![]() |
|
Plagegeister aller Art und deren Bekämpfung: Festplatte beschädigt, Probleme mit dem IDE/SATAWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() | ![]() Festplatte beschädigt, Probleme mit dem IDE/SATA Liebes Forum, zunächst will ich betonen, dass ich es sehr beeindruckend finde wie schnell und gewissenhaft hier Menschen geholfen wird. Dafür Vielen Dank! Ich habe vermutlich einen ähnlichen Trojaner wie andere User hier auch schon. Gestern ist beim surfen der Desktop schwarz geworden, Progamm unter dem WIndows Startzeichen sind nicht mehr zu sehen und die Browser u.ä. zeigt sich nur noch als weiße Blätter. Auf "Benutzer" auf der 1. Partition kann gar nicht mehr zugriffen werden. Ich habe wie bei den anderen Usern vorgeschlagen malware und Super Anti Spyware durchlaufen lassen und die gefunden Trojaner gelöscht. Nun sind zumindest die Symbole wieder zu sehen, wenn auch nur "blässlich". Unter Windows ist noch nichts zu finden. Anbei habe ich im Folgenden OTL meinen PC scannen lassen. Die logs findet ihr anbei. Ich würde mich über jede Hilfe und weitere Tipps sehr freuen! Und danke euch bereits im VOraus ohne eure Tipps wäre jetzt schon die eine oder andere wichtige Datei nicht mehr zu finden gewesen! OTL.Txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/2/2011 4:30:25 PM - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Jonsche\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.97 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.58% Memory free 5.93 Gb Paging File | 4.71 Gb Available in Paging File | 79.54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 90.56 Gb Total Space | 45.97 Gb Free Space | 50.77% Space Free | Partition Type: NTFS Drive D: | 192.43 Gb Total Space | 19.59 Gb Free Space | 10.18% Space Free | Partition Type: NTFS Computer Name: JONSCHE-PC | User Name: Jonsche | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jonsche\Downloads\OTL.exe (OldTimer Tools) PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - D:\Program Files\AntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE () PRC - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) PRC - D:\Program Files\RocketDock\RocketDock.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Jonsche\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SASKUTIL) -- D:\Program Files\AntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- D:\Program Files\AntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1072828290-3828818215-1948454868-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-1072828290-3828818215-1948454868-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://eu.ask.com?o=102871&l=dis&gct=hp IE - HKU\S-1-5-21-1072828290-3828818215-1948454868-1001\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1072828290-3828818215-1948454868-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1072828290-3828818215-1948454868-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://eu.ask.com?o=102871&l=dis&gct=hp" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.1.3 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.1.3 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CS-ST&o=102871&locale=de_EU&apn_uid=b06c4211-8645-41f5-977c-a76da0e71fe8&apn_ptnrs=5L&apn_sauid=272300F1-4540-400C-855A-FC6CB2B6771C&apn_dtid=YYYYYYYYBE&q=" FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/01 15:17:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/15 11:53:25 | 000,000,000 | ---D | M] [2010/04/03 14:47:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Extensions [2011/05/26 20:52:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions [2011/06/01 15:27:18 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011/06/01 15:27:18 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/06/01 15:27:18 | 000,000,000 | -H-D | M] (softonic-de3 Community Toolbar) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011/06/01 15:27:18 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\engine@conduit.com [2011/06/01 15:27:18 | 000,000,000 | -H-D | M] (vShare Plugin) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\vshare@toolbar [2011/05/20 17:44:08 | 000,002,399 | -H-- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\askcom.xml [2010/10/19 21:28:08 | 000,000,927 | -H-- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\conduit.xml [2010/11/05 02:12:51 | 000,001,583 | -H-- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\web-search.xml [2011/05/10 18:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/05/10 18:03:39 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- () (No name found) -- C:\USERS\JONSCHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCYARZGS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011/05/15 11:53:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/05/15 11:53:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/05/15 11:53:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/05/15 11:53:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/05/15 11:53:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/05/15 11:53:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/05/15 11:53:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1072828290-3828818215-1948454868-1001\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1072828290-3828818215-1948454868-1001\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-1072828290-3828818215-1948454868-1001..\Run: [EA Core] File not found O4 - HKU\S-1-5-21-1072828290-3828818215-1948454868-1001..\Run: [RocketDock] D:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-1072828290-3828818215-1948454868-1001..\Run: [Steam] D:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-1072828290-3828818215-1948454868-1001..\Run: [SUPERAntiSpyware] D:\Program Files\AntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jonsche\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - Service SafeBootMin: MCODS - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - Service SafeBootNet: MCODS - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.vorbis - C:\windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.dvsd - pdvcodec.dll File not found Drivers32: vidc.mjpg - C:\windows\System32\pvmjpg30.dll (Pegasus Imaging Corporation) Drivers32: VIDC.XVID - xvidvfw.dll File not found Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.) ========== Files/Folders - Created Within 30 Days ========== [2011/06/02 15:49:37 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2011/06/01 19:54:13 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe [2011/06/01 19:51:16 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\AppData\Roaming\SUPERAntiSpyware.com [2011/06/01 19:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011/06/01 19:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011/06/01 19:12:28 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\AppData\Roaming\Malwarebytes [2011/06/01 19:12:21 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011/06/01 19:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/06/01 19:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/06/01 19:12:15 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2011/06/01 18:35:14 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\AppData\Roaming\dvdcss [2011/06/01 13:35:56 | 000,000,000 | -H-D | C] -- C:\Users\Jonsche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery [2011/05/28 18:33:20 | 000,000,000 | -H-D | C] -- C:\Users\Jonsche\AppData\Roaming\go [2011/05/28 18:33:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Easybits GO [2011/05/25 19:16:29 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys [2011/05/14 20:12:27 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\poqexec.exe [2011/05/12 19:04:03 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2011/05/12 19:04:02 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2011/05/10 18:04:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Skype Extras [2011/05/10 18:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011/05/10 18:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2011/05/07 03:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\Jonsche\Desktop\*.tmp files -> C:\Users\Jonsche\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/06/02 15:50:58 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011/06/02 15:49:37 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2011/06/02 15:42:05 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011/06/02 15:41:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/06/01 23:19:57 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/06/01 23:19:57 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/06/01 23:12:01 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys [2011/06/01 19:51:12 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/06/01 19:12:22 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/06/01 13:41:11 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~26795768r [2011/06/01 13:41:11 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~26795768 [2011/06/01 13:35:57 | 000,000,635 | -H-- | M] () -- C:\Users\Jonsche\Desktop\Windows 7 Recovery.lnk [2011/06/01 13:35:46 | 000,000,336 | -H-- | M] () -- C:\ProgramData\26795768 [2011/06/01 13:05:56 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2011/06/01 13:05:56 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2011/06/01 13:05:56 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2011/06/01 13:05:56 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2011/05/31 18:03:33 | 000,000,478 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Jonsche.job [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2011/05/28 18:33:20 | 000,001,656 | -H-- | M] () -- C:\Users\Jonsche\Desktop\Play games (EasyBits GO).lnk [2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe [2011/05/20 18:09:53 | 000,015,669 | -H-- | M] () -- C:\Users\Jonsche\Desktop\Praktikumsbericht_PoWi_Dominik Völlmecke.pdf [2011/05/08 14:18:38 | 003,869,137 | -H-- | M] () -- C:\Users\Jonsche\Desktop\P1080328.JPG [2011/05/08 14:18:34 | 002,477,820 | -H-- | M] () -- C:\Users\Jonsche\Desktop\P1080314.JPG [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\Jonsche\Desktop\*.tmp files -> C:\Users\Jonsche\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/06/01 19:51:12 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/06/01 19:12:22 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/06/01 13:41:11 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~26795768r [2011/06/01 13:41:11 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~26795768 [2011/06/01 13:35:57 | 000,000,635 | -H-- | C] () -- C:\Users\Jonsche\Desktop\Windows 7 Recovery.lnk [2011/06/01 13:35:46 | 000,000,336 | -H-- | C] () -- C:\ProgramData\26795768 [2011/05/28 18:33:20 | 000,001,686 | -H-- | C] () -- C:\Users\Jonsche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play games (EasyBits GO).lnk [2011/05/28 18:33:20 | 000,001,656 | -H-- | C] () -- C:\Users\Jonsche\Desktop\Play games (EasyBits GO).lnk [2011/05/26 20:56:27 | 003,869,137 | -H-- | C] () -- C:\Users\Jonsche\Desktop\P1080328.JPG [2011/05/26 20:56:27 | 002,477,820 | -H-- | C] () -- C:\Users\Jonsche\Desktop\P1080314.JPG [2011/05/20 18:09:52 | 000,015,669 | -H-- | C] () -- C:\Users\Jonsche\Desktop\Praktikumsbericht_PoWi_Dominik Völlmecke.pdf [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\System32\xlive.dll.cat [2011/01/23 15:07:06 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~3qHDVSBfJr [2011/01/23 15:07:05 | 000,000,272 | -H-- | C] () -- C:\ProgramData\~3qHDVSBfJ [2011/01/23 15:05:59 | 000,000,344 | -H-- | C] () -- C:\ProgramData\3qHDVSBfJ [2011/01/22 06:58:30 | 000,016,897 | -H-- | C] () -- C:\Users\Jonsche\AppData\Roaming\4F66.931 [2010/11/16 01:19:15 | 000,004,151 | -H-- | C] () -- C:\ProgramData\ojobkspa.ako [2010/11/12 19:12:54 | 000,032,523 | ---- | C] () -- C:\windows\SGTBoxf.INI [2010/08/19 12:27:24 | 000,000,197 | ---- | C] () -- C:\windows\XLKG_Fr.ini [2010/04/26 00:30:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/04/08 20:18:03 | 000,023,552 | -H-- | C] () -- C:\Users\Jonsche\AppData\Local\WebpageIcons.db [2010/04/03 11:36:15 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2010/04/03 11:21:18 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/12/05 19:37:24 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2009/12/05 19:37:23 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat [2009/12/05 19:37:23 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat [2009/12/05 19:37:23 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2009/12/05 02:36:55 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 06:33:53 | 000,440,816 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin [2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin [2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin [2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat [2007/01/26 02:04:12 | 000,138,752 | ---- | C] () -- C:\windows\System32\mase32.dll [2007/01/26 02:04:12 | 000,027,648 | ---- | C] () -- C:\windows\System32\ma32.dll ========== LOP Check ========== [2010/04/03 14:52:50 | 000,000,000 | -HSD | M] -- C:\Users\Jonsche\AppData\Roaming\.