| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: wuaucld.exe bitte um schnelle Hilfe!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.06.2010, 21:24
| #1 | |
 |  wuaucld.exe bitte um schnelle Hilfe! Hallo, ich habe bei Schuelervz eine Nachricht bekommen mit dem Inhalt: "Hallo, bist du das  h**p://xx.xxx.190.177/picload/2806party.php" Ich war zwar verwundert, das die Endung .php statt .jpg ist, aber ich klickte trotzdem drauf, da ich von der Person keinen Virus erwartete. Im neuen Tab öffnete sich ein verpixeltes Bild mit einer Meldung, ich sollte Java zulassen. Da mir die Seite yfrog als vertrauenswürdig vorkam, lies ich den Haken bei "immer als vertraunswürdig..." drin. Nunja es passierte nichts, außer das sich "Windows Defender" öffnete. Ich bemerkte, das ich die selbe nachricht auf einmal "von selbst" an meine Freundesliste gesendet habe. Mein System fing dann nach einem Neustart an rumzuspacken (DNS Probleme, Flooding mit 25Mbit/s an meinen Router...) Als mein Internet garnicht mehr ging, installierte ich mir einen Netzwerkmonitor, der mir anzeigte, das eine unbekannte anwendung sau viel hochlädt. Direkt darunter war eine Datei namens "wuaucld.exe" ich googelte kurz, und hab den Prozess gekickt. Aufeinmal War mein Flooding weg. Die Datei habe ich bei virustotal hochgeladen, Ergebnis: 0/41 =( Ein kompletter Avira & Kaspersky scan brachten auch nichts. Auf einer Seite fand ich dann: Zitat:
**p-92-241-190-177-picload-2806party-php Botnetzwerk: passt mit dem Flooding zusammen SVZ, MVZ.. login passt auch Dateiort/name: passt auch So, habe die Datei gerade an Avira & Kaspersky per mail gesendet. Nun wollte ich gerne wissen, ob man rausfinden kann, ob ich noch mehrere schädliche Dateien habe (also was tut der Virus genau), wie oben vom Stealer die Rede ist, denn ich habe eine Menge an PW's im FF gespeichert, und da hört der Spaß auf! EDIT: HiJackThis O23 - Service: Windows Defender Service (Windows Defender) - Unknown owner - C:\Windows\system32\wuaucld.exe (file missing) Geändert von Hannibal2803 (09.06.2010 um 21:34 Uhr) |
|
09.06.2010, 22:25
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | wuaucld.exe bitte um schnelle Hilfe! Hallo und
__________________ Zitat:
 Lad sie bitte auch mal bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html Bitte danach einen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
09.06.2010, 23:37
| #3 |
| | wuaucld.exe bitte um schnelle Hilfe!Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4184
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
09.06.2010 23:58:43
mbam-log-2010-06-09 (23-58-43).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 135118
Laufzeit: 12 Minute(n), 30 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter OTL logfile created on: 10.06.2010 00:00:45 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\***\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 93,15 Gb Total Space | 26,98 Gb Free Space | 28,96% Space Free | Partition Type: NTFS Drive D: | 139,73 Gb Total Space | 89,60 Gb Free Space | 64,13% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 962,07 Mb Total Space | 928,28 Mb Free Space | 96,49% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded a Computer Name: HANNIBAL Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\***\Downloads\ArcaVirMicroScan\arcavirmicroscan.exe (ArcaBit) PRC - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\NetBalancer\SeriousBit.NetBalancer.Service.exe (Microsoft) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Sandboxie\SandboxieCrypto.exe (tzuk) PRC - C:\Programme\Sandboxie\SandboxieRpcSs.exe (tzuk) PRC - C:\Programme\Sandboxie\SandboxieDcomLaunch.exe (tzuk) PRC - C:\Programme\Sandboxie\SbieSvc.exe (tzuk) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\ASUS\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Programme\ASUS\ATK Media\DMedia.exe (ASUS) PRC - C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Programme\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\ASUS\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe () ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Windows Defender) -- File not found SRV - (NetBalancer Windows Service) -- C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe (Microsoft) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (ASLDRService) -- C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe () ========== Driver Services (SafeList) ========== DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation) DRV - (Nbdrv) -- C:\Windows\System32\drivers\nbdrv.sys (SeriousBit) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (ITETech ) DRV - (ABndisMP) -- C:\Windows\System32\drivers\abndis.sys (ArcaBit) DRV - (ABndis) -- C:\Windows\System32\drivers\abndis.sys (ArcaBit) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ASUS) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation) DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.) DRV - (ASMMAP) -- C:\Programme\ATKGFNEX\ASMMAP.sys () DRV - (AF05BDA) -- C:\Windows\System32\drivers\AF05BDA.sys (AfaTech ) DRV - (TS111_USB) -- C:\Windows\System32\drivers\TS111USB.sys (Deutsche Telekom AG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 CC 9F 5F 43 E5 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = bbs2isa:8080 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..network.proxy.backup.ftp: "bbs2isa" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.gopher: "bbs2isa" FF - prefs.js..network.proxy.backup.gopher_port: 8080 FF - prefs.js..network.proxy.backup.socks: "bbs2isa" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "bbs2isa" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "bbs2isa" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "bbs2isa" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "bbs2isa" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "bbs2isa" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "bbs2isa" FF - prefs.js..network.proxy.ssl_port: 8080 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.29 13:12:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.03 18:53:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.05.05 16:58:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.06.03 18:53:32 | 000,000,000 | ---D | M] [2010.04.28 17:42:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.04.28 17:42:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.06.09 19:42:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\b4hi09sa.default\extensions [2010.05.31 19:27:34 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\b4hi09sa.