Es hat sich ein VIRUS eingenistet |
||
|---|---|---|
| #0
| ||
|
11.07.2010, 09:53
Member
Themenstarter Beiträge: 262 |
||
 
|
|
|
|
11.07.2010, 10:06
Member
Themenstarter Beiträge: 262 |
#17
OK
Ich habe den Internet Explorer 8 erfolgreich installiert :-) |
|
|
|
|
|
|
11.07.2010, 10:21
Member
Themenstarter Beiträge: 262 |
#18
Auch Windows XP habe ich jetzt erfolgreich aktivieren können.
Wie weit ist der Virus ausgebreitet ? |
|
|
|
|
|
|
11.07.2010, 17:06
Member
Beiträge: 420 |
#19
Ok,
Du hast da anscheinend den TDSS-Rootkit, das Ding ist fies. Wir haben noch etwas Arbeit vor uns. Das Log von TDSSKiller scheint nicht vollständig zu sein, guck bitte noch mal nach. Im Zweifelsfall den TDSSKiller bitte erneut ausführen. Danach arbeite bitte diese Anleitung ab http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird und poste das Log. |
|
|
|
|
|
|
13.07.2010, 18:52
Member
Themenstarter Beiträge: 262 |
#20
Ich komme gerade zurück vom 2 Tages Kurzurlaub und musste festellen das wieder garnichts funktioniert. Explorer lässt sich nicht öffnen, downloads über FF zeigen keine Rückmeldung. Die Exe bekomme ich nicht zum starten.
Bitte eine Alternative um diesen Virus zu beheben. |
|
|
|
|
|
|
13.07.2010, 19:08
Member
Beiträge: 420 |
#21
Tja,
hilft nichts, müssen wir von Vorne anfangen. 1. Mache bitte einen erneuten Quick-Scan mit Malwarebytes, Aktualisierung nicht vergessen. 2. Erneuter Scan mit OTL - starte bitte OTL, klicke auf Run Scan und poste die OTL.txt, nachdem der Scan beendet ist. |
|
|
|
|
|
|
13.07.2010, 21:11
Member
Themenstarter Beiträge: 262 |
#22
OTL habe aufgrund der Systemwiederhersteelung nicht mehr drauf
ich musste einen kleinen Laptop anschliessen um mit euch weiter kontaktaufzunehmen, mit dem Rechner komme ich nun garnicht mehr ins Internet. FF sucht und sucht weisse Seite. Wurde somit auch befallen. Kopfschüttel. Mailwarebytes habe ich auf dem desktop gespeichert ich kann nicht mehr morgen früh ab 8 Uhr bin ich zurück am rechner. bisdahin Gruss Robert |
|
|
|
|
|
|
13.07.2010, 21:12
Member
Themenstarter Beiträge: 262 |
#23
Hoffe das wir morgen früh dieses problem beheben
gerne auch über Telefon 030 66620853 Ich danke gruss Robert |
|
|
|
|
|
|
13.07.2010, 21:32
Member
Beiträge: 420 |
#24
Systemwiederherstellung? *seufz*
Also ehrlich gesagt wäre es vielleicht einfacher und schneller, das System neuaufzusetzen. Ansonsten hol Dir bitte ComboFix (mit dem kleinen Laptop und dann einen Stick benutzen) und führe es gemäß Anleitung auf dem infizierten Rechner aus (ComboFix sollte dabei auf dem Desktop liegen). http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird Poste anschließend das Log. |
|
|
|
|
|
|
14.07.2010, 10:21
Member
Themenstarter Beiträge: 262 |
#25
ComboFix 10-07-13.06 - Admin 14.07.2010 10:03:24.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.3054.2674 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Admin\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000} FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Drivers\pwagrev.sys Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert Kopie von - c:\windows\ServicePackFiles\i386\userinit.exe wurde wiederhergestellt . ((((((((((((((((((((((( Dateien erstellt von 2010-06-14 bis 2010-07-14 )))))))))))))))))))))))))))))) . 2010-07-13 16:24 . 2010-07-13 16:24 -------- d-----w- c:\windows\ie8updates 2010-07-13 16:18 . 2010-07-13 16:18 -------- d-----w- c:\windows\system32\wbem\Repository 2010-07-13 16:18 . 2010-07-13 16:18 -------- d-----w- C:\6643525cf2c0be45efd67939211c71 2010-07-11 08:04 . 2010-07-11 08:04 -------- d-sh--w- c:\dokumente und einstellungen\Admin\IECompatCache 2010-07-11 08:04 . 2010-07-11 08:04 -------- d-sh--w- c:\dokumente und einstellungen\Admin\PrivacIE 2010-07-11 07:58 . 2010-07-11 08:00 -------- dc-h--w- c:\windows\ie8 2010-07-11 07:32 . 2001-08-18 02:53 46080 -c--a-w- c:\windows\system32\dllcache\esunib.dll 2010-07-11 07:32 . 2001-08-18 02:53 46080 -c--a-w- c:\windows\system32\dllcache\esuni.dll 2010-07-11 07:32 . 2001-08-18 02:53 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll 2010-07-11 07:30 . 2001-08-17 11:50 114944 -c--a-w- c:\windows\system32\dllcache\epstw2k.sys 2010-07-11 07:29 . 2001-08-18 02:53 38985 -c--a-w- c:\windows\system32\dllcache\disrvsu.dll 2010-07-11 07:28 . 2001-08-17 10:19 6912 -c--a-w- c:\windows\system32\dllcache\ctlfacem.sys 2010-07-11 07:27 . 2001-08-18 02:53 9728 -c--a-w- c:\windows\system32\dllcache\brserif.dll 2010-07-11 07:26 . 2004-08-03 20:32 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys 2010-07-10 07:06 . 2010-07-10 07:06 -------- d-sh--w- c:\dokumente und einstellungen\Admin\IETldCache 2010-07-10 06:59 . 2010-07-10 06:59 -------- d-sh--w- c:\dokumente und einstellungen\NetworkService\IETldCache 2010-07-10 06:52 . 2010-05-04 17:14 78336 -c--a-w- c:\windows\system32\dllcache\ieencode.dll 2010-07-10 06:52 . 2010-05-04 17:14 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-07-09 09:28 . 2010-07-10 07:31 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Beok 2010-07-09 08:06 . 2010-07-09 08:06 -------- d-----w- C:\_OTL 2010-07-08 14:51 . 2008-04-14 02:23 26624 ----a-w- c:\windows\system32\stu2.exe 2010-07-08 14:35 . 2010-07-13 18:08 -------- d-----w- c:\programme\a-squared Free 2010-06-23 06:00 . 2010-06-23 06:00 501936 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google\Google Toolbar\Update\gtb5E.tmp.exe . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-11 08:01 . 2004-08-04 00:37 23552 ----a-w- c:\windows\system32\drivers\mouclass.sys 2010-07-11 07:28 . 2004-08-04 12:00 45672 ----a-w- c:\windows\system32\perfc007.dat 2010-07-11 07:28 . 2004-08-04 12:00 309810 ----a-w- c:\windows\system32\perfh007.dat 2010-07-10 08:52 . 2010-04-11 11:21 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Tor 2010-07-10 07:26 . 2010-04-11 11:21 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Vidalia 2010-07-10 07:10 . 2009-12-10 08:59 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Ymyxo 2010-07-10 07:00 . 2009-10-08 06:28 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic 2010-07-10 06:14 . 2009-10-08 09:29 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2010-07-08 11:05 . 2010-07-08 14:51 154248 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1031.dat 2010-07-06 16:05 . 2009-04-06 07:25 -------- d-----w- c:\programme\Mozilla Thunderbird 2010-06-30 10:50 . 2009-02-16 16:51 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\ICQ 2010-06-25 16:05 . 2009-03-11 09:49 -------- d-----w- c:\programme\ICQ6.5 2010-06-06 09:28 . 2010-06-06 08:16 -------- d-----w- c:\programme\JAP 2010-06-06 09:28 . 2010-06-06 08:17 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\JonDo 2010-06-06 09:28 . 