| |
| |||||||
Log-Analyse und Auswertung: Google redirect / Sicherheitscenter nicht aktivierbarWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
12.04.2011, 10:12
| #1 |
 |  Google redirect / Sicherheitscenter nicht aktivierbar Moin ans Forum Ich habe seit einigen Tagen das anscheinend öfter auftretende und nicht mit normalen Virenscannern zu lösende Problem mit den Google-Redirects. Bei einer Googlesuche werde ich die ersten beiden Male wenn ich ein Suchergebnis anklicke immer über www.goingonearth.com auf eine scheinbar zufällige Seite weitergeleitet. Nachfolgende klicks führen dann auf die gewünschte Seite und nach einer gewissen Zeit/Klicks(?) geht das Spiel mit den Redirects wieder los. Zusätzlich lässt sich der Windows-Sicherheitscenterdienst nicht mehr starten mit der schlichten Fehlermeldung "Der Windows Sicherheitscenterdienst kann nicht gestartet werden". Ich hoffe ihr könnt mir helfen, und sage schon mal Danke im Voraus für die Mühe! Ich habe bereits AVIRA AntiVir laufen lassen, der folgende zwei Dateien gefunden hat: (ich kann mich allerdings nicht erinnern, diese Dateien irgendwann ausgeführt zu haben) Code:
ATTFilter Durchsuche Prozess 'Sxc.exe' - '1' Modul(e) wurden durchsucht
Modul ist infiziert -> <C:\Users\***\AppData\Local\Temp\Sxc.exe>
[FUND] Ist das Trojanische Pferd TR/Dldr.Renos.PG.47
[HINWEIS] Prozess 'Sxc.exe' wurde beendet
[HINWEIS] Der Registrierungseintrag <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Q7NZMT7RLB> wurde erfolgreich entfernt.
[HINWEIS] Die Datei wurde gelöscht.
[...]
Beginne mit der Suche in 'C:\Users\***\AppData\Local\Temp\Sxc.exe'
Der zu durchsuchende Pfad C:\Users\***\AppData\Local\Temp\Sxc.exe konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Users\***\AppData\Local\Temp\Sxb.exe'
C:\Users\***\AppData\Local\Temp\Sxb.exe
[FUND] Ist das Trojanische Pferd TR/Dldr.Renos.PG.48
Beginne mit der Desinfektion:
C:\Users\***\AppData\Local\Temp\Sxb.exe
[FUND] Ist das Trojanische Pferd TR/Dldr.Renos.PG.48
[HINWEIS] Die Datei wurde gelöscht.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6308
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
08.04.2011 10:09:50
mbam-log-2011-04-08 (10-09-50).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 160966
Laufzeit: 2 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\K8CE6CA1JO (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Q7NZMT7RLB (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
Code:
ATTFilter Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Einstellungen (Registrierungsdatenbank-Änderung, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Einstellungen (Registrierungsdatenbank-Änderung, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start
Und hier ist die Ausgabe von OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.04.2011 09:44:31 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 440,17 Gb Free Space | 94,53% Space Free | Partition Type: NTFS Drive E: | 100,00 Mb Total Space | 71,67 Mb Free Space | 71,67% Space Free | Partition Type: NTFS Drive F: | 232,79 Gb Total Space | 148,02 Gb Free Space | 63,59% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Program Files (x86)\Vercue\Vercue.exe (SharpRegion) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Zend\ZendServer\bin\ZendSessionManager.exe (Zend Technologies Ltd.) PRC - C:\Program Files (x86)\Zend\ZendServer\bin\zendcontroller.exe () PRC - C:\Program Files (x86)\Zend\ZendServer\bin\php-cgi.exe (The PHP Group) PRC - C:\Program Files (x86)\Zend\ZendServer\bin\jqd.exe (Zend Technologies Ltd.) PRC - C:\Program Files (x86)\Zend\ZendServer\bin\MonitorNode.exe (Zend Technologies Ltd.) PRC - C:\Program Files (x86)\Zend\Apache2\bin\httpd.exe (Apache Software Foundation) PRC - C:\Program Files (x86)\Zend\Apache2\bin\ApacheMonitor.exe (Apache Software Foundation) PRC - C:\Program Files (x86)\IDM Computer Solutions\UEStudio\UEStudio.exe (IDM Computer Solutions, Inc.) PRC - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe (AGFEO ) ========== Modules (SafeList) ========== MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ZendSessionClustering) -- C:\Program Files (x86)\Zend\ZendServer\bin\ZendSessionManager.exe (Zend Technologies Ltd.) SRV - (ZendJobQueue) -- C:\Program Files (x86)\Zend\ZendServer\bin\jqd.exe (Zend Technologies Ltd.) SRV - (ZendMonitor) -- C:\Program Files (x86)\Zend\ZendServer\bin\MonitorNode.exe (Zend Technologies Ltd.) SRV - (Apache2.2-Zend) -- C:\Program Files (x86)\Zend\Apache2\bin\httpd.exe (Apache Software Foundation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation) DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-162417844-2277982324-1288025200-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-162417844-2277982324-1288025200-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-162417844-2277982324-1288025200-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 4A C8 B4 BD F2 CB 01 [binary data] IE - HKU\S-1-5-21-162417844-2277982324-1288025200-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1 FF - prefs.js..extensions.enabledItems: {3c9761ad-a43d-4447-b924-f5d83cb48063}:2.3 FF - prefs.js..extensions.enabledItems: info@elime.be:1.5 FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Firefox\Extensions\\{3c9761ad-a43d-4447-b924-f5d83cb48063}: C:\Program Files (x86)\Zend\Zend Studio - 8.0.0\toolbars\firefox [2011.03.16 17:58:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.28 16:19:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.28 16:19:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.03.28 16:19:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.03.14 14:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.03.14 14:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.01 10:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\kpw85brv.default\extensions [2011.03.14 15:38:36 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\kpw85brv.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2011.03.25 10:01:36 | 000,000,000 | ---D | M] ("easy Xdebug") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\kpw85brv.default\extensions\info@elime.be [2011.03.25 10:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.03.23 15:57:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.03.25 10:08:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPW85BRV.DEFAULT\EXTENSIONS\{6D1D11DB-3C6C-4DB8-96E4-20F4A1088AAC}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPW85BRV.DEFAULT\EXTENSIONS\{8F8FE09B-0BD3-4470-BC1B-8CAD42B8203A}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPW85BRV.DEFAULT\EXTENSIONS\{9EFE12FC-8E7B-41DC-917E-B9341DAA31E0}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPW85BRV.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPW85BRV.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPW85BRV.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.07 17:20:10 | 000,000,759 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKLM\..\Toolbar: (Zend Studio) - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~2\Zend\ZENDST~1.0\toolbars\ZENDIE~1.DLL (Zend Technologies Ltd) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-162417844-2277982324-1288025200-1000..\Run: [Vercue] C:\Program Files (x86)\Vercue\Vercue.exe (SharpRegion) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~2\Zend\ZENDST~1.0\toolbars\ZENDIE~1.DLL (Zend Technologies Ltd) O9 - Extra 'Tools' menuitem : Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - Reg Error: Value error. File not found O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.2 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.11 14:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.04.11 14:19:12 | 037,943,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe [2011.04.11 09:36:05 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2011.04.11 09:36:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2011.04.11 09:36:00 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011.04.11 09:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.04.11 09:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.04.11 09:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.04.11 09:28:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Sunbelt Software [2011.04.11 09:27:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6A395471-4AA3-4072-AE1B-9B69A97AD164} [2011.04.11 09:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011.04.11 09:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2011.04.11 09:27:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2011.04.11 09:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro [2011.04.08 12:17:19 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MCEdit-schematics [2011.04.08 12:17:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MCEdit-64bit [2011.04.08 10:07:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.04.08 10:06:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.04.08 10:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.08 10:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.08 10:06:18 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.04.08 10:06:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.04.07 15:19:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.minecraft [2011.04.07 15:04:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2011.04.06 10:31:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\AGFEO [2011.04.06 10:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGFEO TK-Suite [2011.04.06 10:27:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGFEO [2011.04.01 14:35:56 | 000,000,000 | ---D | C] -- C:\opt [2011.04.01 13:55:49 | 000,000,000 | ---D | C] -- C:\Users\***\ssh [2011.04.01 13:50:51 | 000,000,000 | ---D | C] -- C:\Users\***\.eclipse [2011.04.01 13:28:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Eclipse [2011.04.01 13:28:02 | 000,000,000 | ---D | C] -- C:\Users\***\workspace [2011.04.01 13:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eclipse [2011.03.31 16:15:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TortoiseSVN [2011.03.31 09:02:55 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll [2011.03.31 09:02:54 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2011.03.31 09:02:54 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2011.03.31 09:02:54 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll [2011.03.28 16:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.03.28 16:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2011.03.28 16:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011.03.28 16:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2011.03.28 16:18:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple [2011.03.28 16:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2011.03.28 16:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011.03.25 10:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.03.25 10:08:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.03.25 10:08:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.03.25 10:08:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.03.23 15:59:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.03.23 15:58:34 