| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: [Schadprogramm] Windows Restore beseitigt und t.w. noch ProblemeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.04.2011, 18:32
| #1 |
 | ![[Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme - Standard](images/icons/icon1.gif){kind=icon} [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme Vor 2-3 Wochen hatte ich mir das Schadprogramm Windows Restore eingefangen und die Hilfestellungen hier im Forum angewand. Soweit funktionierte der Rechner dann auch wieder relativ normal. 2 Dinge blieben jedoch: 1. Wurden Links über die google-Suche zum Teil weitergeleitet und auf zweifelhafte Seite verlinkt wo man als nächstes irgendwelche Programme installieren sollte. Ausserdem ist verlangsamt sich die Zugriffszeit auf Seiten nach einigen Stunden stark. 2. Es taucht während der Nutzung des Rechners auch immer wieder ein Scriptfehler auf, der auf eine Internetadresse (www2a.glam.com/mobile/detect.act?affiliateId=38198522) zurückzuführen ist. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6336
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
11.04.2011 22:56:21
mbam-log-2011-04-11 (22-56-21).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|N:\|)
Durchsuchte Objekte: 467047
Laufzeit: 1 Stunde(n), 23 Minute(n), 12 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oMaNKFWcCnXLENt (Trojan.FakeAlert) -> Value: oMaNKFWcCnXLENt -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
c:\Users\Melms\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\programdata\omankfwccnxlent.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Melms\AppData\LocalLow\Sun\Java\deployment\cache\6.0\19\6a44c13-186c571b (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\34791176.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Melms\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\uninstall windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Melms\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6336
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
14.04.2011 21:49:38
mbam-log-2011-04-14 (21-49-38).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 159030
Laufzeit: 5 Minute(n), 52 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6459
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
27.04.2011 23:31:49
mbam-log-2011-04-27 (23-31-49).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 154773
Laufzeit: 4 Minute(n), 17 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Windows\System32\spool\prtprocs\w32x86\7352869.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6459
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
28.04.2011 08:29:08
mbam-log-2011-04-28 (08-29-08).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 154831
Laufzeit: 5 Minute(n), 4 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6459
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
28.04.2011 19:50:11
mbam-log-2011-04-28 (19-50-11).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 155344
Laufzeit: 5 Minute(n), 18 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter OTL logfile created on: 28.04.2011 08:17:53 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Melms\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 60,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 443,13 Gb Total Space | 313,72 Gb Free Space | 70,80% Space Free | Partition Type: NTFS Unable to calculate disk information. Unable to calculate disk information. Drive N: | 232,83 Gb Total Space | 108,88 Gb Free Space | 46,77% Space Free | Partition Type: FAT32 Computer Name: MELMS-PC | User Name: Melms | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.20 23:43:35 | 013,007,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\windows-kb890830-v3.18.exe PRC - [2011.04.18 15:46:44 | 000,079,304 | ---- | M] (Microsoft Corporation) -- c:\ecebd7d2dd50074cfa1593d09b\mrtstub.exe PRC - [2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe PRC - [2011.03.28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2011.03.21 07:49:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.03.20 11:42:20 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.02.15 03:32:52 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.12.09 12:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2010.11.12 19:53:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\java.exe PRC - [2010.11.03 09:32:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.03 09:32:50 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.06.18 19:38:22 | 000,619,800 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe PRC - [2010.06.13 13:54:52 | 004,574,208 | ---- | M] (Shareaza Development Team) -- C:\Programme\Shareaza\Shareaza.exe PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2010.03.22 12:50:18 | 000,219,976 | ---- | M] () -- C:\Programme\BumpTop\TexHelper.exe PRC - [2010.03.22 12:49:58 | 007,162,184 | ---- | M] () -- C:\Programme\BumpTop\BumpTop.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Programme\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2008.11.04 11:06:36 | 001,105,920 | ---- | M] (TerraTec Electronic GmbH) -- C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe PRC - [2007.09.11 00:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe PRC - [2007.07.11 18:18:54 | 000,237,568 | ---- | M] () -- C:\Windows\tsnp2uvc.exe PRC - [2007.03.22 11:09:18 | 000,132,704 | ---- | M] (ashampoo Technology GmbH & Co. KG) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\defragMonitorService.exe PRC - [2007.03.22 11:09:16 | 004,540,120 | ---- | M] ( ) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe PRC - [2007.03.22 11:09:16 | 001,689,304 | ---- | M] ( ) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe PRC - [2007.03.22 11:09:16 | 000,079,456 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\defragActivityMonitor.exe PRC - [2006.07.09 21:58:00 | 001,777,664 | ---- | M] (Idea2) -- C:\Programme\Desktop Sidebar\dsidebar.exe PRC - [2005.03.08 12:46:00 | 000,651,264 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe PRC - [2005.03.04 11:50:00 | 000,118,784 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE PRC - [2004.12.09 13:14:34 | 001,068,032 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe PRC - [2004.12.01 14:20:28 | 000,456,192 | ---- | M] (Nokia Corporation) -- C:\Programme\Common Files\Nokia\MPAPI\MPAPI3s.exe PRC - [2004.11.25 13:59:06 | 000,143,360 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 6\Launch Application 2.exe PRC - [2004.11.24 13:29:38 | 000,880,640 | ---- | M] (Time Information Services Ltd.) -- C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe PRC - [2004.11.16 12:55:16 | 000,089,088 | ---- | M] (Nokia.) -- C:\Programme\Common Files\PCSuite\Services\ServiceLayer.exe ========== Modules (SafeList) ========== MOD - [2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.03.20 11:42:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.12.21 07:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.11.03 09:32:50 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.07.04 11:44:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2007.03.22 11:09:16 | 001,689,304 | ---- | M] ( ) [Auto | Running] -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe -- (AshampooDefragService) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.03.04 12:42:08 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv) SRV - [2005.03.04 11:50:00 | 000,118,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service) ========== Driver Services (SafeList) ========== DRV - [2011.03.20 11:42:20 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.22 23:55:16 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.13 22:49:42 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbsermpt.sys -- (usbsermpt) DRV - [2010.08.14 17:59:32 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.08.14 17:59:32 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.07.10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.11.20 13:15:18 | 000,137,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2009.11.20 13:15:16 | 000,058,880 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.05 03:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2009.04.29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86) DRV - [2009.03.18 17:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.05.02 11:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008.05.02 11:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.05.02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2007.05.11 16:17:25 | 000,221,184 | ---- | M] (TerraTec Electronic GmbH.