2010-06-06 09:09 -------- d-----w- c:\programme\kikin 2010-06-06 09:28 . 2010-06-06 09:07 -------- d-----w- c:\programme\softonic-de3 2010-06-06 09:09 . 2010-06-06 09:09 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\kikin 2010-05-24 08:27 . 2010-05-17 15:10 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\bearsharemediabartb 2010-05-17 15:10 . 2010-05-17 15:10 -------- d-----w- c:\programme\BearShare Applications 2010-05-02 08:05 . 2004-08-04 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys 2010-04-30 08:09 . 2010-03-21 10:01 443912 ----a-w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Real\Update\setup3.10\setup.exe 2010-04-29 13:39 . 2009-10-08 09:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2009-10-08 09:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-20 05:29 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys] @="Driver" [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.exe.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hp psc 2000 Series.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\hp psc 2000 Series.lnk backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hpoddt01.exe.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI] 2009-07-11 03:58 2121416 ----a-w- c:\programme\Tall Emu\Online Armor\oaui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2006-03-29 10:54 233512 ----a-w- c:\programme\AntiVir PersonalEdition Classic\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 02:22 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataMngr] 2009-12-27 12:37 184760 ----a-w- c:\programme\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit] 2002-08-28 12:43 73728 ----a-w- c:\windows\Dit.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box] 2010-05-30 06:28 126976 ----a-w- c:\programme\Google\Quick Search Box\GoogleQuickSearchBox.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio] 2006-06-07 16:11 9129984 ----a-w- c:\programme\Intel Audio Studio\IntelAudioStudio.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:22 1695232 ----a-w- c:\programme\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell] 2008-12-18 22:30 323216 ----a-w- c:\programme\Napster\napster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 15:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-09-17 22:55 13574144 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-09-17 22:55 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-09-17 22:55 1657376 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-03-01 09:55 39408 ----a-w- c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-02-28 07:17 185896 ----a-w- c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia] 2010-02-28 03:45 5344807 ----a-w- c:\programme\Vidalia Bundle\Vidalia\vidalia.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\ICQ6.5\\ICQ.exe"= "c:\\Programme\\BearShare Applications\\BearShare\\BearShare.exe"= R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [08.10.2009 16:54 200784] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [08.10.2009 16:54 24656] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [08.10.2009 16:54 29776] R2 a2free;a-squared Free Service;c:\programme\a-squared Free\a2service.exe [08.07.2010 16:35 719392] R2 OAcat;Online Armor Helper Service;c:\programme\Tall Emu\Online Armor\oacat.exe [08.10.2009 16:54 362184] R2 SvcOnlineArmor;Online Armor;c:\programme\Tall Emu\Online Armor\oasrv.exe [08.10.2009 16:54 3142344] S0 klmdb;klmdb;c:\windows\system32\drivers\klmdb.sys --> c:\windows\system32\drivers\klmdb.sys [?] S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [07.02.2010 10:59 135664] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [14.07.2009 12:11 16512] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [08.10.2009 11:30 38224] . Inhalt des "geplante Tasks" Ordners 2009-06-27 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2200 series5E771253C1676EBED677BF361FDFC537825E15B8236153915.job - c:\programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52] 2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programme\Google\Update\GoogleUpdate.exe [2010-02-07 08:59] 2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programme\Google\Update\GoogleUpdate.exe [2010-02-07 08:59] 2010-07-14 c:\windows\Tasks\User_Feed_Synchronization-{EFEF8E6C-0BD5-4F24-BC04-E9CC0FC61AAC}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Zusätzlicher Suchlauf ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s FF - ProfilePath - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\6n81zofd.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ffas&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?.home=ytff FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ffas&p= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 445 FF - prefs.js: network.proxy.type - 1 FF - component: c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\6n81zofd.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\FFExternalAlert.dll FF - component: c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\6n81zofd.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCore.dll FF - plugin: c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\plugins\np-mswmp.dll FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\programme\Java\jre6\bin\npdeploytk.dll FF - plugin: c:\programme\Java\jre6\bin\npjpi160_13.dll FF - plugin: c:\programme\Java\jre6\bin\npoji610.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\npstrlnk.dll ---- FIREFOX Richtlinien ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-14 10:09 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'explorer.exe'(2228) c:\programme\Tall Emu\Online Armor\OAwatch.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\programme\AntiVir PersonalEdition Classic\sched.exe c:\programme\AntiVir PersonalEdition Classic\avguard.exe c:\programme\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-07-14 10:13:43 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-07-14 08:13 Vor Suchlauf: 13 Verzeichnis(se), 240.336.326.656 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 240.361.701.376 Bytes frei WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 17414CE9C84373641F318976CE5033EC |
|
|
|
|
|
|
14.07.2010, 11:39
Member
Beiträge: 420 |
#26
Ok,
1. Lösche bitte den alten TDSSKiller, hol Dir einen frischen, mache einen erneuten Suchlauf und poste das Log. 2. Mache bitte einen erneuten Quick-Scan mit Malwarebytes, Aktualisierung nicht vergessen und poste das Log. 3. Erneuter Scan mit OTL - starte OTL, klicke auf Run Scan und poste die OTL.txt und Extras.txt |
|
|
|
|
|
|
14.07.2010, 12:04
Member
Themenstarter Beiträge: 262 |
#27