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3 [2011.03.23 15:58:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2011.03.23 15:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.03.23 15:57:29 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.03.23 15:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2011.03.17 14:37:25 | 000,000,000 | ---D | C] -- C:\Users\***\.local [2011.03.17 14:37:15 | 000,000,000 | ---D | C] -- C:\Users\***\.config [2011.03.17 14:31:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KDE 4.5.4 Release [2011.03.17 14:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KDE [2011.03.17 14:20:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Trolltech [2011.03.17 14:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphviz 2.26.3 [2011.03.17 14:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Graphviz2.26.3 [2011.03.17 13:40:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.kde [2011.03.17 11:44:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin [2011.03.17 11:37:31 | 000,000,000 | ---D | C] -- C:\cygwin [2011.03.17 11:31:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\KDE [2011.03.16 18:00:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Zend Studio [2011.03.16 18:00:09 | 000,000,000 | ---D | C] -- C:\Users\***\.ZendStudio [2011.03.16 17:59:45 | 000,000,000 | ---D | C] -- C:\Users\***\Zend [2011.03.16 17:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zend Studio [2011.03.16 17:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2011.03.16 17:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zend Server [2011.03.16 17:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zend [2011.03.16 17:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Zend [2011.03.16 17:42:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations [2011.03.16 10:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2011.03.15 18:40:35 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2011.03.15 18:40:35 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2011.03.15 18:40:35 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2011.03.15 18:40:35 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2011.03.15 18:40:35 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2011.03.15 18:40:35 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2011.03.15 18:40:35 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2011.03.15 18:40:35 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2011.03.15 18:40:17 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2011.03.15 10:14:08 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2011.03.15 10:14:07 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2011.03.15 10:14:06 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2011.03.15 10:14:05 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2011.03.15 10:13:50 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.03.15 10:13:50 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.03.15 10:13:49 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.03.15 10:13:49 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.03.15 10:13:49 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.03.15 10:13:49 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.03.15 10:13:49 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.03.15 10:13:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.03.15 10:13:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.03.15 10:13:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.03.15 10:13:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.03.15 10:13:49 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.03.15 10:13:22 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2011.03.15 10:13:22 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.03.15 10:13:21 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll [2011.03.15 10:13:21 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll [2011.03.15 10:13:21 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2011.03.15 10:13:21 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.03.15 10:13:21 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2011.03.15 10:13:21 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2011.03.15 10:13:15 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2011.03.15 10:13:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2011.03.15 10:13:13 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll [2011.03.15 10:13:12 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2011.03.15 10:13:11 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2011.03.15 10:13:11 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2011.03.15 10:13:11 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2011.03.15 10:13:11 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2011.03.15 10:13:11 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2011.03.15 10:13:11 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe [2011.03.15 10:13:11 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe [2011.03.15 10:13:10 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll [2011.03.15 10:13:07 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll [2011.03.15 10:13:07 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll [2011.03.15 10:13:01 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll [2011.03.15 10:13:01 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll [2011.03.15 10:13:01 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll [2011.03.15 10:13:01 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll [2011.03.15 10:13:01 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe [2011.03.15 10:13:01 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe [2011.03.15 10:13:01 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe [2011.03.15 10:13:01 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe [2011.03.15 10:13:01 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe [2011.03.15 10:13:00 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe [2011.03.15 10:13:00 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe [2011.03.15 10:13:00 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe [2011.03.15 10:13:00 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll [2011.03.15 10:13:00 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll [2011.03.15 10:13:00 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll [2011.03.15 10:13:00 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll [2011.03.15 10:12:36 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2011.03.15 10:12:35 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2011.03.15 10:12:35 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2011.03.15 10:12:35 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2011.03.15 10:12:35 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2011.03.15 10:12:10 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2011.03.15 10:12:09 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011.03.15 10:12:08 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2011.03.15 10:12:08 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe [2011.03.15 10:12:07 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2011.03.15 10:12:07 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2011.03.15 10:12:00 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll [2011.03.15 10:12:00 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll [2011.03.15 10:11:59 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.03.15 10:11:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.03.15 10:11:59 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2011.03.15 10:11:59 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll [2011.03.15 10:11:59 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll [2011.03.15 10:11:59 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll [2011.03.15 10:11:59 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll [2011.03.15 10:11:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll [2011.03.15 10:11:54 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2011.03.15 10:11:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2011.03.15 10:11:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2011.03.15 10:11:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2011.03.15 10:11:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2011.03.15 10:11:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2011.03.15 10:11:53 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011.03.15 10:11:52 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.03.15 10:11:52 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.03.15 10:11:52 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.03.15 10:11:51 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.03.15 10:11:48 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.03.15 10:11:46 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2011.03.15 10:11:46 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll [2011.03.15 10:11:45 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2011.03.15 10:11:45 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2011.03.15 10:11:45 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2011.03.15 10:11:44 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll [2011.03.15 10:11:44 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2011.03.15 10:11:44 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2011.03.15 10:11:44 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll [2011.03.15 10:11:43 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll [2011.03.15 10:11:43 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2011.03.15 10:11:43 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2011.03.15 10:11:43 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2011.03.15 10:11:43 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2011.03.15 10:11:43 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2011.03.15 10:11:43 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.03.15 10:11:43 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2011.03.15 10:11:42 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2011.03.15 10:11:42 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll [2011.03.15 10:11:31 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2011.03.15 10:11:31 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2011.03.15 10:11:30 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2011.03.15 10:11:28 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.03.15 10:11:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.03.15 10:11:28 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.03.15 10:11:16 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2011.03.15 10:11:16 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll [2011.03.15 10:11:15 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2011.03.15 10:11:15 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2011.03.15 10:11:14 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll [2011.03.15 10:11:14 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll [2011.03.15 10:11:07 