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.05.29 20:32:43 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\b4hi09sa.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef} [2010.05.27 16:15:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\b4hi09sa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.05.02 13:03:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\b4hi09sa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.25 20:18:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\b4hi09sa.default\extensions\illimitux@illimitux.net [2010.06.09 19:42:16 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.06.09 14:36:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.06.09 19:34:18 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\arcabit@www.arcabit.pl [2010.06.09 14:36:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.08 17:13:31 | 000,403,788 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 13964 more lines... O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O4 - HKLM..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKCU..\Run: [NetBalancer] C:\Programme\NetBalancer\SeriousBit.NetBalancer.Tray.exe (SeriousBit) O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll File not found O9 - Extra 'Tools' menuitem : ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll File not found O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.09 23:45:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.06.09 23:45:11 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.06.09 23:44:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.06.09 23:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.09 23:44:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.06.09 23:44:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.09 21:51:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ArcaVirMicroScan [2010.06.09 21:16:32 | 000,000,000 | R--D | C] -- C:\Sandbox [2010.06.09 21:07:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.06.09 19:34:18 | 000,034,312 | ---- | C] (ArcaBit) -- C:\Windows\System32\drivers\abndis.sys [2010.06.09 19:33:39 | 000,000,000 | ---D | C] -- C:\Programme\ArcaBit [2010.06.09 19:31:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard [2010.06.09 18:46:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SeriousBit [2010.06.09 18:42:49 | 000,028,776 | ---- | C] (SeriousBit) -- C:\Windows\System32\drivers\nbdrv.sys [2010.06.09 18:42:48 | 000,000,000 | ---D | C] -- C:\Programme\NetBalancer [2010.06.09 17:39:12 | 001,178,112 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys [2010.06.09 17:39:12 | 001,178,112 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys [2010.06.09 17:39:12 | 000,000,000 | ---D | C] -- C:\Programme\Atheros [2010.06.09 17:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2010.06.09 17:38:41 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ndis6xWin7 [2010.06.09 17:38:41 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Install_CD [2010.06.09 14:37:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2010.06.09 14:36:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.06.09 14:36:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.06.09 14:36:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.06.09 14:36:10 | 000,000,000 | ---D | C] -- C:\Programme\Java [2010.06.09 14:11:45 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2010.06.09 12:09:10 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.06.09 12:09:08 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.06.09 12:09:06 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.06.09 12:09:05 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.06.09 12:09:05 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.06.09 12:09:05 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.06.09 12:08:29 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.06.09 12:08:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.06.09 11:40:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Notepad++ [2010.06.09 11:40:21 | 000,000,000 | ---D | C] -- C:\Programme\Notepad++ [2010.06.08 13:39:31 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.06.08 13:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.06.07 20:40:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MetaGeek,_LLC [2010.06.07 20:37:49 | 000,000,000 | ---D | C] -- C:\Programme\MetaGeek [2010.06.07 09:58:44 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eigene virtuelle Computer [2010.06.07 09:47:36 | 000,229,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMM.sys [2010.06.06 21:03:12 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Virtual PC [2010.06.06 20:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Siemens [2010.06.06 20:16:56 | 000,000,000 | ---D | C] -- C:\Windows\TempRASETUP [2010.06.06 20:15:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP [2010.06.06 19:53:10 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\FFOutput [2010.06.05 19:56:53 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner (2) [2010.06.05 18:03:35 | 000,000,000 | ---D | C] -- C:\Programme\IPACS [2010.06.05 17:36:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\BS [2010.06.05 16:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010.06.05 16:01:51 | 000,000,000 | ---D | C] -- C:\Programme\AC3D 6.5.28 [2010.06.05 14:49:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.06.05 14:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2010.06.05 14:10:53 | 000,000,000 | ---D | C] -- C:\Programme\Adobe Media Player [2010.06.05 14:08:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR [2010.06.05 11:33:51 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Research [2010.06.05 11:28:54 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\WPanorama [2010.06.04 14:47:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SKIDROW [2010.06.03 19:14:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DivX [2010.06.03 18:58:34 | 000,000,000 | ---D | C] -- C:\divx [2010.06.03 18:53:12 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared [2010.06.03 18:53:12 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2010.06.03 18:49:13 | 000,000,000 | ---D | C] -- C:\Programme\Sandboxie [2010.06.03 18:09:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ManyCam [2010.06.03 18:09:43 | 000,000,000 | ---D | C] -- C:\Programme\ManyCam 2.4 [2010.06.03 18:09:34 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com [2010.06.03 14:54:27 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.06.01 13:06:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mumble [2010.06.01 13:05:45 | 000,000,000 | ---D | C] -- C:\Programme\Mumble [2010.06.01 11:50:47 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Internet [2010.05.31 13:41:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\avidemux [2010.05.31 13:21:23 | 000,000,000 | ---D | C] -- C:\Programme\Xvid [2010.05.31 13:17:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MPEG Streamclip [2010.05.30 18:23:28 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages [2010.05.30 18:23:27 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp [2010.05.30 18:23:23 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media-Komponenten [2010.05.30 18:13:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.purple [2010.05.29 14:55:37 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ChristmasBound [2010.05.28 21:20:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\LogMeIn Hamachi [2010.05.28 21:20:14 | 000,000,000 | ---D | C] -- C:\Programme\LogMeIn Hamachi [2010.05.28 13:01:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FileZilla [2010.05.27 17:58:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nvu [2010.05.27 16:16:36 | 000,000,000 | ---D | C] -- C:\Users\***\dwhelper [2010.05.26 20:31:56 | 000,182,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft3.dll [2010.05.26 20:31:56 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\System32\tm20dec.ax [2010.05.26 20:31:56 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LMRTREND.dll [2010.05.26 20:31:53 | 000,217,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\strmdll.dll [2010.05.26 20:31:53 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unam4ie.exe [2010.05.26 20:31:52 | 001,088,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\danim.dll [2010.05.26 20:31:52 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz.drv [2010.05.26 20:31:51 | 000,194,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcut.dll [2010.05.26 20:31:49 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w95inf32.dll [2010.05.26 20:31:49 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w95inf16.dll [2010.05.26 20:31:24 | 000,000,000 | ---D | C] -- C:\Programme\Team17 [2010.05.26 20:30:42 | 000,315,904 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe [2010.05.26 11:35:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.05.25 14:35:41 | 000,000,000 | ---D | C] -- C:\Programme\TeamViewer [2010.05.24 18:18:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera [2010.05.24 18:18:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera [2010.05.24 18:18:34 | 000,000,000 | ---D | C] -- C:\Programme\Opera [2010.05.23 20:53:38 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Winamp [2010.05.22 15:09:20 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Wally [2010.05.22 00:21:09 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0 [2010.05.20 16:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TerraTec [2010.05.20 16:39:41 | 001,047,552 | R--- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71u.dll [2010.05.20 16:39:41 | 000,061,440 | R--- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71ITA.DLL [2010.05.20 16:39:41 | 000,061,440 | R--- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71FRA.DLL [2010.05.20 16:39:41 | 000,061,440 | R--- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71ESP.DLL [2010.05.20 16:39:41 | 000,057,344 | R--- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71ENU.DLL [2010.05.20 16:39:41 | 000,049,152 | R--- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71KOR.DLL [2010.05.20 16:39:41 | 000,049,152 | R--- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71JPN.DLL [2010.05.20 16:39:40 | 001,060,864 | R--- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.dll [2010.05.20 16:39:40 | 000,065,536 | R--- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71DEU.DLL [2010.05.20 16:39:40 | 000,045,056 | R--- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71CHT.DLL [2010.05.20 16:39:40 | 000,040,960 | R--- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71CHS.DLL [2010.05.20 16:38:47 | 000,000,000 | ---D | C] -- C:\Programme\TerraTec [2010.05.20 16:36:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TerraTec [2010.05.20 16:34:42 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InstallShield [2010.05.20 16:11:48 | 000,489,952 | ---- | C] (ITETech ) -- C:\Windows\System32\drivers\AF15BDA.sys [2010.05.20 16:11:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\TerraTec [2010.05.19 17:29:08 | 000,000,000 | ---D | C] -- C:\Programme\Super Mario Blue Twilight DX [2010.05.18 16:56:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TechSmith [2010.05.18 10:57:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google [2010.05.18 10:57:19 | 000,000,000 | ---D | C] -- C:\Programme\Google [2010.05.17 19:50:34 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\Scanned Documents [2010.05.17 19:50:34 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Fax [2010.05.17 15:44:04 | 000,000,000 | ---D | C] -- C:\xampplite [2010.05.17 11:33:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\fretsonfire [2010.05.17 11:27:59 | 000,000,000 | ---D | C] -- C:\Programme\Frets on Fire [2010.05.15 15:53:06 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll [2010.05.15 15:53:06 | 000,318,976 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll [2010.05.15 15:53:03 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2010.05.15 15:53:03 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll [2010.05.15 15:53:01 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5 [2010.05.15 12:48:48 | 000,000,000 | ---D | C] -- C:\Programme\ASUS [2010.05.15 12:48:06 | 000,000,000 | ---D | C] -- C:\Programme\ATKGFNEX [2010.05.15 12:47:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield [2010.05.15 12:47:33 | 000,014,392 | ---- | C] (ASUS) -- C:\Windows\System32\drivers\ATKACPI.sys [2010.05.13 14:41:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bilder [2010.05.13 14:22:42 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Aspyr [2010.05.13 14:22:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Aspyr [2010.05.13 14:11:03 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll [2010.05.13 14:11:03 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll [2010.05.13 14:11:03 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll [2010.05.13 14:11:00 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll [2010.05.13 14:10:59 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll [2010.05.13 14:10:59 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2010.05.13 14:10:59 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll [2010.05.13 14:10:59 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll [2010.05.13 14:10:59 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll [2010.05.13 14:10:59 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll [2010.05.13 14:10:59 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll [2010.05.13 14:10:58 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll [2010.05.13 14:10:58 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll [2010.05.13 14:10:58 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll [2010.05.13 14:10:58 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll [2010.05.13 14:10:58 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll [2010.05.13 14:10:55 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll [2010.05.13 14:10:55 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll [2010.05.13 14:10:55 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll [2010.05.13 14:10:55 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll [2010.05.13 14:10:54 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll [2010.05.13 14:10:53 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll [2010.05.13 14:10:53 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll [2010.05.13 14:10:53 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll [2010.05.13 14:10:53 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll [2010.05.13 14:10:53 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll [2010.05.13 14:10:51 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll [2010.05.13 14:10:51 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll [2010.05.13 14:10:49 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll [2010.05.13 14:10:49 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll [2010.05.13 14:10:49 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll [2010.05.13 14:10:38 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll [2010.05.13 14:10:37 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll [2010.05.13 14:10:37 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll [2010.05.13 14:10:37 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll [2010.05.13 14:10:36 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll [2010.05.13 14:10:36 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll [2010.05.13 14:10:36 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll [2010.05.13 14:10:35 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll [2010.05.12 12:40:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\streamripper [2010.05.12 12:40:46 | 000,000,000 | ---D | C] -- C:\Programme\Streamripper [2010.05.11 20:55:37 | 000,000,000 | ---D | C] -- C:\Programme\SHOUTcast [2010.05.11 12:20:47 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Rechnungen [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.10 00:03:31 | 006,029,312 | -HS- | M] () -- C:\Users\***\ntuser.dat [2010.06.10 00:02:30 | 001,506,168 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.10 00:02:30 | 000,658,206 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.10 00:02:30 | 000,617,536 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.10 00:02:30 | 000,132,886 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.10 00:02:30 | 000,109,172 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.09 23:45:12 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.06.09 23:44:47 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.09 23:08:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3876224472-4217357141-984306666-1000UA.job [2010.06.09 22:53:57 | 000,001,426 | ---- | M] () -- C:\Windows\Sandboxie.ini [2010.06.09 22:04:34 | 000,000,875 | ---- | M] () -- C:\Users\***\Desktop\ArcaVirMicroScan.lnk [2010.06.09 21:37:32 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.09 21:37:32 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.09 21:29:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.09 21:29:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.09 21:29:03 | 2213,945,344 | -HS- | M] () -- C:\hiberfil.sys [2010.06.09 21:13:10 | 000,001,067 | ---- | M] () -- C:\Users\***\Desktop\Sandboxed Web Browser.lnk [2010.06.09 19:37:44 | 000,021,504 | ---- | M] () -- C:\Windows\System32\umstartup.etl [2010.06.09 19:37:06 | 000,030,660 | ---- | M] () -- C:\Users\***\Desktop\wuaucld pw_secretfail.rar [2010.06.09 18:42:49 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\NetBalancer Tray.lnk [2010.06.09 18:42:49 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\NetBalancer.lnk [2010.06.09 18:24:53 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2010.06.09 18:24:52 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2010.06.09 16:31:30 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.06.09 14:36:17 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.06.09 14:36:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.06.09 14:36:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.06.09 14:36:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.06.09 14:18:58 | 003,712,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.09 13:08:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3876224472-4217357141-984306666-1000Core.job [2010.06.08 20:54:56 | 000,070,701 | ---- | M] () -- C:\Users\***\Desktop\*** Meinhardt.docx [2010.06.08 17:13:31 | 000,403,788 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.06.08 13:39:38 | 000,001,216 | ---- | M] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk [2010.06.07 19:25:54 | 000,002,283 | ---- | M] () -- C:\Users\***\Desktop\RSS Feed.php [2010.06.07 09:47:36 | 000,229,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMM.sys [2010.06.05 17:45:13 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe BMP Format CS5 Prefs [2010.06.05 16:02:00 | 000,000,964 | ---- | M] () -- C:\Users\***\Desktop\AC3D.lnk [2010.06.05 14:17:48 | 000,087,832 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.05 14:17:43 | 000,001,165 | ---- | M] () -- C:\Users\***\Desktop\Adobe Photoshop CS5.lnk [2010.06.05 14:01:22 | 000,000,854 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100608-171331.backup [2010.06.03 17:37:12 | 000,018,908 | ---- | M] () -- C:\Users\***\Desktop\0800 5 251378.docx [2010.06.01 15:31:06 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Local\PUTTY.RND [2010.06.01 14:34:35 | 000,005,632 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.01 14:21:17 | 000,001,136 | ---- | M] () -- C:\Users\***\Desktop\TeamSpeak 3 Client.lnk [2010.06.01 14:21:02 | 000,000,966 | ---- | M] () -- C:\Users\***\Desktop\Teamspeak RC2.lnk [2010.06.01 13:06:07 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk [2010.05.30 18:20:02 | 000,005,663 | ---- | M] () -- C:\Users\***\Desktop\xD.camproj [2010.05.30 17:01:53 | 000,051,934 | ---- | M] () -- C:\Users\***\Desktop\sc.png [2010.05.29 22:34:23 | 000,000,629 | ---- | M] () -- C:\Windows\win.ini [2010.05.27 23:24:10 | 000,000,272 | ---- | M] () -- C:\Users\***\Documents\ax_files.xml [2010.05.27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.05.27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.05.26 20:31:49 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w95inf32.dll [2010.05.26 20:31:49 | 000,002,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w95inf16.dll [2010.05.21 15:34:29 | 000,000,056 | ---- | M] () -- C:\Windows\IMAGEIN.INI [2010.05.21 07:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.05.20 10:44:08 | 000,025,600 | ---- | M] () -- C:\Users\***\Desktop\Lebenslauf3.doc [2010.05.15 00:04:00 | 000,028,776 | ---- | M] (SeriousBit) -- C:\Windows\System32\drivers\nbdrv.sys [2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.09 23:44:47 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.09 22:04:34 | 000,000,875 | ---- | C] () -- C:\Users\***\Desktop\ArcaVirMicroScan.lnk [2010.06.09 21:13:42 | 000,001,067 | ---- | C] () -- C:\Users\***\Desktop\Sandboxed Web Browser.lnk [2010.06.09 21:13:39 | 000,001,426 | ---- | C] () -- C:\Windows\Sandboxie.ini [2010.06.09 19:37:03 | 000,030,660 | ---- | C] () -- C:\Users\***\Desktop\wuaucld pw_secretfail.rar [2010.06.09 18:42:49 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\NetBalancer Tray.lnk [2010.06.09 18:42:49 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\NetBalancer.lnk [2010.06.09 17:39:12 | 000,283,357 | ---- | C] () -- C:\Windows\System32\netathr.inf [2010.06.09 17:39:12 | 000,048,514 | ---- | C] () -- C:\Windows\System32\athrext.cat [2010.06.08 17:39:20 | 000,070,701 | ---- | C] () -- C:\Users\***\Desktop\*** Meinhardt.docx [2010.06.08 13:39:38 | 000,001,216 | ---- | C] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk [2010.06.07 19:25:53 | 000,002,283 | ---- | C] () -- C:\Users\***\Desktop\RSS Feed.php [2010.06.05 17:43:07 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe BMP Format CS5 Prefs [2010.06.05 16:04:14 | 000,007,264 | ---- | C] () -- C:\Users\***\ac3dprefs.txt [2010.06.05 16:02:00 | 000,000,964 | ---- | C] () -- C:\Users\***\Desktop\AC3D.lnk [2010.06.05 15:47:29 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.06.05 14:17:43 | 000,001,165 | ---- | C] () -- C:\Users\***\Desktop\Adobe Photoshop CS5.lnk [2010.06.03 15:14:52 | 000,018,908 | ---- | C] () -- C:\Users\***\Desktop\0800 5 251378.docx [2010.06.01 14:21:17 | 000,001,136 | ---- | C] () -- C:\Users\***\Desktop\TeamSpeak 3 Client.lnk [2010.06.01 14:21:02 | 000,000,966 | ---- | C] () -- C:\Users\***\Desktop\Teamspeak RC2.lnk [2010.06.01 13:06:07 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk [2010.05.31 13:21:23 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.05.31 13:21:23 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.05.31 13:21:23 | 000,077,824 | ---- | C] () -- C:\Windows\System32\xvid.ax [2010.05.30 18:20:02 | 000,005,663 | ---- | C] () -- C:\Users\***\Desktop\xD.camproj [2010.05.26 20:31:52 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2010.05.26 20:31:52 | 000,005,672 | ---- | C] () -- C:\Windows\System32\quartz.vxd [2010.05.23 23:25:43 | 000,051,934 | ---- | C] () -- C:\Users\***\Desktop\sc.png [2010.05.22 15:20:14 | 000,005,632 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.21 15:34:29 | 000,000,056 | ---- | C] () -- C:\Windows\IMAGEIN.INI [2010.05.18 13:03:12 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3876224472-4217357141-984306666-1000UA.job [2010.05.18 13:03:12 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3876224472-4217357141-984306666-1000Core.job [2010.05.15 15:53:03 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.05.03 14:53:25 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.05.03 14:53:24 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.04.28 14:20:36 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:64217CD0 < End of report > |
|
09.06.2010, 23:38
| #4 |
| | wuaucld.exe bitte um schnelle Hilfe! Sorry für Doppelpost, hat aber nicht in 1 gepasst. Code:
ATTFilter OTL Extras logfile created on: 10.06.2010 00:00:45 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\***\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93,15 Gb Total Space | 26,98 Gb Free Space | 28,96% Space Free | Partition Type: NTFS
Drive D: | 139,73 Gb Total Space | 89,60 Gb Free Space | 64,13% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 962,07 Mb Total Space | 928,28 Mb Free Space | 96,49% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HANNIBAL
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3017C288-2300-4FFE-9CD8-EC59ACABBD45}" = ResizeMyPhotos
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{882C685B-3735-452E-9B77-D562A6A6AFE3}" = inSSIDer
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}" = AeroFly Professional Deluxe
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3DAC196-8487-4E2E-94F3-9CBE361EB712}" = Microsoft Image Composite Editor
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"AC3D 6.5.28_is1" = AC3D 6.5.28
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cinergy T Stick MKII" = Cinergy T Stick MKII V9.06.3.01
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Derive 6" = Derive 6
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FormatFactory" = FormatFactory 2.30
"Fraps" = Fraps (remove only)
"Frets on Fire" = Frets On Fire
"GOM Player" = GOM Player
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.9.0
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"Mumble" = Mumble and Murmur
"NetBalancer_is1" = NetBalancer
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"QuicktimeAlt_is1" = QuickTime Alternative 3.1.1
"Sandboxie" = Sandboxie 3.44
"SCDNAS" = SHOUTcast DNAS (remove only)
"Steam App 10" = Counter-Strike
"Steam App 80" = Counter-Strike: Condition Zero
"Streamripper" = Streamripper (Remove only)
"Super Mario: Blue Twilight DX (v1.03)" = Super Mario: Blue Twilight DX (v1.03)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"TrueCrypt" = TrueCrypt
"wdfs2008_is1" = WISSEN DIGITAL 3D Führerschein Trainer 2009
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
"Worms Armageddon" = Worms Armageddon
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.06.2010 14:08:08 | Computer Name = Hannibal | Source = SeriousBit NetBalancer 2.0.3 Free | ID = 0
Description = System.FormatException: Die Eingabezeichenfolge hat das falsche Format.
bei System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer&
number, NumberFormatInfo info, Boolean parseDecimal) bei System.Number.ParseInt32(String
s, NumberStyles style, NumberFormatInfo info) bei dp..cctor()
Error - 09.06.2010 14:08:20 | Computer Name = Hannibal | Source = SeriousBit NetBalancer 2.0.3 Free | ID = 0
Description = System.FormatException: Die Eingabezeichenfolge hat das falsche Format.
bei System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer&
number, NumberFormatInfo info, Boolean parseDecimal) bei System.Number.ParseInt32(String
s, NumberStyles style, NumberFormatInfo info) bei dp..cctor()
Error - 09.06.2010 14:08:24 | Computer Name = Hannibal | Source = SeriousBit NetBalancer 2.0.3 Free | ID = 0
Description = System.FormatException: Die Eingabezeichenfolge hat das falsche Format.
bei System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer&
number, NumberFormatInfo info, Boolean parseDecimal) bei System.Number.ParseInt32(String
s, NumberStyles style, NumberFormatInfo info) bei dp..cctor()
Error - 09.06.2010 14:10:29 | Computer Name = Hannibal | Source = Google Update | ID = 20
Description =
Error - 09.06.2010 14:34:08 | Computer Name = Hannibal | Source = SeriousBit NetBalancer 2.0.3 Free | ID = 0
Description = System.FormatException: Die Eingabezeichenfolge hat das falsche Format.
bei System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer&
number, NumberFormatInfo info, Boolean parseDecimal) bei System.Number.ParseInt32(String
s, NumberStyles style, NumberFormatInfo info) bei dp..cctor()
Error - 09.06.2010 14:35:04 | Computer Name = Hannibal | Source = SeriousBit NetBalancer 2.0.3 Free | ID = 0
Description = System.Net.WebException: Der Remotename konnte nicht aufgelöst werden:
'seriousbit.com' bei System.Net.HttpWebRequest.GetResponse() bei b0.a() bei
b0.b()
Error - 09.06.2010 14:48:54 | Computer Name = Hannibal | Source = SeriousBit NetBalancer 2.0.3 Free | ID = 0
Description = System.FormatException: Die Eingabezeichenfolge hat das falsche Format.
bei System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer&
number, NumberFormatInfo info, Boolean parseDecimal) bei System.Number.ParseInt32(String
s, NumberStyles style, NumberFormatInfo info) bei dp..cctor()
Error - 09.06.2010 15:06:44 | Computer Name = Hannibal | Source = SeriousBit NetBalancer 2.0.3 Free | ID = 0
Description = System.FormatException: Die Eingabezeichenfolge hat das falsche Format.
bei System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer&
number, NumberFormatInfo info, Boolean parseDecimal) bei System.Number.ParseInt32(String
s, NumberStyles style, NumberFormatInfo info) bei dp..cctor()
Error - 09.06.2010 15:30:24 | Computer Name = Hannibal | Source = SeriousBit NetBalancer 2.0.3 Free | ID = 0
Description = System.FormatException: Die Eingabezeichenfolge hat das falsche Format.
bei System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer&
number, NumberFormatInfo info, Boolean parseDecimal) bei System.Number.ParseInt32(String
s, NumberStyles style, NumberFormatInfo info) bei dp..cctor()
Error - 09.06.2010 16:49:08 | Computer Name = Hannibal | Source = SeriousBit NetBalancer 2.0.3 Free | ID = 0
Description = System.FormatException: Die Eingabezeichenfolge hat das falsche Format.
bei System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer&
number, NumberFormatInfo info, Boolean parseDecimal) bei System.Number.ParseInt32(String
s, NumberStyles style, NumberFormatInfo info) bei dp..cctor()
[ Media Center Events ]
Error - 11.05.2010 04:10:30 | Computer Name = Hannibal | Source = MCUpdate | ID = 0
Description = 10:10:30 - Fehler beim Herstellen der Internetverbindung. 10:10:30
- Serververbindung konnte nicht hergestellt werden..
Error - 11.05.2010 04:10:47 | Computer Name = Hannibal | Source = MCUpdate | ID = 0
Description = 10:10:35 - Fehler beim Herstellen der Internetverbindung. 10:10:35
- Serververbindung konnte nicht hergestellt werden..
Error - 11.05.2010 05:10:58 | Computer Name = Hannibal | Source = MCUpdate | ID = 0
Description = 11:10:58 - Fehler beim Herstellen der Internetverbindung. 11:10:58
- Serververbindung konnte nicht hergestellt werden..
Error - 11.05.2010 05:11:12 | Computer Name = Hannibal | Source = MCUpdate | ID = 0
Description = 11:11:03 - Fehler beim Herstellen der Internetverbindung. 11:11:03
- Serververbindung konnte nicht hergestellt werden..
Error - 17.05.2010 02:10:16 | Computer Name = Hannibal | Source = MCUpdate | ID = 0
Description = 08:10:16 - Fehler beim Herstellen der Internetverbindung. 08:10:16
- Serververbindung konnte nicht hergestellt werden..
Error - 17.05.2010 02:10:32 | Computer Name = Hannibal | Source = MCUpdate | ID = 0
Description = 08:10:21 - Fehler beim Herstellen der Internetverbindung. 08:10:21
- Serververbindung konnte nicht hergestellt werden..
Error - 17.05.2010 03:11:08 | Computer Name = Hannibal | Source = MCUpdate | ID = 0
Description = 09:11:08 - Fehler beim Herstellen der Internetverbindung. 09:11:08
- Serververbindung konnte nicht hergestellt werden..
Error - 17.05.2010 03:11:47 | Computer Name = Hannibal | Source = MCUpdate | ID = 0
Description = 09:11:38 - Fehler beim Herstellen der Internetverbindung. 09:11:38
- Serververbindung konnte nicht hergestellt werden..
Error - 20.05.2010 10:42:28 | Computer Name = Hannibal | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0x80070001) Cinergy
T-Stick MKII Tuner
Error - 20.05.2010 10:47:30 | Computer Name = Hannibal | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) Cinergy
T-Stick MKII Tuner
[ OSession Events ]
Error - 11.05.2010 08:53:06 | Computer Name = Hannibal | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
Error - 08.06.2010 11:36:53 | Computer Name = Hannibal | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1222
seconds with 840 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 09.06.2010 14:48:54 | Computer Name = Hannibal | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Defender Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 09.06.2010 15:29:18 | Computer Name = Hannibal | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?06.?2010 um 21:26:36 unerwartet heruntergefahren.
Error - 09.06.2010 15:28:57 | Computer Name = Hannibal | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 09.06.2010 15:29:09 | Computer Name = Hannibal | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 09.06.2010 15:29:23 | Computer Name = Hannibal | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 09.06.2010 15:29:37 | Computer Name = Hannibal | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Defender Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 09.06.2010 15:30:52 | Computer Name = Hannibal | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 09.06.2010 15:31:08 | Computer Name = Hannibal | Source = Service Control Manager | ID = 7034
Description = Dienst "LogMeIn Hamachi 2.0 Tunneling Engine" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 09.06.2010 15:32:46 | Computer Name = Hannibal | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 09.06.2010 15:33:00 | Computer Name = Hannibal | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
< End of report >
|
|
10.06.2010, 08:59
| #5 |
| | wuaucld.exe bitte um schnelle Hilfe! Mail von Kasperksy: Code:
ATTFilter Hello,
wuaucld.exe - Trojan-PSW.MSIL.NetPass.aj
New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.
Please quote all when answering.
|
|
10.06.2010, 09:17
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wuaucld.exe bitte um schnelle Hilfe! Mach bitte einen Vollscan mit Malwarebytes.
__________________ --> wuaucld.exe bitte um schnelle Hilfe! |
|
10.06.2010, 10:45
| #7 |
| | wuaucld.exe bitte um schnelle Hilfe!Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4185
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
10.06.2010 11:43:47
mbam-log-2010-06-10 (11-43-47).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 342388
Laufzeit: 1 Stunde(n), 24 Minute(n), 16 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
10.06.2010, 11:03
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wuaucld.exe bitte um schnelle Hilfe! Ist rel. unauffällig. Bitte mal CF anwenden: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.06.2010, 11:47
| #9 |
| | wuaucld.exe bitte um schnelle Hilfe!Code:
ATTFilter ComboFix 10-06-09.02 - *** 10.06.2010 12:24:38.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.2815.2121 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\%appdata%
c:\windows\system32\AVSredirect.dll
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Windows Defender
((((((((((((((((((((((( Dateien erstellt von 2010-05-10 bis 2010-06-10 ))))))))))))))))))))))))))))))
.