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org Datenbank Version: 4312 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 14.07.2010 12:02:05 mbam-log-2010-07-14 (12-02-05).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 118419 Laufzeit: 3 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
|
|
|
|
|
14.07.2010, 12:18
Member
Themenstarter Beiträge: 262 |
#28
OTL logfile created on: 14.07.2010 12:14:46 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 86,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 94,00% Paging File free Paging file location(s): C:\pagefile.sys 1512 3024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,88 Gb Total Space | 223,77 Gb Free Space | 96,09% Space Free | Partition Type: NTFS Drive D: | 37,21 Gb Total Space | 32,16 Gb Free Space | 86,43% Space Free | Partition Type: NTFS Drive E: | 34,88 Gb Total Space | 30,59 Gb Free Space | 87,71% Space Free | Partition Type: NTFS Drive F: | 2,44 Gb Total Space | 2,44 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded Drive H: | 3,76 Gb Total Space | 3,52 Gb Free Space | 93,58% Space Free | Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: MAIN-1B84F08B18 Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010.07.14 12:11:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe PRC - [2009.07.13 11:50:54 | 000,719,392 | ---- | M] (Emsi Software GmbH) -- C:\Programme\a-squared Free\a2service.exe PRC - [2009.07.11 05:58:18 | 000,362,184 | ---- | M] (Tall Emu) -- C:\Programme\Tall Emu\Online Armor\oacat.exe PRC - [2009.07.11 05:58:14 | 003,142,344 | ---- | M] (Tall Emu) -- C:\Programme\Tall Emu\Online Armor\oasrv.exe PRC - [2009.01.08 08:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\Updater6\Adobe_Updater.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.04.07 14:54:09 | 000,191,016 | ---- | M] (AVIRA GmbH) -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe PRC - [2006.04.05 13:03:58 | 000,034,344 | ---- | M] (Avira GmbH) -- C:\Programme\AntiVir PersonalEdition Classic\sched.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010.07.14 12:11:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe MOD - [2009.07.11 05:59:16 | 000,860,360 | ---- | M] (Tall Emu) -- C:\Programme\Tall Emu\Online Armor\oawatch.dll MOD - [2008.04.14 04:22:32 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll MOD - [2008.04.14 04:22:32 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll MOD - [2008.04.14 04:22:32 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009.07.13 11:50:54 | 000,719,392 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\PROGRAMME\A-SQUARED FREE\a2service.exe -- (a2free) SRV - [2009.07.11 05:58:18 | 000,362,184 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Programme\Tall Emu\Online Armor\OAcat.exe -- (OAcat) SRV - [2009.07.11 05:58:14 | 003,142,344 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Programme\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor) SRV - [2006.04.07 14:54:09 | 000,191,016 | ---- | M] (AVIRA GmbH) [Auto | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2006.04.05 13:03:58 | 000,034,344 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) SRV - [2003.03.09 22:31:02 | 000,065,795 | R--- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\drivers\klmdb.sys -- (klmdb) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2009.07.11 05:59:08 | 000,029,776 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet) DRV - [2009.07.11 05:17:14 | 000,024,656 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon) DRV - [2009.07.11 05:17:00 | 000,200,784 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice) DRV - [2009.02.24 09:13:45 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2008.09.18 00:55:00 | 006,132,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2006.06.05 15:49:08 | 000,230,400 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R) DRV - [2006.06.01 14:43:56 | 000,043,264 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2006.05.26 09:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2006.02.22 16:21:30 | 000,007,168 | ---- | M] (H+BEDV Datentechnik GmbH) [Kernel | System | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2005.12.07 13:58:29 | 000,026,112 | ---- | M] (H+BEDV Datentechnik GmbH) [File_System | On_Demand | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2005.12.02 19:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32) DRV - [2002.07.17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ffas&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz3" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz3" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?.home=ytff" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.2 FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ffas&p=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 445 FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.13 20:02:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.13 20:02:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.22 20:29:16 | 000,000,000 | ---D | M] [2009.05.25 11:38:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions [2010.07.13 20:22:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\6n81zofd.default\extensions [2010.06.30 12:40:06 | 000,000,000 | ---D | M] (kikin plugin (Softonic Edition)) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\6n81zofd.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2010.04.11 13:21:26 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\6n81zofd.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.05.17 17:10:28 | 000,000,000 | ---D | M] (MediaBar) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\6n81zofd.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} [2009.12.03 10:54:24 | 000,002,476 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\6n81zofd.default\searchplugins\BearShareWebSearch.xml [2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\6n81zofd.default\searchplugins\conduit.xml [2010.07.13 20:22:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.05.25 11:39:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2008.12.19 00:30:20 | 000,106,128 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll [2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2008.03.15 15:56:14 | 000,002,642 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.07.14 10:09:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Programme\Tall Emu\Online Armor\oaevent.dll (Tall Emu) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.02.16 12:15:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005.11.14 20:40:48 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.03.26 12:59:46 | 000,000,190 | ---- | M] () - H:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{219e8048-bef1-11de-8a77-001676b68f9e}\Shell\AutoRun\command - "" = H:\RECYCLER32\dmgr.exe -- [2009.09.17 11:10:32 | 000,072,704 | ---- | M] () O33 - MountPoints2\{219e8048-bef1-11de-8a77-001676b68f9e}\Shell\open\command - "" = H:\RECYCLER32\dmgr.exe -- [2009.09.17 11:10:32 | 000,072,704 | ---- | M] () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010.07.14 12:14:38 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2010.07.14 12:09:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.07.14 11:57:40 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Dokumente und Einstellungen\Admin\Desktop\TDSSKiller.exe [2010.07.14 11:53:42 | 000,000,000 | ---D | C] -- C:\Programme\ReviverSoft [2010.07.14 11:53:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ReviverSoft [2010.07.14 11:53:13 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Admin\Desktop\mbam146-setup.exe [2010.07.14 11:11:26 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll [2010.07.14 11:11:23 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys [2010.07.14 10:02:34 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.07.14 10:00:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.07.14 10:00:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.07.14 10:00:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.07.14 10:00:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.07.14 10:00:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.07.14 10:00:13 | 000,000,000 | ---D | C] -- C:\ComboFix [2010.07.14 09:55:22 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.07.13 19:58:56 | 000,000,000 | ---D | C] -- C:\Avenger [2010.07.13 18:24:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010.07.13 18:18:32 | 000,000,000 | ---D | C] -- C:\6643525cf2c0be45efd67939211c71 [2010.07.11 10:04:53 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Admin\IECompatCache [2010.07.11 10:04:05 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Admin\PrivacIE [2010.07.11 09:58:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.07.11 09:32:29 | 000,046,080 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll [2010.07.11 09:32:27 | 000,046,080 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll [2010.07.11 09:32:22 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll [2010.07.11 09:31:23 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll [2010.07.11 09:31:22 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys [2010.07.11 09:31:20 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys [2010.07.11 09:31:18 | 000,347,870 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys [2010.07.11 09:31:17 | 000,594,558 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys [2010.07.11 09:31:15 | 000,595,999 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys [2010.07.11 09:31:13 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys [2010.07.11 09:31:12 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys [2010.07.11 09:31:10 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys [2010.07.11 09:31:08 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys [2010.07.11 09:31:06 | 000,062,464 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe [2010.07.11 09:31:05 | 000,052,224 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe [2010.07.11 09:31:03 | 000,053,760 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe [2010.07.11 09:31:01 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys [2010.07.11 09:30:59 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys [2010.07.11 09:30:57 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys [2010.07.11 09:30:56 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys [2010.07.11 09:30:55 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys [2010.07.11 09:30:51 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys [2010.07.11 09:30:50 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys [2010.07.11 09:30:49 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys [2010.07.11 09:30:48 | 000,176,128 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys [2010.07.11 09:30:47 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys [2010.07.11 09:30:45 | 000,455,711 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el985n51.sys [2010.07.11 09:30:44 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys [2010.07.11 09:30:43 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys [2010.07.11 09:30:42 | 000,241,270 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys [2010.07.11 09:30:41 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys [2010.07.11 09:30:39 | 000,634,198 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys [2010.07.11 09:30:38 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys [2010.07.11 09:30:37 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys [2010.07.11 09:30:36 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys [2010.07.11 09:30:35 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys [2010.07.11 09:30:34 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys [2010.07.11 09:30:33 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys [2010.07.11 09:30:24 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys [2010.07.11 09:30:23 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys [2010.07.11 09:30:22 | 000,051,743 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys [2010.07.11 09:30:19 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax [2010.07.11 09:30:17 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys [2010.07.11 09:30:16 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys [2010.07.11 09:30:14 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys [2010.07.11 09:30:12 | 000,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys [2010.07.11 09:30:11 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys [2010.07.11 09:30:10 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys [2010.07.11 09:30:09 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys [2010.07.11 09:30:06 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys [2010.07.11 09:30:06 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys [2010.07.11 09:30:05 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys [2010.07.11 09:30:04 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys [2010.07.11 09:30:00 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe [2010.07.11 09:29:59 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll [2010.07.11 09:29:57 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll [2010.07.11 09:29:55 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys [2010.07.11 09:29:54 | 000,626,717 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe [2010.07.11 09:29:53 | 000,042,880 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys [2010.07.11 09:29:52 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll [2010.07.11 09:29:52 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys [2010.07.11 09:29:51 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll [2010.07.11 09:29:50 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll [2010.07.11 09:29:49 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll [2010.07.11 09:29:48 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll [2010.07.11 09:29:47 | 000,090,717 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys [2010.07.11 09:29:46 | 000,103,524 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys [2010.07.11 09:29:45 | 000,135,252 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll [2010.07.11 09:29:44 | 000,038,087 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys [2010.07.11 09:29:43 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll [2010.07.11 09:29:41 | 000,424,477 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll [2010.07.11 09:29:40 | 000,029,851 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys [2010.07.11 09:29:39 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys [2010.07.11 09:29:38 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys [2010.07.11 09:29:37 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe [2010.07.11 09:29:36 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll [2010.07.11 09:29:35 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys [2010.07.11 09:29:34 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys [2010.07.11 09:29:33 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll [2010.07.11 09:29:32 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll [2010.07.11 09:29:31 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys [2010.07.11 09:29:30 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll [2010.07.11 09:29:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll [2010.07.11 09:29:26 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys [2010.07.11 09:29:26 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys [2010.07.11 09:29:18 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys [2010.07.11 09:29:17 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll [2010.07.11 09:29:16 | 000,050,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys [2010.07.11 09:29:15 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll [2010.07.11 09:29:14 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll [2010.07.11 09:29:13 | 000,051,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys [2010.07.11 09:29:12 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll [2010.07.11 09:29:11 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys [2010.07.11 09:29:10 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys [2010.07.11 09:29:10 | 000,017,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys [2010.07.11 09:29:09 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys [2010.07.11 09:29:07 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys [2010.07.11 09:29:06 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys [2010.07.11 09:29:05 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys [2010.07.11 09:29:04 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys [2010.07.11 09:29:03 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys [2010.07.11 09:29:02 | 000,252,928 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll [2010.07.11 09:29:02 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll [2010.07.11 09:29:01 | 000,096,256 | ---- | C] (Copyright (C) Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys [2010.07.11 09:29:00 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys [2010.07.11 09:28:59 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys [2010.07.11 09:28:58 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll [2010.07.11 09:28:57 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys [2010.07.11 09:28:56 | 000,216,576 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll [2010.07.11 09:28:55 | 000,061,130 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys [2010.07.11 09:28:54 | 000,022,045 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys [2010.07.11 09:28:53 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys [2010.07.11 09:28:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys [2010.07.11 09:28:49 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys [2010.07.11 09:28:48 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll [2010.07.11 09:28:47 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys [2010.07.11 09:28:46 | 000,020,864 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys [2010.07.11 09:28:46 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys [2010.07.11 09:28:45 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys [2010.07.11 09:28:44 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll [2010.07.11 09:28:44 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll [2010.07.11 09:28:43 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll [2010.07.11 09:28:43 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys [2010.07.11 09:28:41 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys [2010.07.11 09:28:41 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys [2010.07.11 09:28:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys [2010.07.11 09:28:36 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys [2010.07.11 09:28:35 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys [2010.07.11 09:28:35 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys [2010.07.11 09:28:34 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys [2010.07.11 09:28:34 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys [2010.07.11 09:28:32 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys [2010.07.11 09:28:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys [2010.07.11 09:28:31 | 000,715,210 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys [2010.07.11 09:28:31 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys [2010.07.11 09:28:30 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys [2010.07.11 09:28:30 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys [2010.07.11 09:28:29 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll [2010.07.11 09:28:28 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys [2010.07.11 09:28:25 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll [2010.07.11 09:28:25 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax [2010.07.11 09:28:24 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax [2010.07.11 09:28:24 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll [2010.07.11 09:28:23 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll [2010.07.11 09:28:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax [2010.07.11 09:28:22 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys [2010.07.11 09:28:22 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys [2010.07.11 09:28:21 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys [2010.07.11 09:28:02 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys [2010.07.11 09:28:01 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys [2010.07.11 09:28:01 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys [2010.07.11 09:28:00 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys [2010.07.11 09:28:00 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys [2010.07.11 09:27:59 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll [2010.07.11 09:27:59 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll [2010.07.11 09:27:58 | 000,039,808 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys [2010.07.11 09:27:58 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys [2010.07.11 09:27:57 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll [2010.07.11 09:27:56 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe [2010.07.11 09:27:56 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll [2010.07.11 09:27:55 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll [2010.07.11 09:27:55 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll [2010.07.11 09:27:54 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys [2010.07.11 09:27:54 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys [2010.07.11 09:27:54 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys [2010.07.11 09:27:53 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll [2010.07.11 09:27:53 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll [2010.07.11 09:27:52 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll [2010.07.11 09:27:51 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll [2010.07.11 09:27:50 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys [2010.07.11 09:27:50 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax [2010.07.11 09:27:50 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys [2010.07.11 09:27:49 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys [2010.07.11 09:27:49 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys [2010.07.11 09:27:49 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys [2010.07.11 09:27:48 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys [2010.07.11 09:27:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys [2010.07.11 09:27:47 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll [2010.07.11 09:27:47 | 000,097,440 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys [2010.07.11 09:27:46 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys [2010.07.11 09:27:46 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys [2010.07.11 09:27:46 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys [2010.07.11 09:27:45 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll [2010.07.11 09:27:45 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll [2010.07.11 09:27:44 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys [2010.07.11 09:27:44 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys [2010.07.11 09:27:43 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys [2010.07.11 09:27:39 | 000,070,784 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys [2010.07.11 09:27:38 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll [2010.07.11 09:27:37 | 000,281,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys [2010.07.11 09:27:37 | 000,075,392 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys [2010.07.11 09:27:36 | 000,289,920 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys [2010.07.11 09:27:36 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe [2010.07.11 09:27:35 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll [2010.07.11 09:27:35 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll [2010.07.11 09:27:35 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll [2010.07.11 09:27:33 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys [2010.07.11 09:27:33 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll [2010.07.11 09:27:33 | 000,077,824 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys [2010.07.11 09:27:32 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys [2010.07.11 09:27:32 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys [2010.07.11 09:27:32 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys [2010.07.11 09:27:31 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys [2010.07.11 09:27:30 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys [2010.07.11 09:27:30 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys [2010.07.11 09:27:30 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys [2010.07.11 09:27:29 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys [2010.07.11 09:27:29 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys [2010.07.11 09:27:29 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys [2010.07.11 09:27:28 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys [2010.07.11 09:27:28 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys [2010.07.11 09:27:28 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys [2010.07.11 09:27:26 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax [2010.07.11 09:26:40 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys [2010.07.11 09:26:40 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys [2010.07.11 09:26:40 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys [2010.07.11 09:26:40 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys [2010.07.11 09:26:39 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys [2010.07.11 09:26:39 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys [2010.07.11 09:26:39 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys [2010.07.11 09:26:38 | 000,061,952 | ---- | C] (Farb-Flachbett-Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll [2010.07.11 09:26:38 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys [2010.07.11 09:26:37 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys [2010.07.11 09:26:37 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys [2010.07.11 09:26:37 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys [2010.07.11 09:26:37 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys [2010.07.11 09:26:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys [2010.07.11 09:26:36 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll [2010.07.11 09:26:36 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll [2010.07.11 09:26:36 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll [2010.07.11 09:26:35 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys [2010.07.11 09:26:35 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll [2010.07.11 09:26:35 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys [2010.07.11 09:26:35 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys [2010.07.11 09:26:35 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys [2010.07.11 09:26:34 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys [2010.07.11 09:26:20 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll [2010.07.10 09:06:47 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Admin\IETldCache [2010.07.10 08:52:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll [2010.07.10 08:52:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll [2010.07.09 11:28:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Beok [2010.07.09 10:06:59 | 000,000,000 | ---D | C] -- C:\_OTL [2010.07.09 09:31:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.07.08 16:51:18 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stu2.exe [2010.07.08 16:35:39 | 000,000,000 | ---D | C] -- C:\Programme\a-squared Free [2010.07.08 16:35:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\a-squared Free [2010.07.08 16:32:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.06.28 08:03:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\lap-rechnungen [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010.07.14 12:15:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EFEF8E6C-0BD5-4F24-BC04-E9CC0FC61AAC}.job [2010.07.14 12:14:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.07.14 12:12:55 | 005,505,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\NTUSER.DAT [2010.07.14 12:11:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2010.07.14 11:58:39 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.14 11:53:58 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Registry Reviver-Admin-Startup.job [2010.07.14 11:53:45 | 000,001,817 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Registry Reviver.lnk [2010.07.14 11:52:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Admin\Desktop\mbam146-setup.exe [2010.07.14 11:20:18 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml [2010.07.14 11:15:52 | 000,200,712 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.07.14 11:15:52 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.07.14 11:15:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.14 11:15:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.14 10:10:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.07.14 10:09:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.07.14 10:02:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010.07.14 09:53:04 | 003,739,352 | R--- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\ComboFix.exe [2010.07.13 20:06:25 | 000,000,628 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\a-squared Free.lnk [2010.07.13 20:02:05 | 000,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.07.13 19:39:16 | 000,000,780 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\bernd-sievers.rtf [2010.07.13 19:32:51 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\kerns.rtf [2010.07.13 18:36:25 | 000,001,316 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.13 18:36:25 | 000,001,316 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak [2010.07.13 18:24:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.07.11 09:28:19 | 000,703,178 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.07.11 09:28:19 | 000,309,810 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.07.11 09:28:19 | 000,305,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.07.11 09:28:19 | 000,045,672 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.07.11 09:28:19 | 000,037,760 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.07.11 09:15:42 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF [2010.07.10 09:48:54 | 000,000,532 | ---- | M] () -- C:\WINDOWS\win.ini [2010.07.10 09:48:54 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010.07.10 09:32:45 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Admin\ntuser.ini [2010.06.30 17:25:00 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Dokumente und Einstellungen\Admin\Desktop\TDSSKiller.exe [2010.06.30 12:35:09 | 000,000,263 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Parallels Confixx.url [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010.07.14 11:53:58 | 000,000,362 | ---- | C] () -- C:\WINDOWS\tasks\Registry Reviver-Admin-Startup.job [2010.07.14 11:53:45 | 000,001,817 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Registry Reviver.lnk [2010.07.14 10:16:50 | 000,000,780 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\bernd-sievers.rtf [2010.07.14 10:15:59 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\kerns.rtf [2010.07.14 10:02:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010.07.14 10:02:36 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.07.14 10:00:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.07.14 10:00:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.07.14 10:00:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.07.14 10:00:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.07.14 10:00:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.07.14 09:55:02 | 003,739,352 | R--- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\ComboFix.exe [2010.07.13 20:06:25 | 000,000,628 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\a-squared Free.lnk [2010.07.11 10:04:52 | 000,000,418 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EFEF8E6C-0BD5-4F24-BC04-E9CC0FC61AAC}.job [2010.07.11 09:30:03 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll [2010.07.11 09:30:02 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll [2010.07.11 09:30:01 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll [2010.07.11 09:29:58 | 000,031,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\disrvpp.dll [2010.07.11 09:27:42 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys [2010.07.11 09:27:41 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys [2010.07.11 09:27:41 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys [2010.07.11 09:27:40 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys [2010.07.11 09:27:40 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys [2010.07.11 09:27:40 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys [2010.07.11 09:27:39 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys [2010.07.11 09:27:39 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys [2010.07.11 09:27:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys [2010.07.11 09:27:34 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys [2010.07.11 09:15:38 | 000,005,208 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF [2010.07.08 16:49:20 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.08 08:48:46 | 000,000,056 | ---- | C] () -- C:\WINDOWS\uilib.INI [2010.01.07 17:50:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009.08.16 10:26:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.02.28 18:42:24 | 000,001,176 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009.02.16 14:46:29 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI [2009.02.16 14:46:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL [2009.02.16 13:38:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\Dit.DLL [2009.02.16 13:38:31 | 000,000,208 | ---- | C] () -- C:\WINDOWS\Dit.INI [2008.09.18 00:55:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008.09.18 00:55:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008.09.18 00:55:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008.09.18 00:55:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008.09.18 00:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2003.11.18 10:03:28 | 000,200,704 | --S- | C] () -- C:\WINDOWS\System32\archlib.dll [2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll < End of report > |
|
|
|
|
|
|
14.07.2010, 12:57
Member
Beiträge: 420 |
#29
1. Starte OTL, kopiere unten in das Script-Feld rein
Zitat :OTLund klicke auf Run Fix. Fix Log bitte posten. 2. Gmer http://www.gmer.net/ Gmer downloaden, ausführen. Falls eine Abfrage kommt, ob wegen Rootkit-Aktivitäten ein vollständiger Systemscan erwünscht ist, No wählen. Auf der rechten Seite Häkchen entfernen bei IAT/EAT Allen Laufwerken außer C: Show All Auf Scan klicken und das Ende des Scans abwarten. Mit Save kann das Log abgespeichert werden, dieses Log bitte posten. 3. Reiche das Log vom TDSSKiller und die Extras.txt nach 4. Falls Laufwerk H: Dein Stick ist, formatiere ihn bitte |
|
|
|
|
|
|
14.07.2010, 13:32
Member
Themenstarter Beiträge: 262 |
#30
All processes killed
========== OTL ========== Service klmdb stopped successfully! Service klmdb deleted successfully! File C:\WINDOWS\System32\drivers\klmdb.sys not found. Service catchme stopped successfully! Service catchme deleted successfully! File C:\ComboFix\catchme.sys not found. Prefs.js: "127.0.0.1" removed from network.proxy.http Prefs.js: 445 removed from network.proxy.http_port Prefs.js: 1 removed from network.proxy.type Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{219e8048-bef1-11de-8a77-001676b68f9e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219e8048-bef1-11de-8a77-001676b68f9e}\ not found. H:\RECYCLER32\dmgr.exe moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{219e8048-bef1-11de-8a77-001676b68f9e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219e8048-bef1-11de-8a77-001676b68f9e}\ not found. File H:\RECYCLER32\dmgr.exe not found. ========== FILES ========== c:\windows\system32\stu2.exe moved successfully. c:\dokumente und einstellungen\Admin\Anwendungsdaten\Ymyxo folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Admin ->Temp folder emptied: 6256378 bytes ->Temporary Internet Files folder emptied: 5280609 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 45974423 bytes ->Flash cache emptied: 2812 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 20093278 bytes Total Files Cleaned = 74,00 mb [EMPTYFLASH] User: Admin ->Flash cache emptied: 0 bytes User: All Users User: Default User User: LocalService User: NetworkService ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb Error: Unable to interpret <Quelle: http://board.protecus.de/t39953-2.htm#ixzz0tefmbUCZ> in the current context! OTL by OldTimer - Version 3.2.9.0 log created on 07142010_132740 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
09:30:12:254 2448 ================================================================================
09:30:12:254 2448 SystemInfo:
09:30:12:254 2448 OS Version: 5.1.2600 ServicePack: 3.0
09:30:12:254 2448 Product type: Workstation
09:30:12:254 2448 ComputerName: MAIN-1B84F08B18
09:30:12:254 2448 UserName: Admin
09:30:12:254 2448 Windows directory: C:\WINDOWS
09:30:12:254 2448 System windows directory: C:\WINDOWS
09:30:12:254 2448 Processor architecture: Intel x86
09:30:12:254 2448 Number of processors: 2
09:30:12:254 2448 Page size: 0x1000
09:30:12:254 2448 Boot type: Normal boot
09:30:12:254 2448 ================================================================================
09:30:12:504 2448 Initialize success
09:30:12:504 2448
09:30:12:504 2448 Scanning Services ...
09:30:12:847 2448 Raw services enum returned 296 services
09:30:12:863 2448
09:30:12:863 2448 Scanning Drivers ...
09:30:14:097 2448 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:30:14:144 2448 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:30:14:191 2448 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:30:14:269 2448 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
09:30:14:316 2448 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
09:30:14:410 2448 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:30:14:566 2448 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
09:30:14:613 2448 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:30:14:644 2448 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:30:14:691 2448 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:30:14:754 2448 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:30:14:832 2448 avgio (df0641db51e14ca0f2f48d992f934d06) C:\Programme\AntiVir PersonalEdition Classic\avgio.sys
09:30:14:863 2448 avgntflt (f12cb3e0a3c737f05d88dd7239f03edc) C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys
09:30:14:925 2448 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:30:14:957 2448 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:30:14:972 2448 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:30:15:019 2448 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:30:15:050 2448 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:30:15:113 2448 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:30:15:160 2448 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
09:30:15:175 2448 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
09:30:15:191 2448 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys