| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: MS Removal ToolWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
11.04.2011, 16:33
| #1 |
| Gesperrt |  MS Removal Tool Hallo zusammen, erstmal das Malwarebytes-Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6333
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005
11.04.2011 17:28:56
mbam-log-2011-04-11 (17-28-56).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 112686
Laufzeit: 17 Minute(n), 15 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 15
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hIj28258lHaFl28258 (Rogue.MSRemovalTool) -> Value: hIj28258lHaFl28258 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B922D405-6D13-4A2B-AE89-08A030DA4402}\COMPONENTS\PDFFORGETOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: PDFFORGETOOLBARFF.DLL -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\programdata\hij28258lhafl28258\hij28258lhafl28258.exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{b922d405-6d13-4a2b-ae89-08a030da4402}\components\pdfforgetoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\33A6.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\686t20g1.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\6ntecle7.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\7cc2opx4.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\9iyywc9v.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\aysdte0o.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\j5pepkrl.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\kf1khc1s.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\pnakgqu0.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\qtpd76jb.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\v7tt5gb1.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\LocalLow\Sun\Java\deployment\cache\6.0\3\11cfa543-3992d1eb (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc24452392.txt (Trojan.Hiloti) -> Quarantined and deleted successfully.
OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.04.2011 17:32:43 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\*\Voreingestellte Ordner\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,17 Gb Total Space | 441,46 Gb Free Space | 76,62% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 8,84 Gb Free Space | 44,23% Space Free | Partition Type: FAT32 Drive H: | 2,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive I: | 3,73 Gb Total Space | 0,54 Gb Free Space | 14,44% Space Free | Partition Type: FAT32 Computer Name: *-PCMENG | User Name: * | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*\Voreingestellte Ordner\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\*\Voreingestellte Ordner\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (CGVPNCliSrvc) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe () SRV - (TVGOnlineUpdateSvc) -- C:\Programme\TVG\OnlineUpdate\OnlineUpdateSvc.exe () SRV - (AdobeActiveFileMonitor8.0) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin) DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin) DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ahcix86s) -- C:\Windows\system32\DRIVERS\ahcix86s.sys (Advanced Micro Devices, Inc) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH) DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH) DRV - (amdide) -- C:\Windows\system32\DRIVERS\amdide.sys (Advanced Micro Devices) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation) DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation) DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi-sued.de/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi-sued.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.test-wasser.de/piwik/index.php?module=CoreHome&action=index&date=2010-08-03&period=day&idSite=40 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61838 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.de/ig" FF - prefs.js..extensions.enabledItems: seostatus@rubyweb:1.5.7 FF - prefs.js..extensions.enabledItems: webrank-toolbar@probcomp.com:3.1 FF - prefs.js..extensions.enabledItems: {D73AD7EE-96ED-49B4-A9B7-DD94F154813D}:1.9.1 FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=18e19fc0000000000000bc05430013f4&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.gopher_port: 80 FF - prefs.js..network.proxy.http_port: 8000 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl_port: 80 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.11 15:34:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.11 15:34:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.08 17:18:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () [2010.07.21 09:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions [2010.07.21 09:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.11 17:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\kt93lppj.default\extensions [2010.07.27 10:04:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\kt93lppj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.30 10:03:41 | 000,000,000 | ---D | M] (SEO Status PageRank/Alexa Toolbar) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\kt93lppj.default\extensions\seostatus@rubyweb [2010.08.30 10:05:24 | 000,000,000 | ---D | M] (WebRank Toolbar) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\kt93lppj.default\extensions\webrank-toolbar@probcomp.com [2011.04.11 15:57:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.04 08:47:03 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009.09.03 15:49:32 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} [2009.09.03 15:49:33 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com [2011.04.11 14:14:26 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\*\APPDATA\LOCAL\{D73AD7EE-96ED-49B4-A9B7-DD94F154813D} [2009.05.30 01:20:07 | 000,535,840 | ---- | M] (iLinc Communications, Inc.) -- C:\Programme\Mozilla Firefox\plugins\NPCltInstall.dll [2011.04.11 15:34:05 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.04.11 15:34:05 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.04.11 15:34:06 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.04.11 15:34:06 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.04.11 15:34:06 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Corel Graphics Suite 1117] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation) O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\*\AppData\Local\Apps\2.0\HD0Z4920.JG8\7Y9M4GYD.9C7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [STAMPIT-Tray] C:\Programme\STAMPIT\Binary\STRAY.EXE (Deutsche Post AG) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.02.03 11:27:41 | 000,000,040 | R--- | M] () - H:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{0535049c-43ce-11e0-a48e-0025d325465b}\Shell - "" = AutoRun O33 - MountPoints2\{0535049c-43ce-11e0-a48e-0025d325465b}\Shell\AutoRun\command - "" = I:\pushinst.exe O33 - MountPoints2\{053504a0-43ce-11e0-a48e-0025d325465b}\Shell - "" = AutoRun O33 - MountPoints2\{053504a0-43ce-11e0-a48e-0025d325465b}\Shell\AutoRun\command - "" = I:\pushinst.exe O33 - MountPoints2\{278250a3-96ad-11de-a7bd-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{278250a3-96ad-11de-a7bd-806e6f6e6963}\Shell\AutoRun\command - "" = H:\menue.exe -- [2008.08.11 17:42:26 | 000,160,536 | R--- | M] () O33 - MountPoints2\{3ed125c6-ca9b-11de-bd94-002421b68ec4}\Shell - "" = AutoRun O33 - MountPoints2\{3ed125c6-ca9b-11de-bd94-002421b68ec4}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{3ed125d0-ca9b-11de-bd94-002421b68ec4}\Shell - "" = AutoRun O33 - MountPoints2\{3ed125d0-ca9b-11de-bd94-002421b68ec4}\Shell\AutoRun\command - "" = I:\pushinst.exe O33 - MountPoints2\{79f034ae-96b0-11de-b545-0025d325465b}\Shell - "" = AutoRun O33 - MountPoints2\{79f034ae-96b0-11de-b545-0025d325465b}\Shell\AutoRun\command - "" = I:\pushinst.exe O33 - MountPoints2\{8c30e776-13f3-11e0-9441-002421b68ec4}\Shell - "" = AutoRun O33 - MountPoints2\{8c30e776-13f3-11e0-9441-002421b68ec4}\Shell\AutoRun\command - "" = I:\pushinst.exe O33 - MountPoints2\{d836128d-4337-11e0-b354-002421b68ec4}\Shell - "" = AutoRun O33 - MountPoints2\{d836128d-4337-11e0-b354-002421b68ec4}\Shell\AutoRun\command - "" = I:\autorun.exe O33 - MountPoints2\{dfffc733-7520-11df-9f36-002421b68ec4}\Shell - "" = AutoRun O33 - MountPoints2\{dfffc733-7520-11df-9f36-002421b68ec4}\Shell\AutoRun\command - "" = I:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.11 16:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft [2011.04.11 16:48:06 | 000,000,000 | ---D | C] -- C:\Programme\GridinSoft Trojan Killer [2011.04.11 16:05:02 | 017,733,592 | ---- | C] (GridinSoft, Inc. ) -- C:\Users\*\Voreingestellte Ordner\Desktop\trojankiller2092-setup.exe [2011.04.11 15:58:03 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.04.11 14:34:10 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.04.11 14:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.04.11 14:33:36 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Users\*\Voreingestellte Ordner\Desktop\ccsetup305_1409.exe [2011.04.11 14:32:57 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes [2011.04.11 14:32:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.11 14:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.11 14:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.11 14:32:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.11 14:32:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.11 14:31:54 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\*\Voreingestellte Ordner\Desktop\mbam-setup-1.50.1.1100.exe [2011.04.11 14:30:37 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.04.11 14:14:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{D73AD7EE-96ED-49B4-A9B7-DD94F154813D} [2011.04.11 14:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\hIj28258lHaFl28258 [2011.04.08 07:50:32 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\DasTelefonbuch Gelbe Seiten Map&Route [2011.04.08 07:50:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\TVG [2011.04.08 07:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DasTelefonbuch Gelbe Seiten Map & Route [2011.04.08 07:45:53 | 000,000,000 | ---D | C] -- C:\Programme\TVG [2011.03.30 10:52:19 | 000,000,000 | ---D | C] -- C:\Users\*\Voreingestellte Ordner\Desktop\Ciao.it [2011.03.29 09:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis [2011.03.29 08:48:45 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Corel [2011.03.29 08:48:26 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Visual Studio 2008 [2011.03.29 08:46:22 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SDKs [2011.03.29 08:46:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 9.0 [2011.03.29 08:43:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Protexis [2011.03.29 08:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5 [2011.03.29 08:36:04 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar [2011.03.23 09:04:15 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.23 09:04:15 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.03.22 11:59:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\CyberLink [2011.03.22 11:47:55 | 000,000,000 | ---D | C] -- C:\Users\*\Voreingestellte Ordner\Desktop\gynefix2011 [2011.03.18 15:00:50 | 000,000,000 | ---D | C] -- C:\tmp ========== Files - Modified Within 30 Days ========== [2011.04.11 17:16:37 | 000,638,224 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.11 17:16:37 | 000,604,154 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.11 17:16:37 | 000,130,634 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.11 17:16:37 | 000,107,486 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.11 17:09:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.11 16:58:42 | 243,748,103 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.11 16:52:27 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.11 16:52:06 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.11 16:52:06 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.11 16:48:09 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2011.04.11 16:37:47 | 000,404,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.11 16:25:49 | 000,001,356 | ---- | M] () -- C:\Users\*\AppData\Local\d3d9caps.dat [2011.04.11 16:05:15 | 017,733,592 | ---- | M] (GridinSoft, Inc. ) -- C:\Users\*\Voreingestellte Ordner\Desktop\trojankiller2092-setup.exe [2011.04.11 15:25:02 | 000,000,130 | ---- | M] () -- C:\Users\*\Voreingestellte Ordner\Desktop\hosts-perm.bat [2011.04.11 15:20:56 | 001,006,778 | ---- | M] () -- C:\Users\*\Voreingestellte Ordner\Desktop\eXplorer.exe [2011.04.11 14:45:10 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.04.11 14:36:42 | 000,002,736 | ---- | M] () -- C:\Users\*\AppData\Roaming\CD06.5F3 [2011.04.11 14:32:31 | 000,012,800 | ---- | M] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.11 14:28:28 | 003,050,664 | ---- | M] (Piriform Ltd) -- C:\Users\*\Voreingestellte Ordner\Desktop\ccsetup305_1409.exe [2011.04.11 14:27:28 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\*\Voreingestellte Ordner\Desktop\mbam-setup-1.50.1.1100.exe [2011.04.11 14:14:27 | 000,000,120 | ---- | M] () -- C:\Users\*\AppData\Local\Yyikodusexuy.dat [2011.04.11 14:14:27 | 000,000,000 | ---- | M] () -- C:\Users\*\AppData\Local\Cmamevub.bin [2011.04.11 14:14:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.08 07:49:27 | 000,001,432 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeManager Terminerinnerung.lnk [2011.04.01 14:28:52 | 000,005,983 | ---- | M] () -- C:\Users\*\Voreingestellte Ordner\Desktop\PM Haarmineralanalyse Apotheker-1.odt [2011.04.01 14:28:30 | 000,006,457 | ---- | M] () -- C:\Users\*\Voreingestellte Ordner\Desktop\Haarmineralanalyse PM Endkunde.odt [2011.04.01 08:46:37 | 000,157,773 | ---- | M] () -- C:\Users\*\Voreingestellte Ordner\Desktop\Rechnung eMedical.pdf [2011.04.01 08:46:24 | 000,157,765 | ---- | M] () -- C:\Users\*\Voreingestellte Ordner\Desktop\Rechnung DHB.pdf [2011.03.21 11:26:41 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys ========== Files Created - No Company Name ========== [2011.04.11 16:48:09 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2011.04.11 15:35:55 | 000,000,130 | ---- | C] () -- C:\Users\*\Voreingestellte Ordner\Desktop\hosts-perm.bat [2011.04.11 15:26:19 | 001,006,778 | ---- | C] () -- C:\Users\*\Voreingestellte Ordner\Desktop\eXplorer.exe [2011.04.11 14:48:48 | 243,748,103 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.04.11 14:14:27 | 000,000,120 | ---- | C] () -- C:\Users\*\AppData\Local\Yyikodusexuy.dat [2011.04.11 14:14:27 | 000,000,000 | ---- | C] () -- C:\Users\*\AppData\Local\Cmamevub.bin [2011.04.11 14:12:36 | 000,002,736 | ---- | C] () -- C:\Users\*\AppData\Roaming\CD06.5F3 [2011.04.08 07:49:27 | 000,001,432 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeManager Terminerinnerung.lnk [2011.04.01 14:28:51 | 000,005,983 | ---- | C] () -- C:\Users\*\Voreingestellte Ordner\Desktop\PM Haarmineralanalyse Apotheker-1.odt [2011.04.01 14:28:29 | 000,006,457 | ---- | C] () -- C:\Users\*\Voreingestellte Ordner\Desktop\Haarmineralanalyse PM Endkunde.odt [2011.04.01 08:46:36 | 000,157,773 | ---- | C] () -- C:\Users\*\Voreingestellte Ordner\Desktop\Rechnung eMedical.pdf [2011.04.01 08:46:24 | 000,157,765 | ---- | C] () -- C:\Users\*\Voreingestellte Ordner\Desktop\Rechnung DHB.pdf [2011.02.22 09:20:09 | 000,000,293 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.02.07 13:31:06 | 000,001,356 | ---- | C] () -- C:\Users\*\AppData\Local\d3d9caps.dat [2010.10.25 13:07:38 | 000,000,055 | ---- | C] () -- C:\Users\*\AppData\Roaming\tigersetting.dll [2010.10.21 15:19:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2010.10.21 15:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2010.10.21 15:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2010.10.21 15:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2010.10.15 16:36:49 | 000,000,701 | ---- | C] () -- C:\Users\*\AppData\Roaming\init.dll [2010.10.15 16:36:49 | 000,000,006 | ---- | C] () -- C:\Users\*\AppData\Roaming\SYSTEM32.dll [2010.10.15 16:36:47 | 000,000,701 | ---- | C] () -- C:\Users\*\AppData\Roaming\sound.dll [2010.10.15 16:35:53 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL [2010.06.11 11:57:08 | 000,024,456 | ---- | C] () -- C:\Windows\System32\TALDM32A.dll [2010.06.11 11:57:06 | 000,052,616 | ---- | C] () -- C:\Windows\System32\TAL12832.DLL [2010.06.11 11:57:06 | 000,022,920 | ---- | C] () -- C:\Windows\System32\TALDM32.DLL [2010.06.11 11:56:58 | 000,255,368 | ---- | C] () -- C:\Windows\System32\SBSPAIN3.DLL [2010.06.11 11:56:54 | 000,075,656 | ---- | C] () -- C:\Windows\System32\ENCODE32.DLL [2010.05.11 09:35:41 | 001,503,232 | ---- | C] () -- C:\Windows\System32\ptj.exe [2010.05.11 09:35:41 | 001,103,360 | ---- | C] () -- C:\Windows\System32\cidfont.dll [2010.05.11 09:35:39 | 004,369,408 | ---- | C] () -- C:\Windows\System32\pdftk.exe [2010.05.11 09:35:39 | 000,235,008 | ---- | C] () -- C:\Windows\System32\office.exe [2010.04.19 14:59:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2010.04.19 14:59:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2009.09.22 11:05:36 | 011,194,368 | ---- | C] () -- C:\Windows\System32\ZHHP_RES.DLL [2009.09.22 11:05:35 | 000,352,256 | ---- | C] () -- C:\Windows\System32\zSHP2600.EXE [2009.09.03 15:49:10 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.09.03 15:14:32 | 000,000,819 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2009.09.03 15:14:32 | 000,000,160 | ---- | C] () -- C:\Windows\brpcfx.ini [2009.09.03 15:13:36 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2009.09.03 15:13:35 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2009.09.03 15:13:35 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2009.09.01 11:09:15 | 000,012,800 | ---- | C] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.01 07:16:57 | 000,016,070 | ---- | C] () -- C:\Windows\German2.ini [2009.09.01 07:16:56 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll [2009.09.01 07:16:56 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini [2009.09.01 06:55:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.09.01 06:55:13 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.09.01 06:55:11 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7320.DAT [2009.09.01 06:46:22 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2009.06.19 13:31:04 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2009.06.19 13:16:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.06.02 13:38:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.02 13:38:44 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL [2009.06.02 13:38:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.05.29 03:14:19 | 000,638,224 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.05.29 03:14:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.05.29 03:14:19 | 000,130,634 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.05.29 03:14:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.05.28 17:53:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.05.16 05:22:50 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.04.23 21:04:54 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.02.18 19:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009.02.03 22:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2008.07.09 17:23:10 | 000,042,296 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL [2008.07.09 17:23:06 | 000,050,488 | ---- | C] () -- C:\Windows\System32\SBSPAIN2.DLL [2008.02.21 00:44:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll [2007.06.27 08:00:00 | 000,749,568 | ---- | C] () -- C:\Windows\System32\AGISSI.DLL [2007.06.27 08:00:00 | 000,299,008 | ---- | C] () -- C:\Windows\System32\ZHHP2600.EXE [2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,404,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,154 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,486 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2004.08.09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI ========== LOP Check ========== [2011.04.01 09:35:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Babylon [2011.04.08 07:50:32 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DasTelefonbuch Gelbe Seiten Map&Route [2009.10.16 10:52:15 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DasTelefonbuch GelbeSeiten Map&Route [2011.02.22 12:09:52 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Lexware [2009.09.22 13:36:01 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PC-FAX TX [2010.06.10 08:38:15 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ProtectDisc [2010.07.21 09:49:01 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thunderbird [2009.10.16 10:52:15 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TVG [2011.02.28 15:17:55 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\XSManager [2010.10.25 13:07:58 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\YCanPDF [2011.04.11 15:22:31 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL 2 Extras: Code:
ATTFilter OTL Extras logfile created on: 11.04.2011 17:32:43 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\*\Voreingestellte Ordner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,17 Gb Total Space | 441,46 Gb Free Space | 76,62% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,84 Gb Free Space | 44,23% Space Free | Partition Type: FAT32
Drive H: | 2,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 3,73 Gb Total Space | 0,54 Gb Free Space | 14,44% Space Free | Partition Type: FAT32
Computer Name: *-PCMENG | User Name: * | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02168D5F-1DC9-408B-BBD6-15413069EFA8}" = rport=445 | protocol=6 | dir=out | app=system |
"{1816C5C5-8724-4346-BE7B-D6AD9BF9783F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{19D52958-82A0-49E5-A7D0-5B0ABB4D9BD5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{26ACDBF9-3F62-4039-88EE-BB5085D2F88B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2D24BB1B-45DA-427F-8BB2-57038C6114AE}" = rport=137 | protocol=17 | dir=out | app=system |
"{34394ECB-55D8-4365-9217-E4615BEACF8E}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |
"{43A7A43F-31CC-44BD-9190-A147717D727B}" = lport=445 | protocol=6 | dir=in | app=system |
"{5B3F1AB2-BB23-4042-96C6-A476F18F9B87}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5B6389CA-35AB-473D-92B9-89C2E6EAA4C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6DD9E58C-BBAA-4553-BC4D-4DD0B2713C49}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7D00B4AD-588A-436A-8B79-12425B3025ED}" = lport=139 | protocol=6 | dir=in | app=system |
"{8AC15729-7F19-4013-BC6E-CBD771A9C5CA}" = lport=138 | protocol=17 | dir=in | app=system |
"{8C5D1BC5-9FB9-4276-A322-4923AEF199A4}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{CEF1FEEE-D5DE-40AD-9C0E-44071CE655F7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D2E63D72-AF82-42DC-A99B-3E929AECE6FF}" = rport=138 | protocol=17 | dir=out | app=system |
"{DA29240B-DAAF-4C2F-85B3-BC5D63B1B76A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DF2F699D-4D4C-4048-9648-E8AD9AE80A21}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E79498D0-5688-47EF-8A90-E78CADFE044B}" = lport=137 | protocol=17 | dir=in | app=system |
"{E8C1978F-99EE-4385-937A-91DAEAD737F1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FBB36426-C494-4349-9A18-F4FB5AD91145}" = rport=139 | protocol=6 | dir=out | app=system |