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Cinergy_HT_PCI_MKII.sys -- (Cinergy_HT_PCI_MKII) Cinergy HT PCI (MKII) DRV - [2004.07.14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 13 EE 64 48 11 CB 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/" FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..extensions.enabledItems: longurlplease@darragh.curran:0.4.3 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: FirefoxAddon@similarWeb.com:1.2.06 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.18 21:07:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.18 21:07:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.21 07:49:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.19 11:55:34 | 000,000,000 | ---D | M] [2010.06.26 15:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melms\AppData\Roaming\mozilla\Extensions [2011.04.15 23:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions [2011.02.04 09:34:03 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2011.01.14 09:29:30 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [2011.03.12 09:14:20 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011.02.19 16:23:41 | 000,000,000 | ---D | M] (SimilarWeb) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\FirefoxAddon@similarWeb.com [2011.03.27 11:05:20 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\toolbar@ask.com [2011.04.25 23:21:55 | 000,001,056 | ---- | M] () -- C:\Users\Melms\AppData\Roaming\Mozilla\Firefox\Profiles\xsdvpeay.default\searchplugins\icqplugin.xml [2011.03.19 11:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.07.17 09:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.01.12 09:21:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- [2010.07.17 09:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.01.12 09:21:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} () (No name found) -- C:\USERS\MELMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XSDVPEAY.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI () (No name found) -- C:\USERS\MELMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XSDVPEAY.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI [2011.03.21 07:49:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.06.21 17:10:13 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Programme\Shareaza\RazaWebHook32.dll (Shareaza Development Team) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DataLayer] C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe (Nokia) O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH) O4 - HKCU..\Run: [Shareaza] C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) O4 - HKCU..\Run: [SIDEBAR] C:\Program Files\Desktop Sidebar\dsidebar.exe (Idea2) O4 - Startup: C:\Users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TV-Browser.url () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team) O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2) O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\Shell - "" = AutoRun O33 - MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\Shell\AutoRun\command - "" = F:\EasySuite.exe O33 - MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\Shell - "" = AutoRun O33 - MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\Shell\AutoRun\command - "" = K:\autorun.exe de O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.28 08:17:32 | 000,000,000 | ---D | C] -- C:\ecebd7d2dd50074cfa1593d09b [2011.04.22 17:45:07 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\Need for Speed World [2011.04.22 17:16:59 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Local\Electronic_Arts_Inc [2011.04.18 19:48:41 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\TV-Browser [2011.04.11 21:18:53 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\Malwarebytes [2011.04.11 21:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.11 21:18:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.11 21:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.11 21:18:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.11 21:17:26 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Melms\Desktop\herbert.exe [2011.04.11 20:21:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe [2011.04.10 15:32:20 | 000,000,000 | ---D | C] -- C:\Programme\Yuna Software [2011.04.01 15:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4 [2011.04.01 15:03:56 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.4 [2011.04.01 13:20:30 | 000,026,176 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys [2011.04.01 13:20:28 | 000,000,000 | ---D | C] -- C:\Programme\LogMeIn Hamachi [2011.04.01 13:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011.03.29 09:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box [2011.03.29 09:55:12 | 000,053,760 | R--- | C] (AVM GmbH) -- C:\Windows\System32\avmadd32.dll [2010.10.11 21:12:07 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.28 08:20:48 | 000,014,624 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 08:20:48 | 000,014,624 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 08:19:41 | 000,668,302 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.28 08:19:41 | 000,619,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.28 08:19:41 | 000,134,150 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.28 08:19:41 | 000,110,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.28 08:19:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.28 08:13:34 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.28 08:13:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.28 08:13:19 | 1610,309,632 | -HS- | M] () -- C:\hiberfil.sys [2011.04.27 21:58:56 | 000,010,610 | ---- | M] () -- C:\Users\Melms\Desktop\schafe.png [2011.04.27 21:34:00 | 000,014,591 | ---- | M] () -- C:\Users\Melms\Desktop\7lx41k8ykeq.png [2011.04.25 20:56:50 | 005,722,575 | ---- | M] () -- C:\Users\Melms\Desktop\newstime_ausgabe43.pdf [2011.04.22 17:16:39 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [2011.04.21 18:58:11 | 000,293,488 | ---- | M] () -- C:\Users\Melms\Desktop\driving-at-night-1280x960.jpg [2011.04.16 22:50:30 | 000,000,381 | ---- | M] () -- C:\Windows\BeatBox.INI [2011.04.16 22:50:30 | 000,000,028 | ---- | M] () -- C:\Windows\Robota.INI [2011.04.15 20:14:58 | 000,334,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.12 18:00:16 | 000,025,336 | ---- | M] () -- C:\Users\Melms\Desktop\Checkliste Unterlagen ESt.pdf [2011.04.11 22:59:52 | 000,504,657 | ---- | M] () -- C:\Users\Melms\Desktop\unhide.exe [2011.04.11 21:18:49 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.11 21:17:42 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Melms\Desktop\herbert.exe [2011.04.11 21:10:03 | 320,021,172 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.11 21:07:59 | 001,006,778 | ---- | M] () -- C:\Users\Melms\Desktop\iExplorer.exe.com [2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe [2011.04.11 20:08:44 | 000,000,392 | ---- | M] () -- C:\ProgramData\34791176 [2011.04.11 20:06:52 | 000,000,136 | ---- | M] () -- C:\ProgramData\~34791176r [2011.04.11 20:06:52 | 000,000,104 | ---- | M] () -- C:\ProgramData\~34791176 [2011.04.02 18:44:40 | 000,420,467 | ---- | M] () -- C:\Users\Melms\Desktop\image.png [2011.03.30 21:39:07 | 000,001,236 | ---- | M] () -- C:\Users\Melms\Desktop\Eigene Dateien.lnk [2011.03.30 21:38:54 | 000,000,798 | ---- | M] () -- C:\Users\Melms\Desktop\mircG5.0.exe - Verknüpfung.lnk [2011.03.29 09:56:06 | 000,000,994 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.27 21:58:56 | 000,010,610 | ---- | C] () -- C:\Users\Melms\Desktop\schafe.png [2011.04.27 21:33:54 | 000,014,591 | ---- | C] () -- C:\Users\Melms\Desktop\7lx41k8ykeq.png [2011.04.25 20:56:38 | 005,722,575 | ---- | C] () -- C:\Users\Melms\Desktop\newstime_ausgabe43.pdf [2011.04.22 17:16:39 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [2011.04.21 18:58:00 | 000,293,488 | ---- | C] () -- C:\Users\Melms\Desktop\driving-at-night-1280x960.jpg [2011.04.12 18:00:15 | 000,025,336 | ---- | C] () -- C:\Users\Melms\Desktop\Checkliste Unterlagen ESt.pdf [2011.04.11 22:59:53 | 000,504,657 | ---- | C] () -- C:\Users\Melms\Desktop\unhide.exe [2011.04.11 21:18:49 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.11 21:10:03 | 320,021,172 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.04.11 21:07:56 | 001,006,778 | ---- | C] () -- C:\Users\Melms\Desktop\iExplorer.exe.com [2011.04.11 20:02:31 | 000,000,136 | ---- | C] () -- C:\ProgramData\~34791176r [2011.04.11 20:02:30 | 000,000,104 | ---- | C] () -- C:\ProgramData\~34791176 [2011.04.11 20:02:28 | 000,000,392 | ---- | C] () -- C:\ProgramData\34791176 [2011.04.02 18:44:38 | 000,420,467 | ---- | C] () -- C:\Users\Melms\Desktop\image.png [2011.03.20 20:48:15 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2011.02.27 01:45:09 | 000,000,381 | ---- | C] () -- C:\Windows\BeatBox.INI [2011.02.27 01:45:09 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI [2011.02.27 00:58:31 | 000,124,596 | ---- | C] () -- C:\Windows\System32\mlfcache.dat [2011.02.05 20:09:24 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.02.05 20:09:18 | 000,139,152 | ---- | C] () -- C:\Users\Melms\AppData\Roaming\PnkBstrK.sys [2011.02.05 20:08:43 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.02.05 20:08:40 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2011.02.05 20:08:40 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.02.03 21:56:57 | 000,000,019 | ---- | C] () -- C:\Windows\SoundConverter.INI [2010.12.29 21:00:43 | 000,000,180 | ---- | C] () -- C:\Windows\System32\msftpd.exe [2010.12.19 20:34:53 | 000,000,221 | ---- | C] () -- C:\Windows\SOFTEK.INI [2010.10.19 17:18:19 | 000,002,464 | ---- | C] () -- C:\Windows\netdet.ini [2010.10.15 21:00:00 | 000,006,656 | ---- | C] () -- C:\Users\Melms\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.11 21:12:07 | 000,237,568 | ---- | C] () -- C:\Windows\tsnp2uvc.exe [2010.08.28 19:41:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2010.08.28 19:34:40 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.08.28 19:34:13 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.08.14 17:26:47 | 000,007,597 | ---- | C] () -- C:\Users\Melms\AppData\Local\Resmon.ResmonCfg [2010.08.14 17:14:19 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.08.14 17:14:14 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.07.27 13:00:39 | 000,000,614 | ---- | C] () -- C:\Windows\eReg.dat [2010.07.04 11:29:04 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.07.14 10:47:43 | 000,668,302 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,134,150 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,334,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,619,894 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,110,082 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.07.20 15:35:15 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\#Company short name [2011.01.23 20:41:11 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Aston [2011.01.23 17:12:59 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Bump Technologies, Inc [2011.04.27 23:35:21 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Desktop Sidebar [2010.12.29 14:42:48 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\FileZilla [2010.06.21 17:10:18 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Foxit [2010.10.09 10:25:23 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Foxit Software [2011.03.13 11:46:42 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\FRITZ! [2011.04.27 23:19:21 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\ICQ [2010.11.14 21:51:58 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Jasc [2010.08.29 13:58:48 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Lern-o-Mat [2010.08.28 19:43:37 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\MAGIX [2011.04.22 17:45:07 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Need for Speed World [2011.02.21 23:21:18 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Nokia Multimedia Player [2010.07.04 13:01:02 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\OpenOffice.org [2011.02.21 23:18:43 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\PC Suite [2011.02.16 13:00:53 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Shareaza [2010.06.26 20:34:09 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Sierra [2010.06.26 20:20:43 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Sierra Entertainment [2010.06.27 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Subversion [2010.06.26 18:59:17 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\TerraTec [2010.10.31 14:46:00 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Tokback [2011.04.28 08:13:44 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\TV-Browser [2011.02.16 23:05:57 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\wargaming.net [2011.03.25 15:10:55 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Users\Melms\Downloads:Shareaza.GUID < End of report > Code:
ATTFilter OTL logfile created on: 28.04.2011 21:27:50 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Melms\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free 4,00 Gb Paging File | 1,00 Gb Available in Paging File | 36,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 443,13 Gb Total Space | 312,99 Gb Free Space | 70,63% Space Free | Partition Type: NTFS Unable to calculate disk information. Unable to calculate disk information. Drive N: | 232,83 Gb Total Space | 108,88 Gb Free Space | 46,77% Space Free | Partition Type: FAT32 Computer Name: MELMS-PC | User Name: Melms | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe PRC - [2011.04.01 15:04:02 | 000,119,608 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.4\ICQ.exe PRC - [2011.03.28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2011.03.21 07:49:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.03.20 11:42:20 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.15 03:32:52 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.12.09 12:47:04 | 001,595,744 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winamp.exe PRC - [2010.12.09 12:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2010.11.12 19:53:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\java.exe PRC - [2010.11.03 09:32:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.03 09:32:50 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.09.01 06:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe PRC - [2010.06.18 19:38:22 | 000,619,800 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe PRC - [2010.06.13 13:54:52 | 004,574,208 | ---- | M] (Shareaza Development Team) -- C:\Programme\Shareaza\Shareaza.exe PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2010.05.14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2010.04.16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe PRC - [2010.03.22 12:50:18 | 000,219,976 | ---- | M] () -- C:\Programme\BumpTop\TexHelper.exe PRC - [2010.03.22 12:49:58 | 007,162,184 | ---- | M] () -- C:\Programme\BumpTop\BumpTop.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Programme\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2008.11.04 11:26:04 | 006,209,536 | ---- | M] (TerraTec Electronic GmbH) -- C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe PRC - [2008.11.04 11:06:36 | 001,105,920 | ---- | M] (TerraTec Electronic GmbH) -- C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe PRC - [2007.11.01 20:57:24 | 002,756,096 | ---- | M] (mIRC Co. Ltd.) -- N:\[G]Script50\mircG5.0.exe PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe PRC - [2007.09.11 00:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe PRC - [2007.07.11 18:18:54 | 000,237,568 | ---- | M] () -- C:\Windows\tsnp2uvc.exe PRC - [2007.03.22 11:09:16 | 004,540,120 | ---- | M] ( ) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe PRC - [2007.03.22 11:09:16 | 001,689,304 | ---- | M] ( ) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe PRC - [2006.07.09 21:58:00 | 001,777,664 | ---- | M] (Idea2) -- C:\Programme\Desktop Sidebar\dsidebar.exe PRC - [2005.03.08 12:46:00 | 000,651,264 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe PRC - [2005.03.04 11:50:00 | 000,118,784 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE PRC - [2004.12.09 13:14:34 | 001,068,032 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe PRC - [2004.12.01 14:20:28 | 000,456,192 | ---- | M] (Nokia Corporation) -- C:\Programme\Common Files\Nokia\MPAPI\MPAPI3s.exe PRC - [2004.11.25 13:59:06 | 000,143,360 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 6\Launch Application 2.exe PRC - [2004.11.24 13:29:38 | 000,880,640 | ---- | M] (Time Information Services Ltd.) -- C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe PRC - [2004.11.16 12:55:16 | 000,089,088 | ---- | M] (Nokia.) -- C:\Programme\Common Files\PCSuite\Services\ServiceLayer.exe ========== Modules (SafeList) ========== MOD - [2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.03.20 11:42:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.12.21 07:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.11.03 09:32:50 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.07.04 11:44:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2007.03.22 11:09:16 | 001,689,304 | ---- | M] ( ) [Auto | Running] -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe -- (AshampooDefragService) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.03.04 12:42:08 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv) SRV - [2005.03.04 11:50:00 | 000,118,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service) ========== Driver Services (SafeList) ========== DRV - [2011.03.20 11:42:20 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.22 23:55:16 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.13 22:49:42 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbsermpt.sys -- (usbsermpt) DRV - [2010.08.14 17:59:32 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.08.14 17:59:32 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.07.10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.11.20 13:15:18 | 000,137,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2009.11.20 13:15:16 | 000,058,880 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.05 03:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2009.04.29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86) DRV - [2009.03.18 17:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.05.02 11:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008.05.02 11:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.05.02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2007.05.11 16:17:25 | 000,221,184 | ---- | M] (TerraTec Electronic GmbH.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Cinergy_HT_PCI_MKII.sys -- (Cinergy_HT_PCI_MKII) Cinergy HT PCI (MKII) DRV - [2004.07.14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 13 EE 64 48 11 CB 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/" FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..extensions.enabledItems: longurlplease@darragh.curran:0.4.3 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: FirefoxAddon@similarWeb.com:1.2.06 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.18 21:07:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.18 21:07:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.21 07:49:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.19 11:55:34 | 000,000,000 | ---D | M] [2010.06.26 15:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melms\AppData\Roaming\mozilla\Extensions [2011.04.15 23:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions [2011.02.04 09:34:03 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2011.01.14 09:29:30 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [2011.03.12 09:14:20 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011.02.19 16:23:41 | 000,000,000 | ---D | M] (SimilarWeb) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\FirefoxAddon@similarWeb.com [2011.03.27 11:05:20 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\toolbar@ask.com [2011.04.25 23:21:55 | 000,001,056 | ---- | M] () -- C:\Users\Melms\AppData\Roaming\Mozilla\Firefox\Profiles\xsdvpeay.default\searchplugins\icqplugin.xml [2011.03.19 11:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.07.17 09:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.01.12 09:21:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- [2010.07.17 09:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.01.12 09:21:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} () (No name found) -- C:\USERS\MELMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XSDVPEAY.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI () (No name found) -- C:\USERS\MELMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XSDVPEAY.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI [2011.03.21 07:49:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.06.21 17:10:13 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Programme\Shareaza\RazaWebHook32.dll (Shareaza Development Team) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DataLayer] C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe (Nokia) O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH) O4 - HKCU..\Run: [Shareaza] C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) O4 - HKCU..\Run: [SIDEBAR] C:\Program Files\Desktop Sidebar\dsidebar.exe (Idea2) O4 - Startup: C:\Users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TV-Browser.url () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team) O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2) O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\Shell - "" = AutoRun O33 - MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\Shell\AutoRun\command - "" = F:\EasySuite.exe O33 - MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\Shell - "" = AutoRun O33 - MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\Shell\AutoRun\command - "" = K:\autorun.exe de O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.22 17:45:07 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\Need for Speed World [2011.04.22 17:16:59 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Local\Electronic_Arts_Inc [2011.04.18 19:48:41 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\TV-Browser [2011.04.11 21:18:53 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\Malwarebytes [2011.04.11 21:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.11 21:18:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.11 21:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.11 21:18:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.11 21:17:26 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Melms\Desktop\herbert.exe [2011.04.11 20:21:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe [2011.04.10 15:32:20 | 000,000,000 | ---D | C] -- C:\Programme\Yuna Software [2011.04.01 15:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4 [2011.04.01 15:03:56 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.4 [2011.04.01 13:20:30 | 000,026,176 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys [2011.04.01 13:20:28 | 000,000,000 | ---D | C] -- C:\Programme\LogMeIn Hamachi [2011.04.01 13:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2010.10.11 21:12:07 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.28 21:24:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.28 18:24:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.28 18:00:46 | 000,668,302 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.28 18:00:46 | 000,619,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.28 18:00:46 | 000,134,150 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.28 18:00:46 | 000,110,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.28 17:59:57 | 000,014,624 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 17:59:57 | 000,014,624 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 17:54:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.28 17:54:22 | 1610,309,632 | -HS- | M] () -- C:\hiberfil.sys [2011.04.25 20:56:50 | 005,722,575 | ---- | M] () -- C:\Users\Melms\Desktop\newstime_ausgabe43.pdf [2011.04.22 17:16:39 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [2011.04.16 22:50:30 | 000,000,381 | ---- | M] () -- C:\Windows\BeatBox.INI [2011.04.16 22:50:30 | 000,000,028 | ---- | M] () -- C:\Windows\Robota.INI [2011.04.15 20:14:58 | 000,334,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.12 18:00:16 | 000,025,336 | ---- | M] () -- C:\Users\Melms\Desktop\Checkliste Unterlagen ESt.pdf [2011.04.11 22:59:52 | 000,504,657 | ---- | M] () -- C:\Users\Melms\Desktop\unhide.exe [2011.04.11 21:18:49 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.11 21:17:42 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Melms\Desktop\herbert.exe [2011.04.11 21:10:03 | 320,021,172 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.11 21:07:59 | 001,006,778 | ---- | M] () -- C:\Users\Melms\Desktop\iExplorer.exe.com [2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe [2011.04.11 20:08:44 | 000,000,392 | ---- | M] () -- C:\ProgramData\34791176 [2011.04.11 20:06:52 | 000,000,136 | ---- | M] () -- C:\ProgramData\~34791176r [2011.04.11 20:06:52 | 000,000,104 | ---- | M] () -- C:\ProgramData\~34791176 [2011.04.02 18:44:40 | 000,420,467 | ---- | M] () -- C:\Users\Melms\Desktop\image.png [2011.03.30 21:39:07 | 000,001,236 | ---- | M] () -- C:\Users\Melms\Desktop\Eigene Dateien.lnk [2011.03.30 21:38:54 | 000,000,798 | ---- | M] () -- C:\Users\Melms\Desktop\mircG5.0.exe - Verknüpfung.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.25 20:56:38 | 005,722,575 | ---- | C] () -- C:\Users\Melms\Desktop\newstime_ausgabe43.pdf [2011.04.22 17:16:39 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [2011.04.12 18:00:15 | 000,025,336 | ---- | C] () -- C:\Users\Melms\Desktop\Checkliste Unterlagen ESt.pdf [2011.04.11 22:59:53 | 000,504,657 | ---- | C] () -- C:\Users\Melms\Desktop\unhide.exe [2011.04.11 21:18:49 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.11 21:10:03 | 320,021,172 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.04.11 21:07:56 | 001,006,778 | ---- | C] () -- C:\Users\Melms\Desktop\iExplorer.exe.com [2011.04.11 20:02:31 | 000,000,136 | ---- | C] () -- C:\ProgramData\~34791176r [2011.04.11 20:02:30 | 000,000,104 | ---- | C] () -- C:\ProgramData\~34791176 [2011.04.11 20:02:28 | 000,000,392 | ---- | C] () -- C:\ProgramData\34791176 [2011.04.02 18:44:38 | 000,420,467 | ---- | C] () -- C:\Users\Melms\Desktop\image.png [2011.03.20 20:48:15 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2011.02.27 01:45:09 | 000,000,381 | ---- | C] () -- C:\Windows\BeatBox.INI [2011.02.27 01:45:09 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI [2011.02.27 00:58:31 | 000,124,596 | ---- | C] () -- C:\Windows\System32\mlfcache.dat [2011.02.05 20:09:24 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.02.05 20:09:18 | 000,139,152 | ---- | C] () -- C:\Users\Melms\AppData\Roaming\PnkBstrK.sys [2011.02.05 20:08:43 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.02.05 20:08:40 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2011.02.05 20:08:40 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.02.03 21:56:57 | 000,000,019 | ---- | C] () -- C:\Windows\SoundConverter.INI [2010.12.29 21:00:43 | 000,000,180 | ---- | C] () -- C:\Windows\System32\msftpd.exe [2010.12.19 20:34:53 | 000,000,221 | ---- | C] () -- C:\Windows\SOFTEK.INI [2010.10.19 17:18:19 | 000,002,464 | ---- | C] () -- C:\Windows\netdet.ini [2010.10.15 21:00:00 | 000,006,656 | ---- | C] () -- C:\Users\Melms\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.11 21:12:07 | 000,237,568 | ---- | C] () -- C:\Windows\tsnp2uvc.exe [2010.08.28 19:41:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2010.08.28 19:34:40 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.08.28 19:34:13 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.08.14 17:26:47 | 000,007,597 | ---- | C] () -- C:\Users\Melms\AppData\Local\Resmon.ResmonCfg [2010.08.14 17:14:19 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.08.14 17:14:14 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.07.27 13:00:39 | 000,000,614 | ---- | C] () -- C:\Windows\eReg.dat [2010.07.04 11:29:04 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.07.14 10:47:43 | 000,668,302 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,134,150 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,334,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,619,894 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,110,082 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.07.20 15:35:15 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\#Company short name [2011.01.23 20:41:11 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Aston [2011.01.23 17:12:59 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Bump Technologies, Inc [2011.04.28 08:46:03 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Desktop Sidebar [2010.12.29 14:42:48 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\FileZilla [2010.06.21 17:10:18 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Foxit [2010.10.09 10:25:23 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Foxit Software [2011.03.13 11:46:42 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\FRITZ! [2011.04.28 19:42:17 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\ICQ [2010.11.14 21:51:58 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Jasc [2010.08.29 13:58:48 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Lern-o-Mat [2010.08.28 19:43:37 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\MAGIX [2011.04.22 17:45:07 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Need for Speed World [2011.02.21 23:21:18 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Nokia Multimedia Player [2010.07.04 13:01:02 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\OpenOffice.org [2011.02.21 23:18:43 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\PC Suite [2011.02.16 13:00:53 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Shareaza [2010.06.26 20:34:09 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Sierra [2010.06.26 20:20:43 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Sierra Entertainment [2010.06.27 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Subversion [2010.06.26 18:59:17 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\TerraTec [2010.10.31 14:46:00 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Tokback [2011.04.28 21:14:37 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\TV-Browser [2011.02.16 23:05:57 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\wargaming.net [2011.03.25 15:10:55 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Users\Melms\Downloads:Shareaza.GUID < End of report > |
|
06.05.2011, 12:01
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme Die Scans sind schon etwas her. Bitte Malwarebytes updaten und einen neuen Vollscan machen.
__________________
__________________ |
|
06.05.2011, 14:57
| #3 |
| | [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme Hier die frische Log:
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6519
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
06.05.2011 15:01:26
mbam-log-2011-05-06 (15-01-26).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|N:\|)
Durchsuchte Objekte: 458406
Laufzeit: 1 Stunde(n), 25 Minute(n), 21 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
06.05.2011, 18:00
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | [Schadprogramm] Windows Restore beseitigt und t.w. noch ProblemeZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.05.2011, 20:00
| #5 |
| | [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme Wenn ich mich recht erinnere, gelöscht - evtl. überschrieben durch die 2. Log ... |
|
06.05.2011, 20:42
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\Shell - "" = AutoRun
O33 - MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\Shell\AutoRun\command - "" = F:\EasySuite.exe
O33 - MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\Shell - "" = AutoRun
O33 - MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\Shell\AutoRun\command - "" = K:\autorun.exe de
[2011.04.11 20:08:44 | 000,000,392 | ---- | M] () -- C:\ProgramData\34791176
[2011.04.11 20:06:52 | 000,000,136 | ---- | M] () -- C:\ProgramData\~34791176r
[2011.04.11 20:06:52 | 000,000,104 | ---- | M] () -- C:\ProgramData\~34791176
@Alternate Data Stream - 16 bytes -> C:\Users\Melms\Downloads:Shareaza.GUID
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme |
|
06.05.2011, 21:24
| #7 |
| | [Schadprogramm] Windows Restore beseitigt und t.w. noch ProblemeCode:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\ not found.
File F:\EasySuite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2133406-85c9-11df-916f-6cf049e2f3ee}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2133406-85c9-11df-916f-6cf049e2f3ee}\ not found.
File K:\autorun.exe de not found.
C:\ProgramData\34791176 moved successfully.
C:\ProgramData\~34791176r moved successfully.
C:\ProgramData\~34791176 moved successfully.
Unable to delete ADS C:\Users\Melms\Downloads:Shareaza.GUID .
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Melms
->Temp folder emptied: 3251542807 bytes
->Temporary Internet Files folder emptied: 40645649 bytes
->Java cache emptied: 476687 bytes
->FireFox cache emptied: 103188202 bytes
->Flash cache emptied: 137944 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9537682 bytes
RecycleBin emptied: 11407047629 bytes
Total Files Cleaned = 14.126,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 05062011_221746
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
07.05.2011, 14:08
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.05.2011, 12:42
| #9 |
| | [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme Ein Starten der .exe ist nicht möglich. Nach dem Doppelklick auf die TDSSKiller.exe erscheint wie immer eine Bestätigungsabfrage durch Windows. Nach dem Klick auf "Ausführen" passiert dann allerdings nichts mehr. Auch mit "Als Administrator" ausführen passiert nichts. |
|
08.05.2011, 14:33
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme Dann bitte jetzt CF ausführen, probier den tdsskiller danach nochmal. ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.05.2011, 15:04
| #11 |
| | [Schadprogramm] Windows Restore beseitigt und t.w. noch ProblemeCode:
ATTFilter ComboFix 11-05-07.02 - Melms 08.05.2011 15:52:28.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2048.1190 [GMT 2:00]
ausgeführt von:: c:\users\Melms\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\bassmod.dll
c:\program files\INSTALL.LOG
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-08 bis 2011-05-08 ))))))))))))))))))))))))))))))
.
.
2011-05-08 13:58 . 2011-05-08 13:59 -------- d-----w- c:\users\Melms\AppData\Local\temp
2011-05-08 13:58 . 2011-05-08 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-07 05:53 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B438D3AE-3519-44F5-80FE-5157D9320E45}\mpengine.dll
2011-05-06 20:20 . 2011-05-06 20:31 -------- d-----w- c:\users\Melms\AppData\Roaming\Nokia
2011-05-06 20:20 . 2011-05-06 20:20 -------- d-----w- c:\users\Melms\AppData\Roaming\PC Suite
2011-05-06 20:20 . 2011-05-06 20:20 -------- d-----w- c:\programdata\PC Suite
2011-05-06 20:17 . 2011-05-06 20:17 -------- d-----w- C:\_OTL
2011-05-06 20:04 . 2011-05-06 20:04 -------- d-----w- c:\program files\Common Files\PCSuite
2011-05-06 20:04 . 2011-05-06 20:04 -------- d-----w- c:\program files\Common Files\Nokia
2011-05-06 20:03 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-05-06 20:03 . 2011-05-06 20:03 -------- d-----w- c:\program files\PC Connectivity Solution
2011-05-06 20:00 . 2011-05-06 20:00 -------- d-----w- c:\programdata\Installations
2011-05-05 16:55 . 2011-05-05 16:55 -------- d-----w- c:\users\Melms\AppData\Local\FT Software Updates
2011-05-03 18:06 . 2011-05-03 18:06 -------- d-----w- c:\program files\iPod
2011-05-03 18:06 . 2011-05-03 18:07 -------- d-----w- c:\program files\iTunes
2011-05-03 18:04 . 2011-05-03 18:04 -------- d-----w- c:\program files\Bonjour
2011-05-03 18:02 . 2011-05-03 18:02 -------- d-----w- c:\program files\Common Files\Java
2011-04-27 15:55 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 15:55 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 15:55 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 15:55 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 15:55 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 15:55 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 15:55 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-04-27 15:55 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 15:55 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 15:55 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 15:55 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 15:55 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-04-22 15:45 . 2011-04-22 15:45 -------- d-----w- c:\users\Melms\AppData\Roaming\Need for Speed World
2011-04-22 15:16 . 2011-04-22 15:16 -------- d-----w- c:\users\Melms\AppData\Local\Electronic_Arts_Inc
2011-04-18 17:48 . 2011-05-08 13:36 -------- d-----w- c:\users\Melms\AppData\Roaming\TV-Browser
2011-04-14 15:53 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 15:53 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 15:53 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 15:53 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 15:53 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 15:53 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-11 19:18 . 2011-04-11 19:18 -------- d-----w- c:\users\Melms\AppData\Roaming\Malwarebytes
2011-04-11 19:18 . 2011-04-11 19:18 -------- d-----w- c:\programdata\Malwarebytes
2011-04-11 19:18 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-11 19:18 . 2011-04-11 19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-10 13:32 . 2011-04-10 13:32 -------- d-----w- c:\program files\Yuna Software
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-28 18:15 . 2010-08-25 21:20 1152832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-14 15:57 . 2011-01-13 19:12 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-14 15:57 . 2011-01-13 19:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-14 03:07 . 2010-07-17 07:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-29 18:51 . 2010-06-26 13:27 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-03-29 18:51 . 2010-06-26 13:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-22 15:07 . 2011-03-20 18:48 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-03-20 09:42 . 2010-07-21 19:13 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-19 05:33 . 2011-03-09 07:29 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 07:29 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 07:29 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-17 12:45 . 2011-02-17 12:45 586 ----a-w- C:\cc_20110217_134503.reg
2011-02-17 12:44 . 2011-02-17 12:44 41290 ----a-w- C:\cc_20110217_134408.reg
2011-04-14 16:40 . 2011-05-04 15:40 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe" [2008-11-04 1105920]
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2010-06-13 4574208]
"SIDEBAR"="c:\program files\Desktop Sidebar\dsidebar.exe" [2006-07-09 1777664]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2007-07-11 237568]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
.
c:\users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
TV-Browser.url [2011-1-29 164]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ashampoo Magical Defrag.lnk - c:\program files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe [2010-7-21 4540120]
FRITZ!DSL Startcenter.lnk - c:\program files\FRITZ!DSL\StCenter.exe [2011-2-17 651264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-26 23:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NowWatching]
2010-10-31 12:46 280064 ----a-w- c:\users\Melms\AppData\Roaming\Tokback\NowWatching\2.2.0.0\NowWatching.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-27 330144]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-27 251680]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 1242504]
S3 Cinergy_HT_PCI_MKII;Cinergy HT PCI (MKII) service;c:\windows\system32\DRIVERS\Cinergy_HT_PCI_MKII.sys [2007-05-11 221184]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 58880]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 137728]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 22:13]
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 22:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\Melms\AppData\Roaming\Mozilla\Firefox\Profiles\xsdvpeay.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.net/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
AddRemove-Project Reality_is1 - c:\program files\EA GAMES\Battlefield 2\unins000.exe
AddRemove-FileZilla Client - c:\program files\FileZilla FTP Client\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-08 16:01:01
ComboFix-quarantined-files.txt 2011-05-08 14:01
.
Vor Suchlauf: 11 Verzeichnis(se), 358.527.016.960 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 358.582.726.656 Bytes frei
.
- - End Of File - - 875F60F54CE20DB067A642DE08F66B20
|
|
08.05.2011, 19:59
| #12 |
| | [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme Der tdsskiller lässt aber immer noch nicht starten. |
|
09.05.2011, 12:22
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.05.2011, 18:33
| #14 |
| | [Schadprogramm] Windows Restore beseitigt und t.w. noch ProblemeCode:
ATTFilter GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-09 19:32:14
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD103SJ rev.1AJ10001
Running: co0xc7nu.exe; Driver: C:\Users\Melms\AppData\Local\Temp\kgloypoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C738A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C93312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.reloc C:\Windows\system32\drivers\acehlp10.sys section is executable [0x83FA4B80, 0x37FC7, 0xE0000060]
.reloc C:\Windows\system32\drivers\acedrv10.sys section is executable [0xA34B7000, 0x459C1, 0xE0000060]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA34FD300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xA3540400, 0x82482, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA35E0420] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA35E0420]
.protectÿÿÿÿhardlockunknown last code section [0xA35E0200, 0x5105, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xA35E0200, 0x5105, 0xE0000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA35E6300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[1992] WININET.dll!HttpAddRequestHeadersA 775E9ABA 5 Bytes JMP 0051164F
.text C:\Windows\Explorer.EXE[1992] WININET.dll!HttpAddRequestHeadersW 775F0848 5 Bytes JMP 00511817
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746D2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746B5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746B56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746D250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746C8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746C4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746C50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746C51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746C66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746C82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746C8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746C907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [746CE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [746C4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6E1F5455] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6E1F549E] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6E1F45F8] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6E1F5455] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6E1F45F8] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6E1F549E] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6E1F45F8] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6E1F5455] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6E1F549E] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6E1F549E] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6E1F45F8] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6E1F5455] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6E1F549E] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6E1F5455] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6E1F45F8] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6E1F549E] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6E1F45F8] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [6E1F5455] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6E1F549E] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 85F641ED
Device \Driver\atapi \Device\Ide\IdePort1 85F641ED
Device \Driver\atapi \Device\Ide\IdePort2 85F641ED
Device \Driver\atapi \Device\Ide\IdePort3 85F641ED
Device \Driver\atapi \Device\Ide\IdePort4 85F641ED
Device \Driver\atapi \Device\Ide\IdePort5 85F641ED
Device \Driver\atapi \Device\Ide\IdePort6 85F641ED
Device \Driver\atapi \Device\Ide\IdePort7 85F641ED
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85F641ED
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-4 85F641ED
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-5 85F641ED
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:248] 85F68E84
Thread System [4:252] 85F6B084
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:40:28 on 09.05.2011 OS: Windows 7 Home Premium Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 4.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Adobe Gamma" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv10" (acedrv10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv10.sys "acehlp10" (acehlp10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acehlp10.sys "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Melms\AppData\Local\Temp\catchme.sys (File not found) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "kgloypoc" (kgloypoc) - ? - C:\Users\Melms\AppData\Local\Temp\kgloypoc.sys (Hidden registry entry, rootkit activity | File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "Motorola USB Modem Driver for MPT" (usbsermpt) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbsermpt.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )----- {E31004D1-A431-41B8-826F-E902F9D95C81} "Windows DreamScene" - "Microsoft Corporation" - C:\Windows\System32\DreamScene.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {F2185E5D-720E-4956-90D9-75F6AC141575} "SidebarIconHandler Class" - "Idea2" - C:\Program Files\Desktop Sidebar\sbhelp.dll {30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_25.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10p.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe {45AD732C-2CE2-4666-B366-B2214AD57A49} "Subscribe in Desktop Sidebar" - "Idea2" - C:\Program Files\Desktop Sidebar\sbhelp.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll {AD6E6555-FB2C-47D4-8339-3E2965509877} "TerraTec Home Cinema" - "TerraTec Electronic GmbH" - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - ? - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (File not found) {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - ? - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (File not found) {45AD732C-2CE2-4666-B366-B2214AD57A49} "Idea2 SidebarBrowserMonitor Class" - "Idea2" - C:\Program Files\Desktop Sidebar\sbhelp.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {0EEDB912-C5FA-486F-8334-57288578C627} "Shareaza Web Download Hook" - "Shareaza Development Team" - C:\Program Files\Shareaza\RazaWebHook32.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) "TV-Browser.url" - ? - C:\Users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TV-Browser.url -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Ashampoo Magical Defrag.lnk" - " " - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "FRITZ!DSL Startcenter.lnk" - "AVM Berlin" - C:\Program Files\FRITZ!DSL\StCenter.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background "PC Suite Tray" - "Nokia" - "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray "Remote Control Editor" - "TerraTec Electronic GmbH" - "C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe" "Shareaza" - "Shareaza Development Team" - "C:\Program Files\Shareaza\Shareaza.exe" -tray "SIDEBAR" - "Idea2" - "C:\Program Files\Desktop Sidebar\dsidebar.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start "NUSB3MON" - "NEC Electronics Corporation" - "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "tsnp2uvc" - ? - C:\Windows\tsnp2uvc.exe "VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "avm:" - "AVM Berlin GmbH" - C:\Windows\system32\avmprmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Adobe Active File Monitor V6" (AdobeActiveFileMonitor6.0) - ? - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (File found, but it contains no detailed information) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Ashampoo Defrag Service" (AshampooDefragService) - " " - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Program Files\Common Files\AVM\de_serv.exe "AVM IGD CTRL Service" (AVM IGD CTRL Service) - "AVM Berlin" - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-890XA-UD3
Logical Drives Mask: 0x00003fdc
Kernel Drivers (total 201):
0x82C3E000 \SystemRoot\system32\ntoskrnl.exe
0x82C07000 \SystemRoot\system32\halmacpi.dll
0x80BA2000 \SystemRoot\system32\kdcom.dll
0x83C06000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x83C11000 \SystemRoot\system32\PSHED.dll
0x83C22000 \SystemRoot\system32\BOOTVID.dll
0x83C2A000 \SystemRoot\system32\CLFS.SYS
0x83C6C000 \SystemRoot\system32\CI.dll
0x83D17000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83D88000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83D96000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x83DDE000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x83DE7000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x83DEF000 \SystemRoot\system32\DRIVERS\pci.sys
0x83E19000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x83E24000 \SystemRoot\System32\drivers\partmgr.sys
0x83E35000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x83E45000 \SystemRoot\System32\drivers\volmgrx.sys
0x83E90000 \SystemRoot\system32\DRIVERS\pciide.sys
0x83E97000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x83EA5000 \SystemRoot\System32\drivers\mountmgr.sys
0x83EBB000 \SystemRoot\system32\DRIVERS\atapi.sys
0x83EC4000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x83EE7000 \SystemRoot\system32\DRIVERS\msahci.sys
0x83EF1000 \SystemRoot\system32\drivers\amdxata.sys
0x83EFA000 \SystemRoot\system32\drivers\fltmgr.sys
0x83F2E000 \SystemRoot\system32\drivers\fileinfo.sys
0x83F3F000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8983B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8996A000 \SystemRoot\System32\Drivers\msrpc.sys
0x89995000 \SystemRoot\System32\Drivers\ksecdd.sys
0x899A8000 \SystemRoot\System32\Drivers\cng.sys
0x89A05000 \SystemRoot\System32\drivers\pcw.sys
0x89A13000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x89A1C000 \SystemRoot\system32\drivers\ndis.sys
0x89AD3000 \SystemRoot\system32\drivers\NETIO.SYS
0x89B11000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x89C1C000 \SystemRoot\System32\drivers\tcpip.sys
0x89D65000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89D96000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x89DD5000 \SystemRoot\System32\Drivers\spldr.sys
0x89DDD000 \SystemRoot\System32\drivers\rdyboost.sys
0x89E0A000 \SystemRoot\System32\Drivers\mup.sys
0x89E1A000 \SystemRoot\System32\drivers\hwpolicy.sys
0x89E22000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x89E54000 \SystemRoot\system32\DRIVERS\disk.sys
0x89E65000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x89E8A000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x89EC4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x89EE3000 \SystemRoot\System32\Drivers\Null.SYS
0x89EEA000 \SystemRoot\System32\Drivers\Beep.SYS
0x89EF1000 \SystemRoot\System32\drivers\vga.sys
0x89EFD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x89F1E000 \SystemRoot\System32\drivers\watchdog.sys
0x89F2B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x89F33000 \SystemRoot\system32\drivers\rdpencdd.sys
0x89F3B000 \SystemRoot\system32\drivers\rdprefmp.sys
0x89F43000 \SystemRoot\System32\Drivers\Msfs.SYS
0x89F4E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x89F5C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x89F73000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x89F7E000 \SystemRoot\system32\drivers\afd.sys
0x89B36000 \SystemRoot\System32\DRIVERS\netbt.sys
0x89FD8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x89FDF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x89C00000 \SystemRoot\system32\DRIVERS\netbios.sys
0x89B68000 \SystemRoot\system32\DRIVERS\serial.sys
0x89B82000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x89B95000 \SystemRoot\system32\DRIVERS\termdd.sys
0x89C0E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x89BA5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x89BE6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x89BF0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x89C14000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x89800000 \SystemRoot\System32\drivers\discache.sys
0x8980C000 \SystemRoot\System32\Drivers\dfsc.sys
0x89824000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x83F49000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x83F6F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x83F90000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x89832000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90407000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x90E85000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x90E87000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90F3E000 \SystemRoot\System32\drivers\dxgmms1.sys
0x90F77000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x90F99000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90F9B000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x83FA1000 \??\C:\Windows\system32\drivers\acehlp10.sys
0x90FC6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x90FCC000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x99416000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x99461000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x99470000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9948F000 \SystemRoot\system32\DRIVERS\Cinergy_HT_PCI_MKII.sys