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.03.15 10:11:07 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.03.15 10:11:07 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2011.03.15 10:11:06 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.03.15 10:10:58 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.03.15 10:10:58 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.03.15 10:10:58 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2011.03.15 10:10:58 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2011.03.15 10:10:58 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.03.15 10:10:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.03.15 10:10:54 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2011.03.15 10:10:51 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2011.03.15 10:10:45 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll [2011.03.15 10:10:45 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll [2011.03.15 10:10:41 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2011.03.15 10:10:40 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2011.03.15 10:10:40 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2011.03.15 10:10:40 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2011.03.15 10:10:39 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2011.03.15 10:10:39 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2011.03.15 10:10:33 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2011.03.15 10:10:33 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2011.03.15 10:10:29 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll [2011.03.15 10:07:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe [2011.03.15 10:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011.03.15 10:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2011.03.15 10:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011.03.15 09:57:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TSVNCache [2011.03.14 16:13:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Vercue [2011.03.14 16:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vercue [2011.03.14 16:12:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vercue [2011.03.14 16:12:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vercue [2011.03.14 16:03:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Subversion [2011.03.14 16:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN [2011.03.14 16:03:18 | 000,000,000 | ---D | C] -- C:\Programme\TortoiseSVN [2011.03.14 16:03:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\TortoiseOverlays [2011.03.14 15:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.03.14 15:58:58 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.03.14 15:58:58 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.03.14 15:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.03.14 15:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.03.14 15:55:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia [2011.03.14 15:55:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [2011.03.14 15:55:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2011.03.14 15:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2011.03.14 15:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2011.03.14 15:48:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FileZilla [2011.03.14 14:47:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\IDMComp [2011.03.14 14:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UEStudio [2011.03.14 14:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDM Computer Solutions [2011.03.14 14:46:37 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011.03.14 14:44:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR [2011.03.14 14:44:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.03.14 14:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.03.14 14:44:48 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR [2011.03.14 14:42:57 | 000,000,000 | ---D | C] -- C:\Temp [2011.03.14 14:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\putty [2011.03.14 14:11:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.03.14 14:11:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Thunderbird [2011.03.14 14:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird [2011.03.14 14:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2011.03.14 14:08:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla [2011.03.14 14:08:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla [2011.03.14 14:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011.03.14 13:57:58 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2011.03.14 13:57:58 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll [2011.03.14 13:57:58 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll [2011.03.14 13:57:58 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll [2011.03.14 13:52:49 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.03.14 13:52:48 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.03.14 13:52:48 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [2011.03.14 13:52:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities [2011.03.14 13:52:40 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [2011.03.14 13:52:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore [2011.03.14 13:52:33 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\Music [2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2011.03.14 13:52:33 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2011.03.14 13:52:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [2011.03.14 13:52:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [2011.03.14 13:52:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\Recovery [2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\Programme [2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2011.03.14 13:48:25 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011.03.14 13:46:00 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2011.03.14 13:45:45 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2011.03.14 13:45:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther ========== Files - Modified Within 30 Days ========== [2011.04.12 09:06:41 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.12 09:06:41 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.12 09:03:59 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.12 09:03:59 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.12 09:03:59 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.12 09:03:59 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.12 09:03:59 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.12 08:59:21 | 000,000,314 | -HS- | M] () -- C:\Windows\tasks\CYXM.job [2011.04.12 08:59:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.12 08:59:09 | 3220,504,576 | -HS- | M] () -- C:\hiberfil.sys [2011.04.11 17:31:54 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Local\PUTTY.RND [2011.04.11 09:35:59 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011.04.11 09:27:34 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.04.11 09:14:30 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys [2011.04.08 12:17:26 | 000,001,532 | ---- | M] () -- C:\Users\***\Documents\mcedit.ini [2011.04.07 14:59:14 | 000,150,016 | RHS- | M] () -- C:\Windows\SysWow64\acppage0.dll [2011.04.06 10:27:11 | 000,001,271 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TK-Suite Client.lnk [2011.04.01 09:22:02 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2011.03.28 16:19:18 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011.03.25 10:39:12 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.03.24 09:56:49 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.03.23 16:00:01 | 000,001,235 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011.03.23 15:58:34 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2011.03.16 18:00:12 | 000,000,005 | -H-- | M] () -- C:\Users\***\.zs [2011.03.16 17:59:11 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\Zend Studio - 8.0.0.lnk [2011.03.16 17:45:39 | 000,002,054 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Apache Web Server Monitor.lnk [2011.03.16 17:43:57 | 000,000,874 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Zend Controller.lnk [2011.03.14 15:49:14 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2011.03.14 14:11:18 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2011.03.14 13:49:01 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2011.03.14 13:49:01 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2011.03.14 13:47:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.03.14 13:47:27 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin ========== Files Created - No Company Name ========== [2011.04.11 09:27:34 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.04.11 09:14:30 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys [2011.04.08 12:17:26 | 000,001,532 | ---- | C] () -- C:\Users\***\Documents\mcedit.ini [2011.04.07 14:59:14 | 000,150,016 | RHS- | C] () -- C:\Windows\SysWow64\acppage0.dll [2011.04.07 14:59:14 | 000,000,314 | -HS- | C] () -- C:\Windows\tasks\CYXM.job [2011.04.06 10:27:11 | 000,001,271 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TK-Suite Client.lnk [2011.03.28 16:19:18 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011.03.28 16:18:11 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011.03.25 10:39:12 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.03.23 16:00:01 | 000,001,235 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011.03.23 15:58:34 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2011.03.17 17:01:20 | 000,018,576 | ---- | C] () -- C:\Users\***\Desktop\aend-all-pw.zip [2011.03.16 18:00:12 | 000,000,005 | -H-- | C] () -- C:\Users\***\.zs [2011.03.16 17:59:11 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\Zend Studio - 8.0.0.lnk [2011.03.16 17:45:39 | 000,002,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Apache Web Server Monitor.lnk [2011.03.16 17:43:57 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Zend Controller.lnk [2011.03.15 10:05:12 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.03.14 18:37:56 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2011.03.14 15:48:42 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2011.03.14 14:11:18 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2011.03.14 14:08:28 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.03.14 13:52:54 | 000,001,405 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2011.03.14 13:52:50 | 000,001,439 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.03.14 13:48:49 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2011.03.14 13:48:42 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2011.03.14 13:47:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.03.14 13:47:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.14 13:45:45 | 3220,504,576 | -HS- | C] () -- C:\hiberfil.sys [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.03.17 13:40:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.kde [2011.04.11 13:55:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2011.04.06 10:31:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AGFEO [2011.04.11 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2011.03.17 13:33:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KDE [2011.03.23 15:59:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.03.14 16:03:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion [2011.03.14 14:35:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.04.12 08:59:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vercue [2011.04.12 08:59:21 | 000,000,314 | -HS- | M] () -- C:\Windows\Tasks\CYXM.job [2009.07.14 07:08:49 | 000,008,190 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: LSASS.EXE > [2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe [2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe [2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe [2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe < MD5 for: SVCHOST.EXE > [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*.exe /s > < %APPDATA%\Adobe\Update\*.* > < %APPDATA%\Update\*.* > < %APPDATA%\Microsoft\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %SYSTEMDRIVE%\*.* > [2011.04.12 08:59:09 | 3220,504,576 | -HS- | M] () -- C:\hiberfil.sys [2011.04.12 08:59:14 | 4294,008,832 | -HS- | M] () -- C:\pagefile.sys [2011.04.11 14:13:45 | 000,061,706 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_11.04.2011_14.13.19_log.txt < %PROGRAMFILES%\*.* > [2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %PROGRAMFILES%\Internet Explorer\*.* > [2009.07.14 03:14:20 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe [2009.07.14 03:15:24 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\hmmapi.dll [2009.06.10 23:17:22 | 000,002,649 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie8props.propdesc [2010.10.19 10:10:26 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iecompat.dll [2010.12.18 07:29:13 | 000,860,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll [2009.07.14 03:14:21 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe [2009.07.14 03:14:21 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe [2010.12.18 07:29:18 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll [2009.07.14 03:15:28 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll [2010.12.18 07:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [2009.07.14 03:15:35 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll [2009.07.14 03:15:35 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll [2009.07.14 03:15:35 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll [2009.07.14 03:15:35 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll [2009.06.10 23:14:14 | 000,265,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll [2009.06.10 23:14:15 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll [2009.07.14 03:16:15 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll < %systemroot%\*. /mp /s > < %systemroot%\*.exe /90 > < %systemroot%\system32\*.dll /lockedfiles > [2011.04.07 14:59:14 | 000,150,016 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\acppage0.dll < %systemroot%\system32\*.dll /90 > [2011.04.07 14:59:14 | 000,150,016 | RHS- | M] () -- C:\Windows\SysWOW64\acppage0.dll [2011.02.19 07:32:35 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll [2011.02.02 22:40:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\deployJava1.dll [2011.02.19 07:32:48 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\drivers\*.sys /90 > < %systemroot%\system32\*.exe /90 > [2011.02.02 22:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\java.exe [2011.02.02 22:40:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\javaw.exe [2011.02.02 22:40:39 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\javaws.exe [2011.03.02 19:56:50 | 037,943,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MRT.exe < %systemroot%\system32\config\*.sav > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > < %systemroot%\Tasks\*.job /lockedfiles > [2011.04.12 08:59:21 | 000,000,314 | -HS- | M] () Unable to obtain MD5 -- C:\Windows\Tasks\CYXM.job < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > und von Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.04.2011 09:44:32 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 440,17 Gb Free Space | 94,53% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 71,67 Mb Free Space | 71,67% Space Free | Partition Type: NTFS
Drive F: | 232,79 Gb Total Space | 148,02 Gb Free Space | 63,59% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{936596DB-39C5-49D7-AD0C-9BB1BE1AF72C}" = TortoiseSVN 1.6.13.20954 (64 bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F8C52F6-FE88-4276-B514-1AA8ABD1CA41}" = UEStudio '10.20
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83E13C2A-65FC-4816-B805-F570D0EE0A85}" = Zend Server
"{A106D3BA-CF1F-4E13-8161-4ACA153E2F96}" = Graphviz
"{A73D4BEE-2BBE-4285-BF6C-4B8C7C002100}" = Zend Studio 8.0.0
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.3.5.1
"InstallShield_{83E13C2A-65FC-4816-B805-F570D0EE0A85}" = Zend Server
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"tksuite_tksuite_client" = AGFEO TK-Suite Client
"Vercue" = Vercue
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.04.2011 08:16:12 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fsbl.exe, Version: 2.2.1092.0, Zeitstempel:
0x48a543e2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000cfc22 ID des fehlerhaften Prozesses:
0xbac Startzeit der fehlerhaften Anwendung: 0x01cbf8423b82c334 Pfad der fehlerhaften
Anwendung: C:\Users\***\Downloads\fsbl.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
7cd33a39-6435-11e0-9038-00252282d84a
Error - 11.04.2011 08:17:44 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fsbl.exe, Version: 2.2.1092.0, Zeitstempel:
0x48a543e2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000cfc22 ID des fehlerhaften Prozesses:
0x518 Startzeit der fehlerhaften Anwendung: 0x01cbf84271fd5af6 Pfad der fehlerhaften
Anwendung: C:\Users\***\Downloads\fsbl.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
b3fbdda5-6435-11e0-9038-00252282d84a
Error - 11.04.2011 08:18:10 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fsbl.exe, Version: 2.2.1092.0, Zeitstempel:
0x48a543e2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000cfc22 ID des fehlerhaften Prozesses:
0xa14 Startzeit der fehlerhaften Anwendung: 0x01cbf8427a7cecc3 Pfad der fehlerhaften
Anwendung: C:\Users\***\Downloads\fsbl.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
c38548a3-6435-11e0-9038-00252282d84a
Error - 11.04.2011 08:21:51 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Temp\formular.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 11.04.2011 08:49:46 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 11.04.2011 08:49:50 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 11.04.2011 08:49:53 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 11.04.2011 09:20:14 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Temp\formular.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 11.04.2011 11:08:48 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Temp\formular.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 12.04.2011 02:59:22 | Computer Name = ***-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 127.0.0.1
for ServerName .
[ System Events ]
Error - 11.04.2011 04:29:28 | Computer Name = ***-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 11.04.2011 04:29:29 | Computer Name = ***-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 11.04.2011 04:29:29 | Computer Name = ***-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 11.04.2011 04:29:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "Sicherheitscenter"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 12.04.2011 02:59:08 | Computer Name = ***-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 12.04.2011 02:59:17 | Computer Name = ***-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 12.04.2011 02:59:17 | Computer Name = ***-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 12.04.2011 02:59:18 | Computer Name = ***-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 12.04.2011 02:59:18 | Computer Name = ***-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 12.04.2011 02:59:22 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "Sicherheitscenter"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
|
|
12.04.2011, 11:59
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Google redirect / Sicherheitscenter nicht aktivierbar Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
12.04.2011, 12:17
| #3 |
| | Google redirect / Sicherheitscenter nicht aktivierbar Ja, aber alle ohne Funde:
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6308
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
08.04.2011 10:30:36
mbam-log-2011-04-08 (10-30-36).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 160839
Laufzeit: 2 Minute(n), 5 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6308
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
08.04.2011 12:01:28
mbam-log-2011-04-08 (12-01-28).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 161011
Laufzeit: 1 Minute(n), 14 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6341
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12.04.2011 13:12:31
mbam-log-2011-04-12 (13-12-31).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 161600
Laufzeit: 1 Minute(n), 30 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
12.04.2011, 12:28
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google redirect / Sicherheitscenter nicht aktivierbarZitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.04.2011, 14:09
| #5 |
| | Google redirect / Sicherheitscenter nicht aktivierbar Hier ist der Vollscan: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6341
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12.04.2011 15:06:45
mbam-log-2011-04-12 (15-06-45).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 308681
Laufzeit: 25 Minute(n), 48 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
12.04.2011, 14:31
| #6 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google redirect / Sicherheitscenter nicht aktivierbarZitat:
Zitat:
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
:Files
C:\Windows\Tasks\*.job
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Google redirect / Sicherheitscenter nicht aktivierbar Geändert von cosinus (12.04.2011 um 14:54 Uhr) |
|
12.04.2011, 14:41
| #7 |
| | Google redirect / Sicherheitscenter nicht aktivierbar Ja, Zend ist gewollt. "Vercue" ist prinzipiell auch gewollt, wird OTL das entfernen? Hier ist das TDSSKiller-Log: Code:
ATTFilter 2011/04/11 14:13:19.0387 4992 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/11 14:13:19.0633 4992 ================================================================================
2011/04/11 14:13:19.0633 4992 SystemInfo:
2011/04/11 14:13:19.0633 4992
2011/04/11 14:13:19.0633 4992 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/11 14:13:19.0633 4992 Product type: Workstation
2011/04/11 14:13:19.0633 4992 ComputerName: ***-PC
2011/04/11 14:13:19.0633 4992 UserName: ***
2011/04/11 14:13:19.0633 4992 Windows directory: C:\Windows
2011/04/11 14:13:19.0633 4992 System windows directory: C:\Windows
2011/04/11 14:13:19.0633 4992 Running under WOW64
2011/04/11 14:13:19.0633 4992 Processor architecture: Intel x64
2011/04/11 14:13:19.0633 4992 Number of processors: 2
2011/04/11 14:13:19.0633 4992 Page size: 0x1000
2011/04/11 14:13:19.0634 4992 Boot type: Normal boot
2011/04/11 14:13:19.0634 4992 ================================================================================
2011/04/11 14:13:25.0565 4992 Initialize success
2011/04/11 14:13:29.0489 0580 ================================================================================
2011/04/11 14:13:29.0490 0580 Scan started
2011/04/11 14:13:29.0490 0580 Mode: Manual;
2011/04/11 14:13:29.0490 0580 ================================================================================
2011/04/11 14:13:30.0514 0580 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/11 14:13:30.0552 0580 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/11 14:13:30.0588 0580 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/11 14:13:30.0623 0580 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/11 14:13:30.0648 0580 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/11 14:13:30.0670 0580 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/11 14:13:30.0718 0580 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/04/11 14:13:30.0749 0580 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/11 14:13:30.0781 0580 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/11 14:13:30.0812 0580 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/11 14:13:30.0837 0580 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/11 14:13:30.0866 0580 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/11 14:13:30.0897 0580 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/11 14:13:30.0930 0580 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/11 14:13:30.0952 0580 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/11 14:13:31.0014 0580 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/04/11 14:13:31.0065 0580 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/11 14:13:31.0097 0580 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/11 14:13:31.0122 0580 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/11 14:13:31.0149 0580 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/11 14:13:31.0298 0580 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/11 14:13:31.0435 0580 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/11 14:13:31.0460 0580 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/11 14:13:31.0503 0580 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/11 14:13:31.0556 0580 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/11 14:13:31.0606 0580 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/11 14:13:31.0667 0580 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/11 14:13:31.0694 0580 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/11 14:13:31.0718 0580 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/11 14:13:31.0735 0580 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/11 14:13:31.0775 0580 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/11 14:13:31.0798 0580 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/11 14:13:31.0814 0580 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/11 14:13:31.0834 0580 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/11 14:13:31.0866 0580 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/11 14:13:31.0903 0580 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/11 14:13:31.0932 0580 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/11 14:13:31.0968 0580 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/11 14:13:32.0008 0580 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/11 14:13:32.0062 0580 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/11 14:13:32.0093 0580 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/11 14:13:32.0121 0580 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/04/11 14:13:32.0146 0580 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/11 14:13:32.0173 0580 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/11 14:13:32.0210 0580 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/11 14:13:32.0248 0580 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/04/11 14:13:32.0308 0580 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/04/11 14:13:32.0336 0580 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/11 14:13:32.0372 0580 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/11 14:13:32.0431 0580 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/11 14:13:32.0483 0580 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/11 14:13:32.0580 0580 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/11 14:13:32.0669 0580 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/11 14:13:32.0700 0580 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/11 14:13:32.0745 0580 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/11 14:13:32.0763 0580 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/11 14:13:32.0791 0580 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/11 14:13:32.0842 0580 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/11 14:13:32.0863 0580 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/11 14:13:32.0886 0580 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/11 14:13:32.0906 0580 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/04/11 14:13:32.0935 0580 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/11 14:13:32.0944 0580 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/11 14:13:32.0977 0580 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/11 14:13:33.0000 0580 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/11 14:13:33.0035 0580 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/11 14:13:33.0078 0580 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/04/11 14:13:33.0100 0580 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/11 14:13:33.0133 0580 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/11 14:13:33.0168 0580 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/11 14:13:33.0259 0580 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/11 14:13:33.0364 0580 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/11 14:13:33.0413 0580 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/11 14:13:33.0452 0580 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/04/11 14:13:33.0486 0580 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/11 14:13:33.0511 0580 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/11 14:13:33.0547 0580 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/11 14:13:33.0583 0580 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/11 14:13:33.0618 0580 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/11 14:13:33.0644 0580 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/11 14:13:33.0682 0580 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/11 14:13:33.0720 0580 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/11 14:13:33.0740 0580 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/11 14:13:33.0792 0580 irda (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
2011/04/11 14:13:33.0822 0580 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/11 14:13:33.0858 0580 irsir (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
2011/04/11 14:13:33.0878 0580 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/11 14:13:33.0911 0580 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/11 14:13:33.0934 0580 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/11 14:13:33.0960 0580 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/11 14:13:33.0999 0580 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/11 14:13:34.0043 0580 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/11 14:13:34.0072 0580 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/11 14:13:34.0252 0580 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
2011/04/11 14:13:34.0292 0580 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
2011/04/11 14:13:34.0330 0580 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/11 14:13:34.0392 0580 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/11 14:13:34.0417 0580 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/11 14:13:34.0445 0580 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/11 14:13:34.0471 0580 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/11 14:13:34.0496 0580 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/11 14:13:34.0530 0580 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/11 14:13:34.0557 0580 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/11 14:13:34.0591 0580 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/11 14:13:34.0627 0580 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/11 14:13:34.0650 0580 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/11 14:13:34.0696 0580 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/11 14:13:34.0718 0580 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/04/11 14:13:34.0740 0580 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/11 14:13:34.0767 0580 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/11 14:13:34.0792 0580 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/11 14:13:34.0838 0580 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/11 14:13:34.0864 0580 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/11 14:13:34.0898 0580 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/11 14:13:34.0921 0580 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/11 14:13:34.0946 0580 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/11 14:13:34.0991 0580 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/11 14:13:35.0007 0580 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/11 14:13:35.0065 0580 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/11 14:13:35.0153 0580 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/11 14:13:35.0170 0580 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/11 14:13:35.0193 0580 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/11 14:13:35.0220 0580 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/04/11 14:13:35.0260 0580 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/11 14:13:35.0278 0580 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/11 14:13:35.0309 0580 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/11 14:13:35.0339 0580 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/11 14:13:35.0380 0580 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/11 14:13:35.0429 0580 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/04/11 14:13:35.0476 0580 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/11 14:13:35.0506 0580 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/11 14:13:35.0524 0580 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/11 14:13:35.0554 0580 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/11 14:13:35.0578 0580 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/04/11 14:13:35.0601 0580 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/11 14:13:35.0626 0580 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/11 14:13:35.0683 0580 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/11 14:13:35.0711 0580 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/11 14:13:35.0753 0580 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/11 14:13:35.0808 0580 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/04/11 14:13:35.0854 0580 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/11 14:13:35.0882 0580 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/11 14:13:35.0912 0580 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/11 14:13:35.0957 0580 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/11 14:13:35.0978 0580 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/11 14:13:36.0040 0580 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/11 14:13:36.0064 0580 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/04/11 14:13:36.0096 0580 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/04/11 14:13:36.0125 0580 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/11 14:13:36.0153 0580 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/11 14:13:36.0174 0580 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/11 14:13:36.0212 0580 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/11 14:13:36.0361 0580 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/11 14:13:36.0408 0580 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/11 14:13:36.0475 0580 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/11 14:13:36.0541 0580 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/11 14:13:36.0591 0580 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/11 14:13:36.0642 0580 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/11 14:13:36.0678 0580 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/11 14:13:36.0720 0580 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/11 14:13:36.0752 0580 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/11 14:13:36.0802 0580 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/11 14:13:36.0830 0580 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/11 14:13:36.0850 0580 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/11 14:13:36.0877 0580 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/11 14:13:36.0904 0580 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/11 14:13:36.0939 0580 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/04/11 14:13:36.0959 0580 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/11 14:13:37.0004 0580 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/11 14:13:37.0024 0580 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/04/11 14:13:37.0049 0580 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/04/11 14:13:37.0107 0580 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/11 14:13:37.0149 0580 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/04/11 14:13:37.0175 0580 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/11 14:13:37.0218 0580 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/11 14:13:37.0266 0580 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/11 14:13:37.0310 0580 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/11 14:13:37.0360 0580 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/11 14:13:37.0382 0580 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/11 14:13:37.0401 0580 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/11 14:13:37.0453 0580 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/11 14:13:37.0475 0580 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/11 14:13:37.0499 0580 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/11 14:13:37.0533 0580 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/11 14:13:37.0563 0580 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/11 14:13:37.0595 0580 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/11 14:13:37.0623 0580 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/11 14:13:37.0673 0580 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/11 14:13:37.0743 0580 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/11 14:13:37.0774 0580 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/11 14:13:37.0802 0580 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/11 14:13:37.0842 0580 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/11 14:13:37.0875 0580 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/11 14:13:37.0899 0580 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/11 14:13:37.0924 0580 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/11 14:13:38.0023 0580 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/04/11 14:13:38.0109 0580 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/11 14:13:38.0149 0580 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/11 14:13:38.0174 0580 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/11 14:13:38.0196 0580 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/11 14:13:38.0221 0580 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/11 14:13:38.0245 0580 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/11 14:13:38.0308 0580 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/11 14:13:38.0335 0580 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/11 14:13:38.0414 0580 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/11 14:13:38.0479 0580 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/11 14:13:38.0539 0580 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/11 14:13:38.0571 0580 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/11 14:13:38.0598 0580 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/11 14:13:38.0638 0580 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/11 14:13:38.0664 0580 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/11 14:13:38.0687 0580 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/11 14:13:38.0709 0580 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/11 14:13:38.0740 0580 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/11 14:13:38.0767 0580 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/11 14:13:38.0792 0580 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/11 14:13:38.0819 0580 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/11 14:13:38.0861 0580 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/11 14:13:38.0894 0580 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/11 14:13:38.0915 0580 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/11 14:13:38.0945 0580 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/11 14:13:38.0971 0580 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/11 14:13:39.0005 0580 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/11 14:13:39.0034 0580 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/11 14:13:39.0058 0580 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/11 14:13:39.0090 0580 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/04/11 14:13:39.0120 0580 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/11 14:13:39.0151 0580 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/11 14:13:39.0183 0580 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/04/11 14:13:39.0226 0580 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/11 14:13:39.0259 0580 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/11 14:13:39.0276 0580 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/11 14:13:39.0328 0580 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/11 14:13:39.0363 0580 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/11 14:13:39.0444 0580 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/11 14:13:39.0460 0580 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/11 14:13:39.0539 0580 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/11 14:13:39.0597 0580 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/11 14:13:39.0656 0580 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/04/11 14:13:39.0682 0580 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/11 14:13:39.0787 0580 ================================================================================
2011/04/11 14:13:39.0787 0580 Scan finished
2011/04/11 14:13:39.0787 0580 ================================================================================
2011/04/11 14:13:45.0620 5016 Deinitialize success
|
|
12.04.2011, 14:54
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google redirect / Sicherheitscenter nicht aktivierbar Ne, nimm dann die Zeile mit Vercue raus. Habs schon passend editiert 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.04.2011, 15:04
| #9 |
| | Google redirect / Sicherheitscenter nicht aktivierbar So...nach dem Neustart kam dann diese Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
========== FILES ==========
C:\Windows\Tasks\CYXM.job moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 151817822 bytes
->Temporary Internet Files folder emptied: 39342667 bytes
->Java cache emptied: 2813792 bytes
->FireFox cache emptied: 244434187 bytes
->Flash cache emptied: 16221 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27835428 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 445,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04122011_155723
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\php_fcgi_err.log scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
12.04.2011, 17:10
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google redirect / Sicherheitscenter nicht aktivierbar Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2011, 08:40
| #11 |
| | Google redirect / Sicherheitscenter nicht aktivierbar Guten Morgen Arne, ich habe jetzt den CCleaner durchlaufen lassen und er hat so Sachen wie den Adobe Reader und den Flash Player löschen wollen (ich hab gesagt er darf - hat er aber dann doch nicht gemacht )Als ich ComboFix gestartet habe sagte er, dass "AntiVir Desktop" und "AdAware" noch aktiv sind, ich habe die beiden dann deinstalliert, bekomme aber immernoch die Warnung, dass AntiVir aktiv ist. (Neustart habe ich natürlich gemacht) |
|
13.04.2011, 10:06
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google redirect / Sicherheitscenter nicht aktivierbar Diese Warnung kannst du ignorieren. Kommt bei AntiVir häufiger vor, ist ein Bug.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2011, 10:30
| #13 |
| | Google redirect / Sicherheitscenter nicht aktivierbar Ok, ich hab ihn dann mal laufen lassen und das kam dabei raus: Code:
ATTFilter ComboFix 11-04-12.02 - phorn 13.04.2011 11:09:40.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.4095.2922 [GMT 2:00]
ausgeführt von:: c:\users\phorn\Desktop\cofi.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
F:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-13 bis 2011-04-13 ))))))))))))))))))))))))))))))
.
.
2011-04-13 09:14 . 2011-04-13 09:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-13 07:10 . 2011-04-13 07:10 -------- d-----w- c:\program files\CCleaner
2011-04-12 13:57 . 2011-04-12 13:57 -------- d-----w- C:\_OTL
2011-04-12 13:31 . 2011-04-12 13:31 -------- d-----w- c:\program files (x86)\TeamViewer
2011-04-11 12:49 . 2011-04-11 12:49 -------- d-----w- c:\program files (x86)\ESET
2011-04-11 07:36 . 2011-04-13 07:28 -------- dc----w- c:\windows\system32\DRVSTORE
2011-04-11 07:36 . 2011-04-11 07:35 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-11 07:28 . 2011-04-13 07:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-11 07:28 . 2011-04-11 07:28 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-04-11 07:27 . 2011-04-13 07:28 -------- d-----w- c:\programdata\Lavasoft
2011-04-11 07:27 . 2011-04-11 07:27 -------- d-----w- c:\program files (x86)\Lavasoft
2011-04-11 07:14 . 2011-04-11 07:14 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-11 07:14 . 2011-04-11 07:14 -------- d-----w- c:\programdata\Hitman Pro
2011-04-08 14:24 . 2011-02-22 20:36 258048 ----a-w- c:\temp\Minecraft\INVedit\INVedit.exe
2011-04-08 14:24 . 2011-01-07 18:25 24576 ----a-w- c:\temp\Minecraft\INVedit\NBT.dll
2011-04-08 10:37 . 2011-04-08 10:37 270142 ----a-w- c:\temp\Minecraft\Minecraft.exe
2011-04-08 10:33 . 2011-04-08 10:33 627641 ----a-w- c:\temp\Minecraft\Minecraft_Server.exe
2011-04-08 10:30 . 2011-02-07 14:15 27136 ----a-w- c:\temp\Minecraft\Bin\MSC.exe
2011-04-08 10:30 . 2011-02-07 13:48 10240 ----a-w- c:\temp\Minecraft\Bin\msclib.dll
2011-04-08 08:06 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-08 08:06 . 2011-04-08 08:06 -------- d-----w- c:\programdata\Malwarebytes
2011-04-08 08:06 . 2011-04-08 08:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-08 08:06 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-07 12:59 . 2011-04-07 12:59 150016 --sha-r- c:\windows\SysWow64\acppage0.dll
2011-04-06 08:27 . 2011-04-06 08:27 -------- d-----w- c:\program files (x86)\AGFEO
2011-04-05 07:01 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC08127D-E135-4434-8FFD-9DD97BE2BD44}\mpengine.dll
2011-04-04 15:28 . 2011-04-04 15:28 5875200 ----a-w- c:\temp\formular.exe
2011-04-01 12:35 . 2011-04-01 12:35 -------- d-----w- C:\opt
2011-04-01 11:27 . 2011-04-01 12:41 -------- d-----w- c:\program files (x86)\eclipse
2011-03-31 07:02 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-03-31 07:02 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-03-31 07:02 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-03-31 07:02 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-03-31 07:02 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-03-28 14:19 . 2011-03-28 14:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-03-28 14:19 . 2011-03-28 14:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-03-28 14:19 . 2011-03-28 14:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-28 14:19 . 2011-03-28 14:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-28 14:19 . 2011-03-28 14:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-28 14:19 . 2011-03-28 14:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-28 14:19 . 2011-03-28 14:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-03-28 14:19 . 2011-03-28 14:19 -------- d-----w- c:\program files (x86)\QuickTime
2011-03-28 14:19 . 2011-03-28 14:19 -------- d-----w- c:\programdata\Apple Computer
2011-03-28 14:18 . 2011-03-28 14:18 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-03-28 14:18 . 2011-03-28 14:18 -------- d-----w- c:\programdata\Apple
2011-03-28 14:18 . 2011-03-28 14:18 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-03-25 08:09 . 2011-03-25 08:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-23 13:58 . 2011-03-23 13:58 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-03-23 13:57 . 2011-02-02 20:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-03-23 13:57 . 2011-03-25 08:08 -------- d-----w- c:\program files (x86)\Java
2011-03-17 12:27 . 2011-03-17 12:33 -------- d-----w- c:\program files (x86)\KDE
2011-03-17 12:12 . 2011-03-17 12:12 -------- d-----w- c:\program files (x86)\Graphviz2.26.3
2011-03-17 09:37 . 2011-03-17 10:05 -------- d-----w- C:\cygwin
2011-03-16 15:44 . 2011-03-16 15:44 -------- d-----w- c:\program files (x86)\InstallShield Installation Information
2011-03-16 15:43 . 2011-03-16 15:58 -------- d-----w- c:\program files (x86)\Zend
2011-03-16 15:42 . 2011-03-16 15:42 -------- d-----w- c:\programdata\Zend
2011-03-16 08:04 . 2011-03-16 08:04 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-03-15 16:55 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-15 16:55 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-03-15 16:47 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-03-15 16:47 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-03-15 16:40 . 2009-11-25 11:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-03-15 16:40 . 2009-11-25 11:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-03-15 16:40 . 2009-11-25 11:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-15 16:40 . 2009-11-25 11:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-03-15 16:40 . 2009-11-25 11:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-03-15 16:40 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-03-15 16:40 . 2009-11-25 11:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-15 16:40 . 2009-11-25 11:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-03-15 16:40 . 2009-11-25 11:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-15 16:40 . 2009-11-25 11:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-03-15 16:40 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-03-15 16:34 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-03-15 08:14 . 2010-09-01 05:14 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-03-15 08:14 . 2010-09-01 04:26 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2011-03-15 08:14 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2011-03-15 08:14 . 2010-09-01 05:12 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2011-03-15 08:12 . 2011-01-05 04:00 3127808 ----a-w- c:\windows\system32\win32k.sys
2011-03-15 08:11 . 2010-12-21 06:16 97280 ----a-w- c:\windows\system32\wscsvc.dll
2011-03-15 08:10 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-03-15 08:04 . 2011-03-15 08:04 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-03-14 14:12 . 2011-04-06 07:01 -------- d-----w- c:\program files (x86)\Vercue
2011-03-14 14:03 . 2011-03-14 14:03 -------- d-----w- c:\program files\TortoiseSVN
2011-03-14 14:03 . 2011-03-14 14:03 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2011-03-14 13:55 . 2011-03-14 13:55 -------- d-----w- c:\windows\SysWow64\Macromed
2011-03-14 13:49 . 2011-03-14 13:49 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2011-03-14 12:47 . 2011-03-14 12:47 -------- d-----w- c:\program files (x86)\IDM Computer Solutions
2011-03-14 12:46 . 2011-04-13 07:28 -------- d-sh--w- c:\windows\Installer
2011-03-14 12:42 . 2011-04-12 12:51 -------- d-----w- C:\Temp
2011-03-14 12:36 . 2011-03-14 12:36 -------- d-----w- c:\program files (x86)\putty
2011-03-14 12:21 . 2011-02-02 17:11 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-03-14 12:11 . 2011-03-14 12:11 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2011-03-14 11:57 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-03-14 11:57 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-03-14 11:57 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-03-14 11:57 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-03-14 11:52 . 2011-04-01 11:55 -------- d-----w- c:\users\phorn
2011-03-14 11:47 . 2011-03-14 11:47 0 ----a-w- c:\windows\ativpsrm.bin
2011-03-14 11:45 . 2011-03-14 11:52 -------- d-----w- c:\windows\Panther
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Vercue"="c:\program files (x86)\Vercue\Vercue.exe" [2011-04-06 446976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
c:\users\phorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Apache Web Server Monitor.lnk - c:\program files (x86)\Zend\Apache2\bin\ApacheMonitor.exe [2010-11-30 43648]
TK-Suite Client.lnk - c:\program files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe [2010-9-15 7130112]
Zend Controller.lnk - c:\program files (x86)\Zend\ZendServer\bin\zendcontroller.exe [2010-11-30 260600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Apache2.2-Zend;Apache2.2-Zend;c:\program files (x86)\Zend\Apache2\bin\httpd.exe [2010-11-30 27240]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
S2 ZendJobQueue;Zend Job Queue ;c:\program files (x86)\Zend\ZendServer\bin\jqd.exe [2010-11-30 539128]
S2 ZendMonitor;Zend Monitor;c:\program files (x86)\Zend\ZendServer\bin\MonitorNode.exe [2010-11-30 342520]
S2 ZendSessionClustering;Zend Session Clustering;c:\program files (x86)\Zend\ZendServer\bin\ZendSessionManager.exe [2010-11-30 588280]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\phorn\AppData\Roaming\Mozilla\Firefox\Profiles\kpw85brv.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-MinecraftCrack1.0 - c:\minecraftcrack\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-13 11:16:15
ComboFix-quarantined-files.txt 2011-04-13 09:16
.
Vor Suchlauf: 10 Verzeichnis(se), 473.651.462.144 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 473.534.521.344 Bytes frei
.
- - End Of File - - F434567BF9854196532561682D3E9BD2
|
|
13.04.2011, 11:11
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google redirect / Sicherheitscenter nicht aktivierbar Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2011, 13:53
| #15 |
| | Google redirect / Sicherheitscenter nicht aktivierbar GMER hat nichts gefunden und hier ist die Ausgabe von MBRCheck: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASRock
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: To Be Filled By O.E.M.
System Product Name: To Be Filled By O.E.M.
Logical Drives Mask: 0x000003fc
Kernel Drivers (total 182):
0x02A05000 \SystemRoot\system32\ntoskrnl.exe
0x02FE2000 \SystemRoot\system32\hal.dll
0x00BC0000 \SystemRoot\system32\kdcom.dll
0x00CE0000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D24000 \SystemRoot\system32\PSHED.dll
0x00D38000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E54000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EF8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F07000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F5E000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F67000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F71000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FA4000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FB1000 \SystemRoot\System32\drivers\partmgr.sys
0x00FC6000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D96000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FDB000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00FE3000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E1A000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E23000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00FF3000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010D8000 \SystemRoot\system32\drivers\fltmgr.sys
0x01124000 \SystemRoot\system32\drivers\fileinfo.sys
0x01209000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01138000 \SystemRoot\System32\Drivers\msrpc.sys
0x013AC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x013C6000 \SystemRoot\System32\drivers\pcw.sys
0x013D7000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01418000 \SystemRoot\system32\drivers\ndis.sys
0x0150A000 \SystemRoot\system32\drivers\NETIO.SYS
0x0156A000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x01595000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x015DF000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x015EF000 \SystemRoot\System32\Drivers\spldr.sys
0x01196000 \SystemRoot\System32\drivers\rdyboost.sys
0x01400000 \SystemRoot\System32\Drivers\mup.sys
0x015F7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01802000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0183C000 \SystemRoot\system32\DRIVERS\disk.sys
0x01852000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x018B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x018E2000 \SystemRoot\System32\Drivers\Null.SYS
0x018EB000 \SystemRoot\System32\Drivers\Beep.SYS
0x018F2000 \SystemRoot\System32\drivers\vga.sys
0x01900000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01925000 \SystemRoot\System32\drivers\watchdog.sys
0x01935000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0193E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01947000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01950000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0195B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0196C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0198A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CE4000 \SystemRoot\system32\drivers\afd.sys
0x02D6E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02DB3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02DBC000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DE2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C00000 \SystemRoot\system32\DRIVERS\serial.sys
0x02C1D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02C38000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C4C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02C9D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02CA9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02CB4000 \SystemRoot\System32\drivers\discache.sys
0x03A34000 \SystemRoot\system32\drivers\csc.sys
0x03AB7000 \SystemRoot\System32\Drivers\dfsc.sys
0x03AD5000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03AE6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03B0C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03C36000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0424D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04341000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04387000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x043AB000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x043DD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03B22000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x043EA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03C00000 \SystemRoot\system32\DRIVERS\irsir.sys
0x03C0C000 \SystemRoot\system32\drivers\irenum.sys
0x03C15000 \SystemRoot\system32\DRIVERS\parport.sys
0x03B78000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03B96000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03BA5000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03BB1000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03BC1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03BD7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03A00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x01997000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03A0C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02CC3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x019C6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03A27000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x02DF1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03C32000 \SystemRoot\system32\DRIVERS\swenum.sys
0x044F4000 \SystemRoot\system32\DRIVERS\ks.sys
0x04537000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04549000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x045A3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04400000 \SystemRoot\system32\drivers\HdAudio.sys
0x0445C000 \SystemRoot\system32\drivers\portcls.sys
0x04499000 \SystemRoot\system32\drivers\drmk.sys
0x044BB000 \SystemRoot\system32\drivers\ksthunk.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x044C1000 \SystemRoot\System32\drivers\Dxapi.sys
0x044CD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x044DB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x044E7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x045B8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x045CB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x045D9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x045F2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x045FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x019E0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x01882000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0189D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00510000 \SystemRoot\System32\TSDDD.dll
0x00650000 \SystemRoot\System32\cdd.dll
0x011D0000 \SystemRoot\system32\drivers\luafv.sys
0x02692000 \SystemRoot\system32\drivers\WudfPf.sys
0x026B3000 \SystemRoot\system32\DRIVERS\irda.sys
0x026D6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x026EB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02703000 \SystemRoot\system32\drivers\HTTP.sys
0x027CB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02600000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02618000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x046A9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x046F7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0471A000 \SystemRoot\system32\drivers\peauth.sys
0x047C0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x047CB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x04600000 \SystemRoot\System32\drivers\tcpipreg.sys
0x04612000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06C24000 \SystemRoot\System32\DRIVERS\srv.sys
0x06CBA000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06CEB000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77100000 \Windows\System32\ntdll.dll
0x477F0000 \Windows\System32\smss.exe
0xFF420000 \Windows\System32\apisetschema.dll
0xFF6F0000 \Windows\System32\autochk.exe
0xFF2E0000 \Windows\System32\wininet.dll
0xFF2C0000 \Windows\System32\imagehlp.dll
0x772D0000 \Windows\System32\psapi.dll
0xFF2A0000 \Windows\System32\sechost.dll
0xFF290000 \Windows\System32\nsi.dll
0xFF240000 \Windows\System32\Wldap32.dll
0xFF1D0000 \Windows\System32\gdi32.dll
0x76FE0000 \Windows\System32\kernel32.dll
0xFEF70000 \Windows\System32\iertutil.dll
0xFEF60000 \Windows\System32\lpk.dll
0xFEE80000 \Windows\System32\oleaut32.dll
0xFED70000 \Windows\System32\msctf.dll
0xFECD0000 \Windows\System32\clbcatq.dll
0xFEC50000 \Windows\System32\shlwapi.dll
0xFEBB0000 \Windows\System32\msvcrt.dll
0x76EE0000 \Windows\System32\user32.dll
0xFEAD0000 \Windows\System32\advapi32.dll
0xFEA50000 \Windows\System32\difxapi.dll
0xFE920000 \Windows\System32\rpcrt4.dll
0x772C0000 \Windows\System32\normaliz.dll
0xFE8D0000 \Windows\System32\ws2_32.dll
0xFE750000 \Windows\System32\urlmon.dll
0xFE540000 \Windows\System32\ole32.dll
0xFE360000 \Windows\System32\setupapi.dll
0xFE290000 \Windows\System32\usp10.dll
0xFE260000 \Windows\System32\imm32.dll
0xFE1C0000 \Windows\System32\comdlg32.dll
0xFD430000 \Windows\System32\shell32.dll
0xFD390000 \Windows\System32\comctl32.dll
0xFD320000 \Windows\System32\KernelBase.dll
0xFD2E0000 \Windows\System32\wintrust.dll
0xFD170000 \Windows\System32\crypt32.dll
0xFD150000 \Windows\System32\devobj.dll
0xFD110000 \Windows\System32\cfgmgr32.dll
0xFD100000 \Windows\System32\msasn1.dll
0x74EB0000 \Windows\SysWOW64\normaliz.dll
Processes (total 60):
0 System Idle Process
4 System
260 C:\Windows\System32\smss.exe
364 csrss.exe
436 C:\Windows\System32\wininit.exe
460 csrss.exe
484 C:\Windows\System32\services.exe
500 C:\Windows\System32\lsass.exe
508 C:\Windows\System32\lsm.exe
616 C:\Windows\System32\winlogon.exe
676 C:\Windows\System32\svchost.exe
756 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\atiesrxx.exe
888 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
564 C:\Windows\System32\svchost.exe
772 C:\Windows\System32\atieclxx.exe
1216 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\spoolsv.exe
1360 C:\Windows\System32\svchost.exe
1464 C:\Program Files (x86)\Zend\Apache2\bin\httpd.exe
1676 C:\Windows\System32\taskhost.exe
1764 C:\Windows\System32\dwm.exe
1776 C:\Windows\explorer.exe
1908 C:\Program Files\Windows Sidebar\sidebar.exe
1980 C:\Program Files (x86)\Zend\Apache2\bin\httpd.exe
2036 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
1080 C:\Program Files (x86)\Zend\ZendServer\bin\jqd.exe
956 C:\Program Files (x86)\Zend\Apache2\bin\ApacheMonitor.exe
1528 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
960 C:\Program Files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe
1792 C:\Program Files (x86)\Zend\ZendServer\bin\MonitorNode.exe
1868 C:\Program Files (x86)\Zend\ZendServer\bin\zendcontroller.exe
928 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
2052 C:\Program Files (x86)\Zend\ZendServer\bin\ZendSessionManager.exe
2068 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
2152 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2524 C:\Program Files (x86)\Zend\ZendServer\bin\php-cgi.exe
2600 C:\Windows\System32\conhost.exe
3016 C:\Program Files (x86)\Zend\ZendServer\bin\php-cgi.exe
3024 C:\Windows\System32\conhost.exe
3048 C:\Windows\System32\SearchIndexer.exe
2168 WUDFHost.exe
1112 C:\Windows\System32\svchost.exe
2800 C:\Program Files (x86)\Zend\ZendServer\bin\php-cgi.exe
2176 C:\Windows\System32\conhost.exe
3112 C:\Program Files\Windows Media Player\wmpnetwk.exe
3208 C:\Windows\System32\svchost.exe
2660 C:\Program Files (x86)\Internet Explorer\ielowutil.exe
3528 C:\Windows\explorer.exe
2768 C:\Windows\System32\audiodg.exe
4048 C:\Windows\splwow64.exe
3180 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2668 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3952 C:\Windows\System32\SearchProtocolHost.exe
1044 C:\Windows\System32\SearchFilterHost.exe
3064 C:\Users\***\Desktop\MBRCheck.exe
3808 C:\Windows\System32\conhost.exe
1128 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`06500000 (NTFS)
PhysicalDrive0 Model Number: WDCWD5000AAKS-00E4A0, Rev: 05.01D05
PhysicalDrive1 Model Number: SAMSUNGSP2504C, Rev: VT100-50
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
232 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
|
|
| Themen zu Google redirect / Sicherheitscenter nicht aktivierbar |
| 64-bit, ad-aware, antivir, autorun, avgntflt.sys, avira, c:\windows\system32\rundll32.exe, desktop, error, extras.txt, failed, firefox, flash player, format, ftp, google, google-redirect, hijack.zones, install.exe, installation, langs, location, logfile, media center, mozilla, mozilla thunderbird, oldtimer, otl.exe, otl.txt, plug-in, problem, prozess, prozessor, realtek, registry, richtlinie, rundll, safer networking, saver, scan, sched.exe, searchplugins, shell32.dll, shortcut, software, start menu, starten, svchost.exe, syswow64, trojan.fakealert.sa, webcheck, windows-sicherheitscenterdienst, windows-sicrheitscenter |
Hybrid-Darstellung
