02:58 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat [2010.06.20 19:52:08 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.06.20 19:43:08 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.20 19:31:01 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1410707162-3903787834-214492373-1001UA.job [2010.06.20 17:32:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.20 16:41:15 | 002,898,718 | -H-- | M] () -- C:\Users\Simone\AppData\Local\IconCache.db [2010.06.20 16:38:59 | 001,720,705 | ---- | M] () -- C:\Users\Simone\Desktop\McafeeRootkitDetective_1.1.zip [2010.06.20 16:36:12 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Simone\Desktop\mbam-setup-1.45.exe [2010.06.20 13:31:07 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1410707162-3903787834-214492373-1001Core.job [2010.06.20 04:46:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job [2010.06.19 15:35:48 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2010.06.19 15:35:42 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2010.06.19 09:09:09 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.19 09:09:09 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.19 09:03:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.19 09:03:23 | 796,897,280 | -HS- | M] () -- C:\hiberfil.sys [2010.06.18 13:32:20 | 000,000,914 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2010.06.17 19:38:46 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.17 19:38:46 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.17 19:38:46 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.17 19:38:46 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.17 19:38:46 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.17 18:15:25 | 000,001,193 | ---- | M] () -- C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010.06.17 17:04:16 | 000,289,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.15 12:54:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf [2010.06.15 12:46:50 | 000,002,091 | ---- | M] () -- C:\Users\Public\Desktop\Xtreme Surround System.lnk [2010.06.15 12:40:54 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll [2010.06.15 12:37:27 | 000,001,075 | ---- | M] () -- C:\Users\Simone\Desktop\CyberLink YouCam.lnk [2010.06.15 12:07:07 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk [2010.06.15 11:33:53 | 002,333,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll [2010.06.15 11:33:33 | 000,067,072 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\DaisyWrp.dll [2010.06.15 09:35:05 | 000,062,952 | ---- | M] () -- C:\Users\Simone\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.15 03:50:40 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk [2010.06.15 03:45:31 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2010.06.15 03:43:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.06.15 03:43:42 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.06.15 03:43:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.06.15 03:43:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.06.15 03:42:15 | 000,001,831 | ---- | M] () -- C:\Users\Simone\Desktop\CCleaner.lnk [2010.06.15 03:41:03 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.06.15 03:37:43 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2010.06.15 03:32:16 | 000,002,318 | ---- | M] () -- C:\Users\Simone\Desktop\Google Chrome.lnk [2010.06.15 03:30:36 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.06.15 03:26:11 | 000,524,288 | -HS- | M] () -- C:\Users\Simone\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010.06.15 03:26:11 | 000,524,288 | -HS- | M] () -- C:\Users\Simone\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.06.15 03:26:11 | 000,065,536 | -HS- | M] () -- C:\Users\Simone\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.06.15 03:22:57 | 000,295,922 | ---- | M] () -- C:\Windows\System32\perfi007.dat [2010.06.15 03:22:57 | 000,038,104 | ---- | M] () -- C:\Windows\System32\perfd007.dat [2010.06.15 03:12:50 | 000,000,020 | -HS- | M] () -- C:\Users\Simone\ntuser.ini [2010.06.15 02:58:22 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf [2010.06.15 02:55:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.06.04 11:55:48 | 000,224,240 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys [2010.06.01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll [2010.06.01 19:00:14 | 000,075,944 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys [2010.06.01 19:00:14 | 000,030,112 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys [2010.06.01 19:00:12 | 000,016,744 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys [2010.05.27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.05.27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll ========== Files Created - No Company Name ========== [2010.06.20 16:38:50 | 001,720,705 | ---- | C] () -- C:\Users\Simone\Desktop\McafeeRootkitDetective_1.1.zip [2010.06.19 15:35:48 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2010.06.18 15:35:28 | 796,897,280 | -HS- | C] () -- C:\hiberfil.sys [2010.06.17 21:07:18 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2010.06.17 18:15:25 | 000,001,193 | ---- | C] () -- C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010.06.16 20:37:12 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.16 20:36:56 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.06.16 20:24:11 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\Driver Fetch.job [2010.06.15 12:54:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf [2010.06.15 12:52:53 | 000,000,914 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2010.06.15 12:46:50 | 000,002,091 | ---- | C] () -- C:\Users\Public\Desktop\Xtreme Surround System.lnk [2010.06.15 12:27:27 | 000,001,075 | ---- | C] () -- C:\Users\Simone\Desktop\CyberLink YouCam.lnk [2010.06.15 12:07:07 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk [2010.06.15 03:52:47 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat [2010.06.15 03:50:40 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk [2010.06.15 03:45:31 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2010.06.15 03:42:15 | 000,001,831 | ---- | C] () -- C:\Users\Simone\Desktop\CCleaner.lnk [2010.06.15 03:41:03 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.06.15 03:37:43 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2010.06.15 03:32:16 | 000,002,318 | ---- | C] () -- C:\Users\Simone\Desktop\Google Chrome.lnk [2010.06.15 03:31:44 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1410707162-3903787834-214492373-1001UA.job [2010.06.15 03:31:43 | 000,001,070 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1410707162-3903787834-214492373-1001Core.job [2010.06.15 03:30:36 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.06.15 03:24:53 | 000,643,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.06.15 03:24:53 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.06.15 03:24:53 | 000,126,394 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.06.15 03:24:53 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.06.15 03:12:50 | 000,000,020 | -HS- | C] () -- C:\Users\Simone\ntuser.ini [2010.06.15 03:12:49 | 000,524,288 | -HS- | C] () -- C:\Users\Simone\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010.06.15 03:12:49 | 000,524,288 | -HS- | C] () -- C:\Users\Simone\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.06.15 03:12:49 | 000,262,144 | -HS- | C] () -- C:\Users\Simone\ntuser.dat.LOG1 [2010.06.15 03:12:49 | 000,065,536 | -HS- | C] () -- C:\Users\Simone\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.06.15 03:12:49 | 000,000,000 | -HS- | C] () -- C:\Users\Simone\ntuser.dat.LOG2 [2010.06.15 03:12:48 | 001,048,576 | -HS- | C] () -- C:\Users\Simone\NTUSER.DAT [2010.06.15 02:55:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2008.10.08 10:31:40 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.09.05 10:08:14 | 000,022,528 | ---- | C] () -- C:\Windows\System32\drivers\WOWFilter.sys [2008.09.05 10:08:12 | 000,044,288 | ---- | C] () -- C:\Windows\System32\drivers\TSXT_kern_i386.sys [2007.12.21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.06.16 22:37:28 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Adobe [2010.06.15 03:13:20 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Identities [2010.06.15 12:48:27 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\InstallShield [2010.06.15 03:46:53 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Macromedia [2009.07.14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Media Center Programs [2010.06.15 16:15:08 | 000,000,000 | --SD | M] -- C:\Users\Simone\AppData\Roaming\Microsoft [2010.06.15 03:55:34 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Mozilla [2010.06.17 18:14:13 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\OpenOffice.org [2010.06.15 12:46:49 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\SRSCPL [2010.06.15 13:54:51 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Winamp [2010.06.15 12:07:20 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\Simone\Documents\DriverGenius\Backup\Driver Backup 6-17-2010-21747\IDE Channel#1\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\Simone\Documents\DriverGenius\Backup\Driver Backup 6-17-2010-21747\IDE Channel\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\Simone\Documents\DriverGenius\Backup\Driver Backup 6-17-2010-21747\Intel(R) 82801GBM GHM (ICH7-M Family) Serial ATA Storage Controller - 27C4\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > einmal die OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.06.2010 20:00:41 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Simone\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.013,00 Mb Total Physical Memory | 404,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 50,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,01 Gb Total Space | 36,69 Gb Free Space | 74,86% Space Free | Partition Type: NTFS
Drive D: | 100,04 Gb Total Space | 48,56 Gb Free Space | 48,54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SIMONE-PC
Current User Name: Simone
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1410707162-3903787834-214492373-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Simone\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28F39401-7ED4-43D7-AE2D-DBA4368BE3A8}" = WOW HD and TSXT Filter Driver
"{2B3ADDDE-6841-4D5B-A655-CFB6C832430B}" = IP Operator
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}" = REALTEK Wireless LAN Driver
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1410707162-3903787834-214492373-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.06.2010 14:38:38 | Computer Name = Simone-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Qlk.exe, Version: 0.0.0.0, Zeitstempel:
0x4c06312c Name des fehlerhaften Moduls: Qlk.exe, Version: 0.0.0.0, Zeitstempel:
0x4c06312c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00015aa5 ID des fehlerhaften Prozesses:
0x1208 Startzeit der fehlerhaften Anwendung: 0x01cb0d82e258c9c8 Pfad der fehlerhaften
Anwendung: C:\Users\Simone\AppData\Local\Temp\Qlk.exe Pfad des fehlerhaften Moduls:
C:\Users\Simone\AppData\Local\Temp\Qlk.exe Berichtskennung: 6079b036-7976-11df-8dfa-002185e96705
Error - 16.06.2010 14:55:56 | Computer Name = Simone-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 0.0.0.0, Zeitstempel:
0x4c05deaa Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x11c4 Startzeit der fehlerhaften Anwendung: 0x01cb0d842a4c5087 Pfad der fehlerhaften
Anwendung: C:\Users\Simone\AppData\Local\Google\Chrome\Application\chrome.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: cb456657-7978-11df-8dfa-002185e96705
Error - 16.06.2010 15:07:22 | Computer Name = Simone-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 0.0.0.0, Zeitstempel:
0x4c05deaa Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0xc9c Startzeit der fehlerhaften Anwendung: 0x01cb0d87201e41e7 Pfad der fehlerhaften
Anwendung: C:\Users\Simone\AppData\Local\Google\Chrome\Application\chrome.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 63e4e478-797a-11df-8dfa-002185e96705
Error - 16.06.2010 16:43:58 | Computer Name = Simone-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SynTPEnh.exe, Version: 10.2.3.0,
Zeitstempel: 0x4787c108 Name des fehlerhaften Moduls: SynTPEnh.exe, Version: 10.2.3.0,
Zeitstempel: 0x4787c108 Ausnahmecode: 0xc0000409 Fehleroffset: 0x000297cc ID des fehlerhaften
Prozesses: 0x1714 Startzeit der fehlerhaften Anwendung: 0x01cb0d946bcc14fd Pfad der
fehlerhaften Anwendung: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Berichtskennung: e2a65642-7987-11df-8dfa-002185e96705
Error - 17.06.2010 13:43:44 | Computer Name = Simone-PC | Source = VSS | ID = 8193
Description =
Error - 17.06.2010 15:06:03 | Computer Name = Simone-PC | Source = VSS | ID = 8193
Description =
Error - 17.06.2010 16:38:36 | Computer Name = Simone-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SynTPEnh.exe, Version: 10.2.3.0,
Zeitstempel: 0x4787c108 Name des fehlerhaften Moduls: SynTPEnh.exe, Version: 10.2.3.0,
Zeitstempel: 0x4787c108 Ausnahmecode: 0xc0000409 Fehleroffset: 0x000297cc ID des fehlerhaften
Prozesses: 0xaa0 Startzeit der fehlerhaften Anwendung: 0x01cb0e551871d174 Pfad der
fehlerhaften Anwendung: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Berichtskennung: 4d271b84-7a50-11df-971f-002185e96705
Error - 19.06.2010 03:06:00 | Computer Name = Simone-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 0.0.0.0, Zeitstempel:
0x4c05deaa Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x01c4e240 ID des fehlerhaften Prozesses:
0xfec Startzeit der fehlerhaften Anwendung: 0x01cb0f7dd9400495 Pfad der fehlerhaften
Anwendung: C:\Users\Simone\AppData\Local\Google\Chrome\Application\chrome.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 1d4136e9-7b71-11df-8dc5-002185e96705
Error - 19.06.2010 09:37:49 | Computer Name = Simone-PC | Source = Application Hang | ID = 1002
Description = Programm msnmsgr.exe, Version 14.0.8117.416 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: d7c Startzeit: 01cb0f7db0e2cec4 Endzeit: 172 Anwendungspfad:
C:\Program Files\Windows Live\Messenger\msnmsgr.exe Berichts-ID: beddd154-7ba7-11df-8dc5-002185e96705
Error - 19.06.2010 09:46:12 | Computer Name = Simone-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SynTPEnh.exe, Version: 10.2.3.0,
Zeitstempel: 0x4787c108 Name des fehlerhaften Moduls: SynTPEnh.exe, Version: 10.2.3.0,
Zeitstempel: 0x4787c108 Ausnahmecode: 0xc0000409 Fehleroffset: 0x000297cc ID des fehlerhaften
Prozesses: 0x5f4 Startzeit der fehlerhaften Anwendung: 0x01cb0f7d95618fde Pfad der
fehlerhaften Anwendung: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Berichtskennung: 054a3044-7ba9-11df-8dc5-002185e96705
[ System Events ]
Error - 18.06.2010 00:54:12 | Computer Name = Simone-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 18.06.2010 07:35:59 | Computer Name = Simone-PC | Source = DCOM | ID = 10010
Description =
Error - 18.06.2010 07:37:49 | Computer Name = Simone-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?06.?2010 um 13:35:57 unerwartet heruntergefahren.
Error - 18.06.2010 07:38:54 | Computer Name = Simone-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 18.06.2010 09:36:22 | Computer Name = Simone-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 18.06.2010 17:01:48 | Computer Name = Simone-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 19.06.2010 03:03:34 | Computer Name = Simone-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?06.?2010 um 01:41:20 unerwartet heruntergefahren.
Error - 19.06.2010 03:04:14 | Computer Name = Simone-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 20.06.2010 03:53:57 | Computer Name = Simone-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 20.06.2010 11:33:35 | Computer Name = Simone-PC | Source = DCOM | ID = 10010
Description =
< End of report >
und die 2te |
|
20.06.2010, 20:25
| #7 |
| /// Malware-holic | Comodo meldet die ganze zeit QLK.exe.. in sandbox ausfüren (glaube virus) du nutzt comodo security, ich denke also das ist auch mit antivirus, wenn ja, bitte deinstaliere avast. das kann sonst zu problemen führen! Fixen mit OTL • Starte bitte die OTL.exe. Vista-User mit Rechtsklick "als Administrator starten" • Kopiere nun das Folgende in die Textbox. :OTL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4 - HKU\S-1-5-21-1410707162-3903787834-214492373-1001..\Run: [M5T8QL3YW3] C:\Users\Simone\AppData\Local\Temp\Qll.exe File not found [2010.06.20 19:52:08 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.06.20 19:43:08 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Run Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten du hast Malwarebytes benutzt? dann öffne es mal, logdatien und poste die scan ergebnisse |
|
20.06.2010, 20:59
| #8 |
| | Comodo meldet die ganze zeit QLK.exe.. in sandbox ausfüren (glaube virus) All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_USERS\S-1-5-21-1410707162-3903787834-214492373-1001\Software\Microsoft\Windows\CurrentVersion\Run\\M5T8QL3YW3 deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully. C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Simone ->Flash cache emptied: 4269 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Simone ->Temp folder emptied: 53384179 bytes ->Temporary Internet Files folder emptied: 17443759 bytes ->Java cache emptied: 5396 bytes ->FireFox cache emptied: 45944251 bytes ->Google Chrome cache emptied: 351053133 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4013022 bytes RecycleBin emptied: 1863 bytes Total Files Cleaned = 450,00 mb OTL by OldTimer - Version 3.2.6.0 log created on 06202010_214449 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... Nach dem Neustart hat mein Comodo wieder diese QLK exe Geblockt ??? ist die dann immer noch da ??  Bild in Groß... hxxp://www.bilder-speicher.de/10062022870763.gratis-foto-hosting-page.html Geändert von angelbaby (20.06.2010 um 21:07 Uhr) Grund: bild einfügen |
|
21.06.2010, 07:51
| #9 |
| | Comodo meldet die ganze zeit QLK.exe.. in sandbox ausfüren (glaube virus) Guten Morgen Leider Will diese QLK exe noch immer starten sie hat auch namen qll und qlk... Ich weiß nun nicht was ich machen soll... Avast hab ich Deinstalliert. wie von euch gesagt . Lg angelbaby |
|
21.06.2010, 11:48
| #10 |
| /// Malware-holic | Comodo meldet die ganze zeit QLK.exe.. in sandbox ausfüren (glaube virus) jo, moment moment bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
21.06.2010, 14:43
| #11 |
| | Comodo meldet die ganze zeit QLK.exe.. in sandbox ausfüren (glaube virus) habe nach dieser anleitung unter dem Link versucht , dieses Prgramm zu instalieren er lässt sich nicht instalieren Instalation fehgelschlagen .. auch wenn ich rechtsklick drauf mache und als Admin ausführen mache .. habe Sogar Comodo aus machen Müssen weil Comodo die datei als Virus angesehen hatte .. habe gard eine error meldung bekommen Da steht Warnung es ist nicht sicher Weiter zu machen !! Der inhalt des Combofix anwendungspaketes wurde Komprimiert , Bitte lade eine Frische Version von Dann steht da ein Link Herunter NB Du bist Vieleicht mit einem Virus Infiziert der datein Modifieziert, bzw Infiziert "Virut" Geändert von angelbaby (21.06.2010 um 14:46 Uhr) Grund: info inzufügen |
|
21.06.2010, 14:46
| #12 |
| /// Malware-holic | Comodo meldet die ganze zeit QLK.exe.. in sandbox ausfüren (glaube virus) du hast combofix versucht auszuführen oder wie? kannst du es mal im abgesicherten modus versuchen, ist meist beim pc start die f8-taste drücken und abgesicherter modus wählen. wenn das nicht klappt, gib erst mal die genaue fehlermeldung. |
|
21.06.2010, 14:55
| #13 |
| | Comodo meldet die ganze zeit QLK.exe.. in sandbox ausfüren (glaube virus) ok Melde mich wieder wenn ich es im Abgesicherten Modus Versucht habe |
|
21.06.2010, 15:24
| #14 |
| | Comodo meldet die ganze zeit QLK.exe.. in sandbox ausfüren (glaube virus) Im abgesicherten Modus war alles ok hat er Combofix ganz normal Gestartet Combofix Logfile: Code:
ATTFilter ComboFix 10-06-20.06 - Simone 21.06.2010 16:03:16.1.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1033.18.1013.541 [GMT 2:00]
ausgeführt von:: c:\users\Simone\Downloads\ComboFix.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-05-21 bis 2010-06-21 ))))))))))))))))))))))))))))))
.
2010-06-21 14:11 . 2010-06-21 14:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-21 14:01 . 2010-06-21 14:01 -------- d-----w- C:\32788R22FWJFW
2010-06-20 19:44 . 2010-06-20 19:44 -------- d-----w- C:\_OTL
2010-06-19 13:33 . 2010-06-19 13:33 -------- d-----w- c:\programdata\Alwil Software
2010-06-19 13:33 . 2010-06-19 13:33 -------- d-----w- c:\program files\Alwil Software
2010-06-18 23:34 . 2009-07-14 01:19 245328 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-06-17 21:15 . 2010-06-17 21:15 -------- d-----w- c:\users\Simone\AppData\Local\COMODO
2010-06-17 19:07 . 2010-06-17 19:09 -------- d-----w- c:\program files\REALTEK RTL8187SE Wireless LAN Driver
2010-06-17 19:07 . 2009-02-05 00:49 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
2010-06-17 16:14 . 2010-06-17 16:14 1 ----a-w- c:\users\Simone\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-17 16:14 . 2010-06-17 16:14 -------- d-----w- c:\users\Simone\AppData\Roaming\OpenOffice.org
2010-06-16 20:37 . 2010-06-16 20:39 -------- d-----w- c:\users\Simone\AppData\Local\Adobe
2010-06-16 20:03 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-06-16 19:32 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-06-16 19:12 . 2010-06-17 19:03 -------- d--h--w- c:\program files\Temp
2010-06-16 18:56 . 2010-06-16 18:56 -------- d-----w- c:\windows\system32\Lang
2010-06-16 18:56 . 2009-10-19 13:57 1002008 ----a-w- c:\windows\system32\igxpun.exe
2010-06-16 18:23 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-16 18:23 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-06-16 18:23 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-06-16 18:23 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-06-16 18:23 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-06-16 18:23 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-06-16 18:20 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-06-16 18:20 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-06-16 18:20 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-06-16 18:20 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-06-16 18:20 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-06-16 18:20 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-06-16 18:20 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-06-16 18:20 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-06-16 18:20 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-16 18:20 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-16 18:20 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-06-15 14:15 . 2010-06-20 21:19 -------- d-----w- c:\users\Simone\Tracing
2010-06-15 14:09 . 2010-06-15 14:09 -------- d-----w- c:\program files\Microsoft
2010-06-15 14:08 . 2010-06-15 14:08 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-06-15 14:07 . 2010-06-15 14:08 -------- d-----w- c:\program files\Windows Live
2010-06-15 14:06 . 2010-06-15 14:06 -------- d-----w- c:\windows\PCHEALTH
2010-06-15 14:04 . 2010-06-15 14:04 -------- d-----w- c:\program files\Common Files\Windows Live
2010-06-15 11:50 . 2010-06-15 11:50 -------- d-----w- c:\programdata\CyberLink
2010-06-15 10:58 . 2010-06-15 10:58 -------- d-----w- c:\users\Simone\AppData\Local\Toshiba
2010-06-15 10:54 . 2010-06-15 10:54 -------- d-----w- c:\program files\Synaptics
2010-06-15 10:50 . 2010-06-15 10:50 -------- d-----w- c:\program files\Toshiba
2010-06-15 10:48 . 2010-06-15 10:48 -------- d-----w- c:\users\Simone\AppData\Roaming\InstallShield
2010-06-15 10:48 . 2010-06-15 01:11 -------- d-----w- c:\windows\Panther
2010-06-15 10:46 . 2010-06-15 10:46 -------- d-----w- c:\users\Simone\AppData\Roaming\SRSCPL
2010-06-15 10:46 . 2010-06-15 10:46 -------- d-----w- c:\program files\SRS Labs
2010-06-15 10:40 . 2010-06-15 10:40 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-06-15 10:40 . 2010-06-15 09:33 2333728 ----a-w- c:\windows\system32\RtkAPO.dll
2010-06-15 10:40 . 2010-06-15 09:33 67072 ----a-w- c:\windows\system32\DaisyWrp.dll
2010-06-15 10:37 . 2010-06-15 10:37 -------- d-----w- C:\VritualRoot
2010-06-15 10:33 . 2010-06-15 10:33 -------- d-----w- c:\program files\BIOSUPDATE
2010-06-15 10:30 . 2008-04-03 15:38 15232 ----a-w- c:\windows\system32\drivers\Ndisipo.sys
2010-06-15 10:30 . 2010-06-15 10:30 -------- d-----w- c:\program files\LG Software
2010-06-15 10:27 . 2010-06-15 10:27 -------- d-----w- C:\Intel
2010-06-15 10:27 . 2010-06-17 19:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-15 10:25 . 2010-06-15 10:27 -------- d-----w- c:\program files\CyberLink
2010-06-15 10:24 . 2010-06-15 10:23 36864 ----a-w- c:\programdata\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2010-06-15 10:07 . 2009-11-26 10:15 -------- d-----w- c:\program files\Windows 7 Loader 1.7.7 by Daz
2010-06-15 07:35 . 2010-06-15 14:08 -------- d-----w- c:\users\Simone\AppData\Local\Microsoft Games
2010-06-15 01:55 . 2010-06-15 01:55 -------- d-----w- c:\users\Simone\AppData\Local\Mozilla
2010-06-15 01:53 . 2010-06-15 01:54 -------- d-----w- c:\programdata\COMODO
2010-06-15 01:52 . 2010-06-21 13:59 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-06-15 01:50 . 2010-06-15 01:50 -------- d-----w- c:\program files\COMODO
2010-06-15 01:49 . 2010-06-15 01:49 -------- d-----w- c:\programdata\Comodo Downloader
2010-06-15 01:46 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-15 01:45 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-06-15 01:45 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-06-15 01:44 . 2010-06-15 01:44 -------- d-----w- c:\program files\Winamp Detect
2010-06-15 01:44 . 2010-06-15 01:44 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-06-15 01:44 . 2010-06-20 21:23 -------- d-----w- c:\users\Simone\AppData\Roaming\Winamp
2010-06-15 01:44 . 2010-06-15 01:45 -------- d-----w- c:\program files\Winamp
2010-06-15 01:44 . 2010-06-15 01:44 -------- d-----w- c:\program files\Common Files\Java
2010-06-15 01:43 . 2010-06-15 01:43 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-15 01:43 . 2010-06-15 01:43 -------- d-----w- c:\program files\Java
2010-06-15 01:42 . 2010-06-15 01:42 -------- d-----w- c:\windows\system32\Macromed
2010-06-15 01:42 . 2010-06-15 01:42 -------- d-----w- c:\program files\CCleaner
2010-06-15 01:40 . 2010-06-15 01:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-15 01:36 . 2010-06-15 01:37 -------- d-----w- c:\program files\OpenOffice.org 3
2010-06-15 01:35 . 2010-06-19 13:35 -------- d-sh--w- c:\windows\Installer
2010-06-15 01:31 . 2010-06-15 01:32 -------- d-----w- c:\users\Simone\AppData\Local\Google
2010-06-15 01:31 . 2010-06-15 07:35 62952 ----a-w- c:\users\Simone\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-15 01:31 . 2010-06-15 01:31 -------- d-----w- c:\users\Simone\AppData\Local\Deployment
2010-06-15 01:31 . 2010-06-15 01:31 -------- d-----w- c:\users\Simone\AppData\Local\Apps
2010-06-15 01:24 . 2010-06-17 17:38 643866 ----a-w- c:\windows\system32\perfh007.dat
2010-06-15 01:24 . 2010-06-17 17:38 126394 ----a-w- c:\windows\system32\perfc007.dat
2010-06-15 01:24 . 2010-06-15 01:22 38104 ----a-w- c:\windows\system32\perfd007.dat
2010-06-15 01:24 . 2010-06-15 01:22 295922 ----a-w- c:\windows\system32\perfi007.dat
2010-06-15 01:23 . 2010-06-15 01:23 -------- d-----w- c:\windows\de-DE
2010-06-15 01:23 . 2010-06-15 01:23 -------- d-----w- c:\windows\system32\XPSViewer
2010-06-15 01:23 . 2010-06-15 01:23 -------- d-----w- c:\windows\system32\0407
2010-06-15 01:23 . 2010-06-15 01:23 -------- d-----w- c:\windows\system32\drivers\de-DE
2010-06-15 01:23 . 2010-06-15 01:23 -------- d-----w- c:\windows\system32\de
2010-06-15 01:23 . 2010-06-15 01:23 -------- d-----w- c:\windows\system32\wbem\de-DE
2010-06-15 01:23 . 2010-06-15 01:23 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\de-DE
2010-06-15 01:13 . 2010-06-15 11:44 -------- d-----w- c:\users\Simone\AppData\Local\VirtualStore
2010-06-15 01:11 . 2010-06-17 17:38 -------- d-----w- c:\windows\system32\wbem\Performance
2010-06-15 01:09 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-06-15 01:09 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-06-15 01:08 . 2010-06-15 01:08 -------- d-----w- C:\Recovery
2010-06-04 09:55 . 2010-06-04 09:55 224240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-01 17:00 . 2010-06-01 17:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-01 17:00 . 2010-06-01 17:00 75944 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-01 17:00 . 2010-06-01 17:00 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-01 17:00 . 2010-06-01 17:00 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-17 15:01 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-06-15 10:54 . 2010-06-15 10:54 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-06-15 01:23 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-06-15 01:23 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-06-15 01:23 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-06-15 01:23 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-06-15 01:23 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-06-15 01:22 . 2010-06-15 01:23 38104 ----a-w- c:\windows\inf\PERFLIB\0407\perfd.dat
2010-06-15 01:22 . 2010-06-15 01:23 38104 ----a-w- c:\windows\inf\PERFLIB\0407\perfc.dat
2010-06-15 01:22 . 2010-06-15 01:23 295922 ----a-w- c:\windows\inf\PERFLIB\0407\perfi.dat
2010-06-15 01:22 . 2010-06-15 01:23 295922 ----a-w- c:\windows\inf\PERFLIB\0407\perfh.dat
2010-06-15 00:55 . 2010-06-15 00:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-21 05:18 . 2010-06-16 18:21 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-01 14:49 . 2010-06-16 18:22 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 07:13 . 2010-06-16 18:21 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\27901\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\1887\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\27901\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\1887\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\27901\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\27901\AcrobatUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\1887\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\1887\AcrobatUpdater.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Simone\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-15 136176]
"SRSTrayApp"="c:\program files\SRS Labs\WOWHD and TSXT Driver\SRSTrayApp.exe" [2008-09-05 241664]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 51712]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-08 1033512]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\program files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe [2008-09-05 69632]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\wowfilter.sys [2008-09-05 22528]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2010-06-01 16744]
.
Inhalt des "geplante Tasks" Ordners
2010-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1410707162-3903787834-214492373-1001Core.job
- c:\users\Simone\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-15 01:31]
2010-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1410707162-3903787834-214492373-1001UA.job
- c:\users\Simone\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-15 01:31]
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\zdv0nex9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\users\Simone\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-RunOnce-<NO NAME> - (no file)
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(736)
c:\windows\system32\TosBtExt.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
.
Zeit der Fertigstellung: 2010-06-21 16:17:04
ComboFix-quarantined-files.txt 2010-06-21 14:17
Vor Suchlauf: 8 Verzeichnis(se), 39.450.533.888 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 39.303.475.200 Bytes frei
- - End Of File - - 93261063A154CE74BB558C14AAC6A376
|
|
21.06.2010, 15:41
| #15 |
| /// Malware-holic | Comodo meldet die ganze zeit QLK.exe.. in sandbox ausfüren (glaube virus) download mal malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. registerkarte scanner, komplett scan, funde löschen log posten. |
|
| Themen zu Comodo meldet die ganze zeit QLK.exe.. in sandbox ausfüren (glaube virus) |
| befinden, comodo, datei, exe, firewall, forum, geblockt, gefunde, glaube, google, java, lange, melde, meldet, namen, nennt, netbook, ordner, problem, sandbox, script, seite, suche, virus, von selbst, zufällig |