0x994C5000 \SystemRoot\system32\DRIVERS\ks.sys
0x994F9000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x994FC000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x99528000 \SystemRoot\system32\DRIVERS\serenum.sys
0x99532000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x9953F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x99551000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x99569000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x99574000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x99596000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x995AE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x995C5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x995E1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x995EE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x995FB000 \SystemRoot\system32\DRIVERS\VClone.sys
0x99606000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x9962C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9962E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9963C000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x9964B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9968F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8200F000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x82318000 \SystemRoot\system32\drivers\portcls.sys
0x82347000 \SystemRoot\system32\drivers\drmk.sys
0x82360000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x82377000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8238E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x82399000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x823AC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x823B3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x823BF000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0x823C8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x98490000 \SystemRoot\System32\win32k.sys
0x823D3000 \SystemRoot\System32\drivers\Dxapi.sys
0x823DD000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x996A0000 \SystemRoot\System32\Drivers\fastfat.SYS
0x823F3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x986F0000 \SystemRoot\System32\TSDDD.dll
0x98720000 \SystemRoot\System32\cdd.dll
0x82000000 \SystemRoot\System32\Drivers\crashdmp.sys
0x996CA000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x996D5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x996DE000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x996EF000 \SystemRoot\system32\drivers\luafv.sys
0x9970A000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9971F000 \SystemRoot\system32\drivers\WudfPf.sys
0x99739000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x99749000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9975C000 \SystemRoot\system32\drivers\HTTP.sys
0x997E1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x99400000 \SystemRoot\System32\drivers\mpsdrv.sys
0x90FD6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA3439000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA3474000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA34A7000 \??\C:\Windows\system32\drivers\acedrv10.sys
0xA34FD000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xA3540000 \??\C:\Windows\system32\drivers\hardlock.sys
0xA35E6000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA35EB000 \SystemRoot\system32\drivers\peauth.sys
0xA3682000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA368C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA36AD000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA36BA000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3709000 \SystemRoot\System32\DRIVERS\srv.sys
0xA37E6000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA3400000 \??\C:\Users\Melms\AppData\Local\Temp\kgloypoc.sys
0xA375B000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x778D0000 \Windows\System32\ntdll.dll
0x47B90000 \Windows\System32\smss.exe
0x77B10000 \Windows\System32\apisetschema.dll
0x00EB0000 \Windows\System32\autochk.exe
0x77AE0000 \Windows\System32\sechost.dll
0x77A80000 \Windows\System32\difxapi.dll
0x776D0000 \Windows\System32\iertutil.dll
0x77A70000 \Windows\System32\normaliz.dll
0x775D0000 \Windows\System32\wininet.dll
0x77A50000 \Windows\System32\imm32.dll
0x774F0000 \Windows\System32\kernel32.dll
0x77490000 \Windows\System32\shlwapi.dll
0x77400000 \Windows\System32\oleaut32.dll
0x77360000 \Windows\System32\advapi32.dll
0x77310000 \Windows\System32\gdi32.dll
0x77A40000 \Windows\System32\lpk.dll
0x77260000 \Windows\System32\rpcrt4.dll
0x77220000 \Windows\System32\ws2_32.dll
0x765D0000 \Windows\System32\shell32.dll
0x77A30000 \Windows\System32\nsi.dll
0x76520000 \Windows\System32\msvcrt.dll
0x764D0000 \Windows\System32\Wldap32.dll
0x76330000 \Windows\System32\setupapi.dll
0x76260000 \Windows\System32\msctf.dll
0x761E0000 \Windows\System32\comdlg32.dll
0x76150000 \Windows\System32\clbcatq.dll
0x76080000 \Windows\System32\user32.dll
0x75F20000 \Windows\System32\ole32.dll
0x75E80000 \Windows\System32\usp10.dll
0x75D40000 \Windows\System32\urlmon.dll
0x75D10000 \Windows\System32\imagehlp.dll
0x77A20000 \Windows\System32\psapi.dll
0x75BF0000 \Windows\System32\crypt32.dll
0x75B60000 \Windows\System32\comctl32.dll
0x75B40000 \Windows\System32\devobj.dll
0x75B10000 \Windows\System32\wintrust.dll
0x75AC0000 \Windows\System32\KernelBase.dll
0x75A90000 \Windows\System32\cfgmgr32.dll
0x77A10000 \Windows\System32\msasn1.dll
Processes (total 76):
0 System Idle Process
4 System
288 C:\Windows\System32\smss.exe
512 csrss.exe
572 C:\Windows\System32\wininit.exe
592 csrss.exe
628 C:\Windows\System32\services.exe
652 C:\Windows\System32\lsass.exe
660 C:\Windows\System32\lsm.exe
800 C:\Windows\System32\winlogon.exe
836 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\nvvsvc.exe
956 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\svchost.exe
1444 C:\Windows\System32\nvvsvc.exe
1500 C:\Windows\System32\spoolsv.exe
1552 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1624 C:\Windows\System32\svchost.exe
1724 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
1816 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1912 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1944 C:\Windows\System32\dwm.exe
1992 C:\Windows\explorer.exe
2024 C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
2036 C:\Windows\System32\taskhost.exe
620 C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
564 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
656 C:\Windows\System32\conhost.exe
508 C:\Program Files\Bonjour\mDNSResponder.exe
2072 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
2196 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2308 C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
2316 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
2324 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
2332 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2340 C:\Windows\tsnp2uvc.exe
2360 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
2448 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2476 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2484 C:\Program Files\iTunes\iTunesHelper.exe
2508 C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe
2520 C:\Program Files\Shareaza\Shareaza.exe
2568 C:\PROGRA~1\Ashampoo\ASHAMP~1\bin\DEFRAG~2.EXE
2588 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
2620 C:\Windows\System32\PnkBstrA.exe
2632 C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
2660 C:\Windows\System32\svchost.exe
2684 C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
3076 C:\Program Files\FRITZ!DSL\StCenter.exe
3088 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
3188 C:\Program Files\OpenOffice.org 3\program\soffice.exe
3200 C:\PROGRA~1\Ashampoo\ASHAMP~1\bin\defragActivityMonitor.exe
3208 C:\Program Files\OpenOffice.org 3\program\soffice.bin
3528 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
3692 C:\Windows\System32\svchost.exe
3720 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
3748 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
2108 C:\Program Files\iPod\bin\iPodService.exe
2208 C:\Windows\System32\SearchIndexer.exe
4540 C:\Program Files\Windows Media Player\wmpnetwk.exe
5016 C:\Windows\System32\svchost.exe
5168 C:\Windows\System32\svchost.exe
6132 C:\Program Files\Winamp\winamp.exe
4748 C:\Windows\System32\audiodg.exe
764 C:\Program Files\Mozilla Firefox\firefox.exe
4764 C:\Program Files\Mozilla Firefox\plugin-container.exe
5468 MpCmdRun.exe
2224 C:\Windows\System32\SearchProtocolHost.exe
4136 C:\Windows\System32\SearchFilterHost.exe
5244 C:\Users\Melms\Desktop\MBRCheck.exe
1456 C:\Windows\System32\conhost.exe
1028 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\N: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)
PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ10001
PhysicalDrive1 Model Number: WD2500BB External, Rev: 0602
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
232 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: CE7DBBBEE43059700485C7835F4E1ED6D2FADB1C
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
Geändert von Drummer_Shoo (09.05.2011 um 18:43 Uhr) |
|
09.05.2011, 19:17
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme |
| adresse, alternate, avgntflt.sys, beseitigt, checkliste, dinge, disabletaskmgr, eingefangen, fehler, forum, gen, installieren, interne, intranet, launch, links, location, nutzung, nvlddmkm.sys, oldtimer, pdf creator, plug-in, problem, probleme, programme, rechner, rechners, relativ, remote control, restore, searchplugins, seite, seiten, start menu, stunden, usb 3.0, webcheck, weitergeleitet, windows, woche, wochen |
![[Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme](iconimages/plagegeister-aller-art-deren-bekaempfung/schadprogramm-windows-restore-beseitigt-t-w-noch-probleme_ltr.gif)
Linear-Darstellung