"{FD64E035-E3FB-4751-874E-54DB333A668C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FF648C95-EC9A-4D63-8B34-494CB8154996}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BAB2950-412F-43AE-AE84-E6C26AE11CE2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{16D6CCB1-153E-4A96-8B18-4BE302EB0109}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{2305097D-4A25-4280-A20C-87D64AF4DA12}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{330176FD-B388-4FED-BDAB-7756D5024EEB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4074D7CD-E6F8-4492-BC0D-24849B906F80}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{7A37DCB4-3FB8-4963-85A7-D58CD1A69961}" = protocol=17 | dir=in | app=c:\users\*\appdata\local\apps\2.0\hd0z4920.jg8\7y9m4gyd.9c7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe |
"{84D28370-5E88-4676-9B18-F30073B5AFBC}" = protocol=6 | dir=in | app=c:\users\*\appdata\local\apps\2.0\hd0z4920.jg8\7y9m4gyd.9c7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe |
"{87F4EB7E-BE7A-4293-AB0F-A86DFD346F62}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8FCF42BB-913C-4422-9D0D-996090DAC2C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A1EB3616-7A10-400A-A81E-7BEFD43E9CB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ADDD1838-02E6-45C4-AC41-355D4A10D5D8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B31B51C3-20BD-40CA-B401-26B2FC0EAF12}" = protocol=17 | dir=in | app=c:\users\*\voreingestellte ordner\downloads\pdf_converter.exe |
"{B6F95F63-654B-4F70-889D-8D1C8DEC682E}" = protocol=6 | dir=in | app=c:\users\*\voreingestellte ordner\downloads\pdf_converter.exe |
"{BE29A264-0900-4C94-AB3B-F39194970FE1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CB08819A-3E73-4FE4-8B92-34E87B635332}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D769AD58-E721-499D-8C70-BC4B15F40737}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E2FF9E75-3AE5-424D-A546-BC85DFC736D4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{4FA8F3B5-A0D2-4AF9-88E7-C73082C60243}C:\program files\lan.fs\lan-fs.exe" = protocol=6 | dir=in | app=c:\program files\lan.fs\lan-fs.exe |
"TCP Query User{6BF648D6-8E76-44F8-A76C-95A1B8E2971E}C:\users\*\appdata\local\apps\2.0\hd0z4920.jg8\7y9m4gyd.9c7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\*\appdata\local\apps\2.0\hd0z4920.jg8\7y9m4gyd.9c7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe |
"TCP Query User{7D451E0A-17A0-4F65-84A9-825EA2DBF2AA}H:\setup.exe" = protocol=6 | dir=in | app=h:\setup.exe |
"UDP Query User{46D0DF17-3A0C-49E5-863B-15D41DE1514A}C:\users\*\appdata\local\apps\2.0\hd0z4920.jg8\7y9m4gyd.9c7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\*\appdata\local\apps\2.0\hd0z4920.jg8\7y9m4gyd.9c7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe |
"UDP Query User{B0EBE722-677E-431B-B01C-B040325BA9E5}C:\program files\lan.fs\lan-fs.exe" = protocol=17 | dir=in | app=c:\program files\lan.fs\lan-fs.exe |
"UDP Query User{CDE4E560-0E51-46BB-A448-9BF8E776FB68}H:\setup.exe" = protocol=17 | dir=in | app=h:\setup.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00BADC8E-0A5A-1C41-A4C2-ADE2B26B78EF}" = CCC Help German
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1E307673-A877-89FF-78DC-14EE9B90E36D}" = ATI Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A0EDB2D-F27C-DFDD-C17C-F2E4B05F503D}" = CCC Help French
"{321F2647-25B9-2909-E2F4-AC2770A358B9}" = Catalyst Control Center Graphics Full New
"{3429F980-7C10-BF80-84C0-06ACF39900CD}" = ccc-utility
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{383A2E3F-A462-1C60-7627-EFA7D3B140E7}" = CCC Help Finnish
"{398ED33A-6B97-9909-B91F-7A3ADEF08BEE}" = CCC Help Norwegian
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A567E16-3E64-39BB-0C07-8083E81D56F0}" = CCC Help Spanish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{437220AC-2A97-8338-E012-74B8DF30E9DA}" = Catalyst Control Center InstallProxy
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4C4DC88C-1C41-457C-BB14-9FAE6E3CEFBD}" = Lexware faktura+auftrag 2011
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1
"{519EDA51-1048-2879-8005-5EF3F3EE4A99}" = CCC Help Japanese
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{5235D305-3A25-35E0-C8F4-0D07325B5449}" = CCC Help Italian
"{5383EF8A-150E-4EAB-2C1D-C3135DE70368}" = Catalyst Control Center Core Implementation
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{849EF876-F6A3-B14F-7FBE-35264E4D84A0}" = Catalyst Control Center Graphics Previews Vista
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92D9E57D-73A5-4329-9888-FBBC16ED8944}_is1" = UN.CO.VER. 2.0
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FF070B4-7A62-FEB7-2673-68A58166C9D5}" = Catalyst Control Center Localization All
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AEM384L1-28E3-1232-1233-1JD74JDIEK32}_is1" = PDFTigerDriver
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B83AAFD3-D8DE-46CE-9351-70C21AC6704E}" = Stampit Home
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DC507BF5-66C7-B876-F564-0E60CB91D0DF}" = Catalyst Control Center Graphics Full Existing
"{DCB39D37-F1EC-EC0B-AC38-F3ECC9B5F55D}" = CCC Help Swedish
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE252510-5687-4C60-A705-C43E19F12C9D}_is1" = PDFTiger Kernel
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E1CEE7F9-90EF-19B9-75DE-8F8F2AA18131}" = Catalyst Control Center Graphics Light
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5DF3476-26A4-A39E-52E1-33FFD2D7FEED}" = CCC Help Danish
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E67038A6-1745-BFC1-65D5-01D833D8E932}" = ccc-core-static
"{E7F088E0-6B7F-896B-4337-FC1617514152}" = CCC Help English
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EF3D2EED-053B-9A14-B270-B62FB987EBC5}" = CCC Help Dutch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F98A9659-65D5-856C-A163-1304D8355F72}" = Skins
"{FBD3DDF9-38BD-4BBC-A135-A5F0DD7BA634}" = Deutsche Post Einlieferungslisten
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Babylon" = Babylon
"BabylonToolbar" = Babylon toolbar
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"DasTelefonbuch Gelbe Seiten Map & Route" = DasTelefonbuch Gelbe Seiten Map & Route
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"Local Area Network File Send 2_is1" = Local Area Network File Send Version 2.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"myBabylon_English Toolbar" = myBabylon English Toolbar
"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4
"PDFTiger_is1" = PDFTiger
"Picasa 3" = Picasa 3
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"uninstall.exe" = iLinc Client
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"web2date" = DATA BECKER shop to date 5
"WinLiveSuite_Wave3" = Windows Live Essentials
"XSManager" = XSManager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f6791b188d8f3ff8" = AVM FRITZ!Box USB-Fernanschluss
"pdfsam" = pdfsam
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.04.2011 09:02:01 | Computer Name = *-PCMeng | Source = WinMgmt | ID = 10
Description =
Error - 11.04.2011 09:15:51 | Computer Name = *-PCMeng | Source = WinMgmt | ID = 10
Description =
Error - 11.04.2011 09:20:04 | Computer Name = *-PCMeng | Source = WinMgmt | ID = 10
Description =
Error - 11.04.2011 09:21:01 | Computer Name = *-PCMeng | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.04.2011 09:21:01 | Computer Name = *-PCMeng | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.04.2011 11:00:19 | Computer Name = *-PCMeng | Source = WinMgmt | ID = 10
Description =
Error - 11.04.2011 11:00:54 | Computer Name = *-PCMeng | Source = EventSystem | ID = 4609
Description =
Error - 11.04.2011 11:10:09 | Computer Name = *-PCMeng | Source = EventSystem | ID = 4609
Description =
Error - 11.04.2011 11:10:43 | Computer Name = *-PCMeng | Source = WinMgmt | ID = 10
Description =
Error - 11.04.2011 11:21:52 | Computer Name = *-PCMeng | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ OSession Events ]
Error - 17.03.2011 09:23:02 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.03.2011 08:43:09 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16745
seconds with 900 seconds of active time. This session ended with a crash.