# [2011/03/25 02:15:58 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\Camfrog [2011/05/02 16:36:22 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\DVDVideoSoftIEHelpers [2011/05/28 18:33:20 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\go [2011/06/01 15:27:19 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\gtk-2.0 [2010/05/22 00:23:50 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\Hardcore [2010/11/16 01:19:18 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\MOVAVI [2010/05/23 14:33:23 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\Propellerhead Software [2010/04/08 20:18:56 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\TuneUp Software [2011/04/26 17:32:16 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/04/03 14:52:50 | 000,000,000 | -HSD | M] -- C:\Users\Jonsche\AppData\Roaming\.# [2010/04/04 02:33:14 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\Adobe [2011/03/12 15:55:28 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\Apple Computer [2011/01/23 17:10:18 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\Avira [2011/03/25 02:15:58 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\Camfrog [2010/07/23 14:48:05 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\CyberLink [2010/11/04 14:14:21 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\DivX [2011/06/01 18:40:35 | 000,000,000 | ---D | M] -- C:\Users\Jonsche\AppData\Roaming\dvdcss [2011/05/02 16:36:22 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\DVDVideoSoftIEHelpers [2011/05/28 18:33:20 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\go [2010/04/03 14:37:58 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\Google [2011/06/01 15:27:19 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\gtk-2.0 [2010/05/22 00:23:50 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\Hardcore [2010/04/03 11:38:03 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\Identities [2010/04/03 14:39:02 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\Macromedia [2011/06/01 19:12:28 | 000,000,000 | ---D | M] -- C:\Users\Jonsche\AppData\Roaming\Malwarebytes [2009/12/05 19:26:51 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\Media Center Programs [2011/06/01 15:27:19 | 000,000,000 | --SD | M] -- C:\Users\Jonsche\AppData\Roaming\Microsoft [2010/11/16 01:19:18 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\MOVAVI [2010/04/03 14:47:49 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\Mozilla [2010/05/23 14:33:23 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\Propellerhead Software [2011/06/02 16:30:21 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\Skype [2011/06/01 00:03:12 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\skypePM [2011/06/01 19:51:16 | 000,000,000 | ---D | M] -- C:\Users\Jonsche\AppData\Roaming\SUPERAntiSpyware.com [2010/04/08 20:18:56 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\TuneUp Software [2011/06/01 23:24:45 | 000,000,000 | -H-D | M] -- C:\Users\Jonsche\AppData\Roaming\vlc < %APPDATA%\*.exe /s > [2010/07/08 15:39:40 | 002,568,656 | -H-- | M] (Adobe Systems, Inc.) -- C:\Users\Jonsche\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe < %SYSTEMDRIVE%\*.exe > [2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007/05/17 14:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2009/10/06 08:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe [2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [2009/10/06 07:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe < MD5 for: IASTOR.SYS > [2009/10/13 04:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009/10/13 04:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\drivers\iaStor.sys [2009/10/13 04:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_3f3653f13a033ed4\iaStor.sys [2009/10/13 04:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54 < End of report > Extras.Txt im Anhang. Leider war obige Datei zu groß zum anhängen! Und mein Malware log... Bitte helfen! Danke! Malwarebytes' Anti-Malware 1.51.0.1200 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6745 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 01.06.2011 23:07:58 mbam-log-2011-06-01 (23-07-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 319961 Laufzeit: 1 Stunde(n), 59 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: c:\programdata\ixhkhnvgmidvkh.exe (Trojan.FakeMS) -> 2928 -> No action taken. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iXhkHNVGMIdVKh (Trojan.FakeMS) -> Value: iXhkHNVGMIdVKh -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\ixhkhnvgmidvkh.exe (Trojan.FakeMS) -> No action taken. c:\programdata\26795768.exe (Rogue.FakeHDD) -> No action taken. c:\system volume information\systemrestore\frstaging\Windows\windowsupdate.log (Extension.Mismatch) -> No action taken. c:\Users\Jonsche\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\3THDTRZG\about[1].exe (Trojan.FakeMS) -> No action taken. |
Themen zu Festplatte beschädigt, Probleme mit dem IDE/SATA |
4d36e972-e325-11ce-bfc1-08002be10318, alternate, antivir, autorun, avira, bho, bonjour, browser, c:\windows\system32\rundll32.exe, conduit, converter, desktop, extension.mismatch, festplatte, firefox, home, hängen, logfile, malware, mbamservice.exe, mozilla, mp3, nvlddmkm.sys, nvstor.sys, oldtimer, plug-in, registry, scan, sched.exe, searchplugins, security scan, senden, software, spyware, start menu, super, taskhost.exe, trojan.fakems, trojaner, usb, webcheck, windows, wrapper |