Error - 23.03.2011 08:30:28 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7922
seconds with 1080 seconds of active time. This session ended with a crash.
Error - 23.03.2011 08:31:59 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 51
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.03.2011 08:32:12 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.03.2011 08:33:16 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.03.2011 08:33:42 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.
Error - 25.03.2011 10:21:35 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 172
seconds with 60 seconds of active time. This session ended with a crash.
Error - 30.03.2011 04:54:40 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 87
seconds with 0 seconds of active time. This session ended with a crash.
Error - 08.04.2011 01:55:30 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 217
seconds with 180 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11.04.2011 11:00:56 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description =
Error - 11.04.2011 11:00:58 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description =
Error - 11.04.2011 11:00:59 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description =
Error - 11.04.2011 11:09:58 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description =
Error - 11.04.2011 11:10:09 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description =
Error - 11.04.2011 11:10:11 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description =
Error - 11.04.2011 11:10:12 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description =
Error - 11.04.2011 11:10:13 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description =
Error - 11.04.2011 11:10:43 | Computer Name = *-PCMeng | Source = Service Control Manager | ID = 7001
Description =
Error - 11.04.2011 11:10:43 | Computer Name = *-PCMeng | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
11.04.2011, 18:29
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | MS Removal Tool Wirst du hier zum Stammgast
__________________ oder ist das (wieder?) ein neuer (anderer) PC? 
__________________ |
|
11.04.2011, 19:36
| #3 |
| Gesperrt | MS Removal Tool Hallo cosinus,
__________________vielen Dank für deine schnelle Antwort. Es ist ein anderer PC. Liebe Grüße |
|
11.04.2011, 19:48
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MS Removal Tool Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.04.2011, 21:37
| #5 |
| Gesperrt | MS Removal Tool Folgen morgen früh, werden aber einige werden... So, dann legen wir mal los: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5363
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005
11.04.2011 14:40:57
mbam-log-2011-04-11 (14-40-57).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 175216
Laufzeit: 6 Minute(n), 7 Sekunde(n)
Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 7
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5
Infizierte Speicherprozesse:
c:\Users\*\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> 1196 -> Unloaded process successfully.
c:\Users\*\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> 1260 -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Xkudamisab (Trojan.Agent.U) -> Value: Xkudamisab -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vpohomuraranawif (Trojan.Agent.U) -> Value: Vpohomuraranawif -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\*\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\program files\pdfforge toolbar\pdfforgetoolbarie.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\ST301V.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\omuhaqevemi.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5363
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005
11.04.2011 14:54:02
mbam-log-2011-04-11 (14-54-02).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 167145
Laufzeit: 3 Minute(n), 38 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\*\AppData\Roaming\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5363
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005
11.04.2011 15:08:06
mbam-log-2011-04-11 (15-08-06).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 167177
Laufzeit: 3 Minute(n), 14 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6333
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005
11.04.2011 17:28:56
mbam-log-2011-04-11 (17-28-56).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 112686
Laufzeit: 17 Minute(n), 15 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 15
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hIj28258lHaFl28258 (Rogue.MSRemovalTool) -> Value: hIj28258lHaFl28258 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B922D405-6D13-4A2B-AE89-08A030DA4402}\COMPONENTS\PDFFORGETOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: PDFFORGETOOLBARFF.DLL -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\programdata\hij28258lhafl28258\hij28258lhafl28258.exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{b922d405-6d13-4a2b-ae89-08a030da4402}\components\pdfforgetoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\33A6.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\686t20g1.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\6ntecle7.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\7cc2opx4.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\9iyywc9v.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\aysdte0o.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\j5pepkrl.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\kf1khc1s.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\pnakgqu0.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\qtpd76jb.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\v7tt5gb1.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\LocalLow\Sun\Java\deployment\cache\6.0\3\11cfa543-3992d1eb (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc24452392.txt (Trojan.Hiloti) -> Quarantined and deleted successfully.
Ich mache jetzt nochmal einen kompletten Suchlauf und werde mich melden. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6340
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005
12.04.2011 09:54:17
mbam-log-2011-04-12 (09-54-17).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 358649
Laufzeit: 45 Minute(n), 29 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 22
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc24446339.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc130.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc137.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc141.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc151.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc158.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc164.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc173.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc219.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc239.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc253.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc29.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc30.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc56.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc61.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc74.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc78.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc79.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc81.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc87.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc89.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\voreingestellte ordner\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
|
|
12.04.2011, 11:19
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MS Removal Tool Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ --> MS Removal Tool |
|
12.04.2011, 11:39
| #7 |
| Gesperrt | MS Removal Tool Hallo, vielen Dank erstmal. Hier das Log: Code:
ATTFilter 2011/04/12 12:32:17.0771 1292 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/12 12:32:18.0036 1292 ================================================================================
2011/04/12 12:32:18.0036 1292 SystemInfo:
2011/04/12 12:32:18.0036 1292
2011/04/12 12:32:18.0036 1292 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/12 12:32:18.0036 1292 Product type: Workstation
2011/04/12 12:32:18.0036 1292 ComputerName: *-PCMENG
2011/04/12 12:32:18.0036 1292 UserName: *
2011/04/12 12:32:18.0036 1292 Windows directory: C:\Windows
2011/04/12 12:32:18.0036 1292 System windows directory: C:\Windows
2011/04/12 12:32:18.0036 1292 Processor architecture: Intel x86
2011/04/12 12:32:18.0036 1292 Number of processors: 4
2011/04/12 12:32:18.0036 1292 Page size: 0x1000
2011/04/12 12:32:18.0036 1292 Boot type: Safe boot with network
2011/04/12 12:32:18.0036 1292 ================================================================================
2011/04/12 12:32:18.0441 1292 Initialize success
2011/04/12 12:32:25.0212 0620 ================================================================================
2011/04/12 12:32:25.0212 0620 Scan started
2011/04/12 12:32:25.0212 0620 Mode: Manual;
2011/04/12 12:32:25.0212 0620 ================================================================================
2011/04/12 12:32:26.0444 0620 ACEDRV09 (ec818aed40e3359fe49ddb1700151e56) C:\Windows\system32\drivers\ACEDRV09.sys
2011/04/12 12:32:26.0491 0620 acedrv10 (0059ff74927a27395c5e190f9aa392df) C:\Windows\system32\drivers\acedrv10.sys
2011/04/12 12:32:26.0569 0620 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
2011/04/12 12:32:26.0585 0620 acehlp10 (6625a32ad17a3fa6c7f405aeac945aa7) C:\Windows\system32\drivers\acehlp10.sys
2011/04/12 12:32:26.0694 0620 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/12 12:32:26.0756 0620 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/12 12:32:26.0787 0620 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/12 12:32:26.0834 0620 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/12 12:32:26.0850 0620 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/12 12:32:26.0928 0620 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/12 12:32:26.0959 0620 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/12 12:32:26.0990 0620 ahcix86s (03081e98c515cb838434d252f407f6e8) C:\Windows\system32\DRIVERS\ahcix86s.sys
2011/04/12 12:32:27.0021 0620 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/12 12:32:27.0084 0620 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/12 12:32:27.0146 0620 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/12 12:32:27.0177 0620 amdide (f12456ad77b1c32d8c5ca51927872850) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/12 12:32:27.0224 0620 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/12 12:32:27.0240 0620 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/12 12:32:27.0287 0620 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/12 12:32:27.0333 0620 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/12 12:32:27.0380 0620 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/12 12:32:27.0411 0620 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/12 12:32:27.0552 0620 atikmdag (ec6b30e644e11d7b18382601f3f95807) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/12 12:32:27.0661 0620 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/04/12 12:32:27.0739 0620 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/04/12 12:32:27.0755 0620 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/12 12:32:27.0770 0620 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/12 12:32:27.0833 0620 avmaudio (728c4a6c722535c16d1025f51aa31e22) C:\Windows\system32\DRIVERS\avmaudio.sys
2011/04/12 12:32:27.0864 0620 avmaura (728c4a6c722535c16d1025f51aa31e22) C:\Windows\system32\DRIVERS\avmaura.sys
2011/04/12 12:32:27.0911 0620 avmeject (263cf9d248fd5e020a1333ed4f7eaa88) C:\Windows\system32\drivers\avmeject.sys
2011/04/12 12:32:27.0942 0620 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/12 12:32:27.0989 0620 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/12 12:32:28.0004 0620 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/12 12:32:28.0051 0620 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/12 12:32:28.0067 0620 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/12 12:32:28.0098 0620 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/12 12:32:28.0160 0620 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\Windows\system32\Drivers\BrSerIf.sys
2011/04/12 12:32:28.0191 0620 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/12 12:32:28.0207 0620 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/12 12:32:28.0223 0620 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
2011/04/12 12:32:28.0254 0620 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/12 12:32:28.0285 0620 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/12 12:32:28.0332 0620 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/12 12:32:28.0363 0620 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/12 12:32:28.0410 0620 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/12 12:32:28.0457 0620 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/12 12:32:28.0535 0620 cmnsusbser (675d67423980fc1784b93aa47d350a31) C:\Windows\system32\DRIVERS\cmnsusbser.sys
2011/04/12 12:32:28.0566 0620 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/04/12 12:32:28.0597 0620 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/12 12:32:28.0628 0620 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/12 12:32:28.0675 0620 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/12 12:32:28.0691 0620 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/12 12:32:28.0753 0620 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/12 12:32:28.0815 0620 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/12 12:32:28.0862 0620 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/12 12:32:28.0925 0620 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/12 12:32:28.0987 0620 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/12 12:32:29.0018 0620 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/12 12:32:29.0081 0620 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/12 12:32:29.0112 0620 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/12 12:32:29.0143 0620 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/12 12:32:29.0174 0620 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/12 12:32:29.0205 0620 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/12 12:32:29.0237 0620 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/12 12:32:29.0252 0620 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/12 12:32:29.0315 0620 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/12 12:32:29.0346 0620 FWLANUSB (ff12fa487265da2ac7de4be53f72ff1a) C:\Windows\system32\DRIVERS\fwlanusb.sys
2011/04/12 12:32:29.0377 0620 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/12 12:32:29.0439 0620 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/04/12 12:32:29.0486 0620 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/12 12:32:29.0533 0620 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/12 12:32:29.0580 0620 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/12 12:32:29.0611 0620 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/12 12:32:29.0658 0620 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/12 12:32:29.0705 0620 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/12 12:32:29.0720 0620 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/12 12:32:29.0767 0620 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/12 12:32:29.0798 0620 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/12 12:32:29.0829 0620 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/12 12:32:29.0939 0620 IntcAzAudAddService (fd1d5f1609126831f49d6cfbb61f9ddd) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/12 12:32:30.0017 0620 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/12 12:32:30.0032 0620 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/12 12:32:30.0079 0620 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/12 12:32:30.0126 0620 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/12 12:32:30.0157 0620 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/12 12:32:30.0173 0620 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/12 12:32:30.0204 0620 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/12 12:32:30.0251 0620 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/12 12:32:30.0266 0620 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/12 12:32:30.0297 0620 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/12 12:32:30.0329 0620 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/12 12:32:30.0375 0620 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/12 12:32:30.0422 0620 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/12 12:32:30.0453 0620 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/12 12:32:30.0500 0620 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/12 12:32:30.0531 0620 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/12 12:32:30.0563 0620 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/12 12:32:30.0578 0620 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/12 12:32:30.0625 0620 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/12 12:32:30.0656 0620 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/12 12:32:30.0687 0620 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/12 12:32:30.0719 0620 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/12 12:32:30.0734 0620 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/12 12:32:30.0750 0620 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/12 12:32:30.0765 0620 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/12 12:32:30.0812 0620 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/12 12:32:30.0859 0620 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/12 12:32:30.0890 0620 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/12 12:32:30.0921 0620 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/12 12:32:30.0984 0620 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/12 12:32:30.0999 0620 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/12 12:32:31.0046 0620 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/12 12:32:31.0093 0620 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/04/12 12:32:31.0124 0620 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/12 12:32:31.0171 0620 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/12 12:32:31.0202 0620 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/12 12:32:31.0233 0620 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/12 12:32:31.0280 0620 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/12 12:32:31.0280 0620 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/12 12:32:31.0327 0620 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/12 12:32:31.0358 0620 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/12 12:32:31.0374 0620 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/12 12:32:31.0389 0620 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/12 12:32:31.0436 0620 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/12 12:32:31.0467 0620 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/12 12:32:31.0499 0620 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/12 12:32:31.0514 0620 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/12 12:32:31.0545 0620 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/12 12:32:31.0577 0620 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/12 12:32:31.0577 0620 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/12 12:32:31.0608 0620 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/12 12:32:31.0670 0620 netr28u (9ba2f93e4f01ec58e722b36639e0ce5d) C:\Windows\system32\DRIVERS\netr28u.sys
2011/04/12 12:32:31.0748 0620 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/12 12:32:31.0779 0620 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/12 12:32:31.0811 0620 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/12 12:32:31.0857 0620 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/12 12:32:31.0904 0620 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/12 12:32:31.0920 0620 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/12 12:32:31.0951 0620 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/12 12:32:31.0967 0620 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/12 12:32:32.0029 0620 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/12 12:32:32.0107 0620 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/12 12:32:32.0154 0620 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/12 12:32:32.0185 0620 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/12 12:32:32.0216 0620 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/12 12:32:32.0232 0620 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/12 12:32:32.0294 0620 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/12 12:32:32.0310 0620 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/12 12:32:32.0357 0620 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/12 12:32:32.0450 0620 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/12 12:32:32.0450 0620 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/04/12 12:32:32.0497 0620 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/12 12:32:32.0559 0620 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/12 12:32:32.0637 0620 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/12 12:32:32.0700 0620 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/12 12:32:32.0731 0620 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/12 12:32:32.0747 0620 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/12 12:32:32.0778 0620 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/12 12:32:32.0809 0620 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/12 12:32:32.0825 0620 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/12 12:32:32.0856 0620 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/12 12:32:32.0871 0620 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/12 12:32:32.0903 0620 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/12 12:32:32.0934 0620 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/12 12:32:32.0965 0620 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/12 12:32:33.0012 0620 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/12 12:32:33.0074 0620 RTHDMIAzAudService (72a5515a2031d458dd38e9336594184b) C:\Windows\system32\drivers\RtHDMIV.sys
2011/04/12 12:32:33.0121 0620 RTL8169 (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/12 12:32:33.0137 0620 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/12 12:32:33.0183 0620 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/12 12:32:33.0215 0620 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/12 12:32:33.0246 0620 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/12 12:32:33.0277 0620 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/12 12:32:33.0324 0620 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/12 12:32:33.0339 0620 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/12 12:32:33.0371 0620 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/12 12:32:33.0386 0620 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/12 12:32:33.0433 0620 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/12 12:32:33.0449 0620 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/12 12:32:33.0480 0620 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/12 12:32:33.0527 0620 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/12 12:32:33.0573 0620 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/12 12:32:33.0636 0620 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/12 12:32:33.0667 0620 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/12 12:32:33.0698 0620 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/12 12:32:33.0745 0620 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/12 12:32:33.0792 0620 ss_bus (5a1d0ca8a5f1e7b4ec50b9d76c001f0e) C:\Windows\system32\DRIVERS\ss_bus.sys
2011/04/12 12:32:33.0839 0620 ss_mdfl (f0a85580e36a3a85059037d39a9cf079) C:\Windows\system32\DRIVERS\ss_mdfl.sys
2011/04/12 12:32:33.0885 0620 ss_mdm (84c3dbfd1bfa4adc0a950b3d5506cb00) C:\Windows\system32\DRIVERS\ss_mdm.sys
2011/04/12 12:32:33.0932 0620 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/12 12:32:33.0963 0620 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/12 12:32:33.0979 0620 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/12 12:32:34.0010 0620 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/12 12:32:34.0057 0620 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys
2011/04/12 12:32:34.0119 0620 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/12 12:32:34.0151 0620 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/12 12:32:34.0197 0620 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/12 12:32:34.0229 0620 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/12 12:32:34.0260 0620 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/12 12:32:34.0307 0620 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/12 12:32:34.0322 0620 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/12 12:32:34.0385 0620 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/12 12:32:34.0416 0620 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/12 12:32:34.0447 0620 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/12 12:32:34.0494 0620 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/12 12:32:34.0541 0620 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/12 12:32:34.0603 0620 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/12 12:32:34.0619 0620 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/12 12:32:34.0650 0620 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/12 12:32:34.0681 0620 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/12 12:32:34.0712 0620 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/12 12:32:34.0759 0620 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/12 12:32:34.0790 0620 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/12 12:32:34.0837 0620 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/12 12:32:34.0884 0620 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/12 12:32:34.0899 0620 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/12 12:32:34.0931 0620 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/12 12:32:34.0962 0620 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/12 12:32:35.0009 0620 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/12 12:32:35.0024 0620 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/12 12:32:35.0071 0620 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/12 12:32:35.0102 0620 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/12 12:32:35.0133 0620 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/12 12:32:35.0165 0620 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/12 12:32:35.0180 0620 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/12 12:32:35.0211 0620 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/12 12:32:35.0258 0620 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/12 12:32:35.0305 0620 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/12 12:32:35.0336 0620 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/12 12:32:35.0383 0620 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/12 12:32:35.0414 0620 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 12:32:35.0414 0620 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 12:32:35.0461 0620 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/12 12:32:35.0508 0620 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/12 12:32:35.0601 0620 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/12 12:32:35.0648 0620 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/12 12:32:35.0711 0620 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/12 12:32:35.0804 0620 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/12 12:32:36.0023 0620 ================================================================================
2011/04/12 12:32:36.0023 0620 Scan finished
2011/04/12 12:32:36.0023 0620 ================================================================================
2011/04/12 12:32:36.0038 1128 Detected object count: 1
2011/04/12 12:32:46.0022 1128 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/12 12:32:46.0022 1128 \HardDisk0 - ok
2011/04/12 12:32:46.0022 1128 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/12 12:32:57.0379 1700 Deinitialize success
Liebe Grüße |
|
12.04.2011, 11:44
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MS Removal ToolCode:
ATTFilter 2011/04/12 12:32:36.0038 1128 Detected object count: 1
2011/04/12 12:32:46.0022 1128 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/12 12:32:46.0022 1128 \HardDisk0 - ok
2011/04/12 12:32:46.0022 1128 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/12 12:32:57.0379 1700 Deinitialize success
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.04.2011, 11:54
| #9 |
| Gesperrt | MS Removal Tool Den Kontrollscan habe ich nach dem Neustart gemacht. |
|
12.04.2011, 12:01
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ |  MS Removal ToolZitat:
 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.04.2011, 12:39
| #11 |
| Gesperrt | MS Removal Tool Dass sich nun keine Anwendung mehr starten lässt, beunruhigt mich doch etwas. "Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum löschen markiert wurde." Beispielsweise beim Firefox und bei Thunderbird. Bin nun an einem anderen Rechner. Das Log: Combofix Logfile: Code:
ATTFilter ComboFix 11-04-11.03 - * 12.04.2011 13:20:12.1.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3325.2741 [GMT 2:00]
ausgeführt von:: c:\users\*\Voreingestellte Ordner\Desktop\cofi.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pontius Pilatus\AppData\Roaming\EurekaLog
c:\users\*\AppData\Local\{D73AD7EE-96ED-49B4-A9B7-DD94F154813D}
c:\users\*\AppData\Local\{D73AD7EE-96ED-49B4-A9B7-DD94F154813D}\chrome.manifest
c:\users\*\AppData\Local\{D73AD7EE-96ED-49B4-A9B7-DD94F154813D}\chrome\content\_cfg.js
c:\users\*\AppData\Local\{D73AD7EE-96ED-49B4-A9B7-DD94F154813D}\chrome\content\overlay.xul
c:\users\*\AppData\Local\{D73AD7EE-96ED-49B4-A9B7-DD94F154813D}\install.rdf
c:\users\*\AppData\Roaming\Adobe\plugs
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24452844.txt
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24452875.txt
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24452907.txt
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24452953.txt
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24453016.txt
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24453031.txt
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24456385.txt
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24462220.txt
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24462922.txt
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24465808.txt
c:\users\*\AppData\Roaming\Adobe\shed
c:\users\*\AppData\Roaming\Adobe\shed\thr1.chm
c:\windows\system32\office.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-12 bis 2011-04-12 ))))))))))))))))))))))))))))))
.
.
2011-04-12 11:25 . 2011-04-12 11:26 -------- d-----w- c:\users\*\AppData\Local\temp
2011-04-12 11:25 . 2011-04-12 11:25 -------- d-----w- c:\users\SEO\AppData\Local\temp
2011-04-12 11:25 . 2011-04-12 11:25 -------- d-----w- c:\users\Pontius Pilatus\AppData\Local\temp
2011-04-12 11:25 . 2011-04-12 11:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-12 11:11 . 2011-04-12 11:11 -------- d-----w- C:\cofi
2011-04-11 14:48 . 2011-04-11 14:48 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-04-11 13:58 . 2011-04-11 13:58 -------- d-----w- c:\windows\Sun
2011-04-11 12:34 . 2011-04-11 12:34 -------- d-----w- c:\program files\CCleaner
2011-04-11 12:32 . 2011-04-11 12:32 -------- d-----w- c:\users\*\AppData\Roaming\Malwarebytes
2011-04-11 12:32 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-11 12:32 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-11 12:32 . 2011-04-11 12:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-11 12:14 . 2011-04-11 12:14 0 ----a-w- c:\users\*\AppData\Local\Cmamevub.bin
2011-04-08 05:50 . 2011-04-08 05:50 -------- d-----w- c:\users\*\AppData\Roaming\DasTelefonbuch Gelbe Seiten Map&Route
2011-04-08 05:50 . 2011-04-08 05:50 -------- d-----w- c:\program files\Common Files\TVG
2011-04-08 05:45 . 2011-04-08 05:45 -------- d-----w- c:\program files\TVG
2011-03-29 06:46 . 2011-03-29 06:46 -------- d-----w- c:\program files\Microsoft SDKs
2011-03-29 06:46 . 2011-03-29 06:50 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2011-03-29 06:43 . 2011-03-29 06:43 -------- d-----w- c:\program files\Common Files\Protexis
2011-03-29 06:36 . 2011-03-29 06:36 -------- d-----w- c:\program files\BabylonToolbar
2011-03-23 07:04 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 07:04 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 07:04 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-22 09:59 . 2011-03-22 09:59 -------- d-----w- c:\users\*\AppData\Roaming\CyberLink
2011-03-22 09:59 . 2011-03-22 09:59 -------- d-----w- c:\users\Public\CyberLink
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-12 10:26 . 2010-10-25 11:07 55 ----a-w- c:\users\*\AppData\Roaming\tigersetting.dll
2011-02-28 17:11 . 2011-02-28 17:11 90112 ----a-w- c:\windows\system32\lxdao11VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11 69632 ----a-w- c:\windows\system32\PXTTool80VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11 61440 ----a-w- c:\windows\system32\LXCurr12VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11 4648960 ----a-w- c:\windows\system32\LxXtreme70VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11 27648 ----a-w- c:\windows\system32\LXTPSW20VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11 188416 ----a-w- c:\windows\system32\LxDBAL11VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11 135168 ----a-w- c:\windows\system32\LxMail30VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11 1335296 ----a-w- c:\windows\system32\LXTool91VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11 118784 ----a-w- c:\windows\system32\LxOdbc11VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11 110592 ----a-w- c:\windows\system32\LxUISettings20Native.dll
2011-02-28 17:11 . 2011-02-28 17:11 81920 ----a-w- c:\windows\system32\LxCI12.dll
2011-02-28 17:11 . 2011-02-28 17:11 196608 ----a-w- c:\windows\system32\LxBasics91VC8.dll
2011-02-28 12:43 . 2011-02-28 13:17 52128 ----a-w- c:\windows\system32\drivers\smsbda.sys
2011-02-28 12:43 . 2011-02-28 13:17 133120 ----a-w- c:\windows\system32\drivers\cm_netamd.sys
2011-02-28 12:43 . 2011-02-28 13:17 118272 ----a-w- c:\windows\system32\drivers\cm_seramd.sys
2011-02-28 12:43 . 2011-02-28 13:17 112640 ----a-w- c:\windows\system32\drivers\cm_net32.sys
2011-02-28 12:43 . 2011-02-28 13:17 103680 ----a-w- c:\windows\system32\drivers\cm_ser32.sys
2011-02-28 12:43 . 2011-02-28 13:17 103424 ----a-w- c:\windows\system32\drivers\cmnsusbser.sys
2011-02-24 17:38 . 2011-02-24 17:38 1425408 ----a-w- c:\windows\system32\FormAssi80.dll
2011-02-05 15:25 . 2011-02-05 15:25 57344 ----a-w- c:\windows\system32\FKStampPainter20.dll
2011-02-02 17:11 . 2009-10-05 08:22 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 07:43 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 07:43 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 07:43 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 07:43 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 07:43 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 07:43 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 07:43 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 07:43 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 07:43 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 07:43 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 07:43 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 07:43 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 07:43 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 07:43 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 07:43 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 07:43 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 07:43 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 07:43 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 07:43 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 07:43 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 07:43 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 07:43 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 07:43 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 07:43 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 07:43 683008 ----a-w- c:\windows\system32\d2d1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"AVMUSBFernanschluss"="c:\users\*\AppData\Local\Apps\2.0\HD0Z4920.JG8\7Y9M4GYD.9C7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe" [2009-09-22 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-01 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"STAMPIT-Tray"="c:\program files\STAMPIT\Binary\Stray.exe" [2010-06-11 83336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-02 6695456]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-02 1833504]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"Corel Graphics Suite 1117"="c:\program files\Corel\Corel Graphics 11\Register\registration.exe" [2005-02-17 315392]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 11\Register\registration.exe" [2005-02-17 315392]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-07-01 3811768]
"AVMWlanClient"="c:\program files\avmwlanstick\FRITZWLANMini.exe" [2007-02-02 283136]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]
"starter4g"="c:\windows\starter4g.exe" [2010-07-08 160992]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OfficeManager Terminerinnerung.lnk - c:\program files\TVG\DasTelefonbuch Gelbe Seiten Map & Route\win32\officemanager\OMAlarm.exe [2011-4-8 201728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 pxjabejg;pxjabejg;c:\windows\System32\drivers\ljwqoo.sys [x]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-09-01 110304]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-10-28 583128]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-05-16 176128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [2010-05-17 187456]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-11 135664]
R2 TVGOnlineUpdateSvc;TVG OnlineUpdate-Service;c:\program files\TVG\OnlineUpdate\OnlineUpdateSvc.exe [2010-02-24 398128]
R2 WTGService;WTGService;c:\program files\XSManager\WTGService.exe [2010-04-12 329168]
R2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-07-08 145120]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2009-09-22 101248]
R3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2009-09-22 101248]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2007-01-25 4352]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2010-12-14 2412680]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2011-02-28 103424]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-10-26 250560]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-25 265088]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-01 09:11]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-11 07:54]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-11 07:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.test-wasser.de/piwik/index.php?module=CoreHome&action=index&date=2010-08-03&period=day&idSite=40
uInternet Settings,ProxyOverride = fritz.box;192.168.178.1
uInternet Settings,ProxyServer = http=127.0.0.1:61838
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-31/4
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\kt93lppj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=18e19fc0000000000000bc05430013f4&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http_port - 8000
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SEO Status PageRank/Alexa Toolbar: seostatus@rubyweb - %profile%\extensions\seostatus@rubyweb
FF - Ext: WebRank Toolbar: webrank-toolbar@probcomp.com - %profile%\extensions\webrank-toolbar@probcomp.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-12 13:26
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-12 13:30:14
ComboFix-quarantined-files.txt 2011-04-12 11:30
.
Vor Suchlauf: 9 Verzeichnis(se), 474.077.728.768 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 474.032.267.264 Bytes frei
.
- - End Of File - - 362964E5105B50E1794A622355D581AF
|
|
12.04.2011, 12:44
| #12 |
| Gesperrt | MS Removal Tool Nicht mal mehr die Systemwiederherstellung würde funktionieren.  |
|
12.04.2011, 13:09
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MS Removal Tool Hast du Windows nach Combofix neu gestartet?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.04.2011, 13:20
| #14 |
| Gesperrt | MS Removal Tool Ok, nach dem Neustart funktioniert es wieder. War mir nur etwas unsicher. So, weiter im Programm. |
|
12.04.2011, 13:28
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MS Removal Tool Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
Hybrid-Darstellung