2010-06-09 22:39 . 2010-06-09 22:39 -------- d-----w- c:\users\***\AppData\Roaming\ArcaBit
2010-06-09 21:45 . 2010-06-09 21:45 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-06-09 21:44 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 21:44 . 2010-06-09 21:44 -------- d-----w- c:\programdata\Malwarebytes
2010-06-09 21:44 . 2010-06-09 21:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 21:44 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-09 19:51 . 2010-06-09 20:10 -------- d-----w- c:\users\***\AppData\Roaming\ArcaVirMicroScan
2010-06-09 19:16 . 2010-06-09 19:16 -------- d-----r- C:\Sandbox
2010-06-09 17:34 . 2009-09-18 12:48 34312 ----a-w- c:\windows\system32\drivers\abndis.sys
2010-06-09 17:33 . 2010-06-09 19:08 -------- d-----w- c:\program files\ArcaBit
2010-06-09 17:31 . 2010-06-09 19:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-09 16:46 . 2010-06-09 16:46 -------- d-----w- c:\users\***\AppData\Roaming\SeriousBit
2010-06-09 16:42 . 2010-05-14 22:04 28776 ----a-w- c:\windows\system32\drivers\nbdrv.sys
2010-06-09 16:42 . 2010-06-09 16:45 -------- d-----w- c:\program files\NetBalancer
2010-06-09 15:39 . 2010-06-09 15:39 -------- d-----w- c:\program files\Atheros
2010-06-09 15:39 . 2009-08-10 16:14 1178112 ----a-w- c:\windows\system32\drivers\athr.sys
2010-06-09 15:39 . 2009-08-10 16:14 1178112 ----a-w- c:\windows\system32\athr.sys
2010-06-09 15:39 . 2010-06-09 15:39 -------- d-----w- c:\programdata\Atheros
2010-06-09 12:37 . 2010-06-09 12:37 -------- d-----w- c:\program files\Common Files\Java
2010-06-09 12:36 . 2010-06-09 12:36 -------- d-----w- c:\program files\Java
2010-06-09 10:09 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 10:09 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 10:09 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 10:08 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 10:08 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 09:40 . 2010-06-09 09:42 -------- d-----w- c:\users\***\AppData\Roaming\Notepad++
2010-06-09 09:40 . 2010-06-09 09:40 -------- d-----w- c:\program files\Notepad++
2010-06-08 11:39 . 2010-06-09 12:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-08 11:39 . 2010-06-08 11:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-07 18:40 . 2010-06-07 18:40 -------- d-----w- c:\users\***\AppData\Local\MetaGeek,_LLC
2010-06-07 18:37 . 2010-06-07 18:37 -------- d-----w- c:\program files\MetaGeek
2010-06-07 07:47 . 2010-06-07 07:47 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2010-06-06 19:03 . 2010-06-07 13:20 -------- d-----w- c:\program files\Microsoft Virtual PC
2010-06-06 18:16 . 2010-06-06 18:19 -------- d-----w- c:\windows\TempRASETUP
2010-06-06 18:15 . 2010-06-06 18:15 -------- d-----w- c:\windows\system32\URTTEMP
2010-06-05 16:03 . 2010-06-05 16:03 -------- d-----w- c:\program files\IPACS
2010-06-05 14:01 . 2010-06-05 14:01 -------- d-----w- c:\program files\AC3D 6.5.28
2010-06-05 12:49 . 2010-06-05 12:49 -------- d-----w- c:\users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-06-05 12:17 . 2010-06-05 12:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-06-05 12:10 . 2010-06-05 12:10 -------- d-----w- c:\program files\Adobe Media Player
2010-06-05 12:08 . 2010-06-05 12:08 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-05 09:33 . 2010-06-05 09:33 -------- d-----w- c:\program files\Microsoft Research
2010-06-04 12:47 . 2010-06-04 12:47 -------- d-----w- c:\users\***\AppData\Local\SKIDROW
2010-06-03 17:14 . 2010-06-03 17:14 -------- d-----w- c:\users\***\AppData\Roaming\DivX
2010-06-03 16:58 . 2010-06-03 17:02 -------- d-----w- C:\divx
2010-06-03 16:53 . 2010-06-03 17:13 -------- d-----w- c:\program files\DivX
2010-06-03 16:53 . 2010-06-03 16:53 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-03 16:49 . 2010-06-09 19:13 -------- d-----w- c:\program files\Sandboxie
2010-06-03 16:09 . 2010-06-03 16:10 -------- d-----w- c:\users\***\AppData\Roaming\ManyCam
2010-06-03 16:09 . 2010-06-03 16:10 -------- d-----w- c:\program files\ManyCam 2.4
2010-06-03 16:09 . 2010-06-03 17:06 -------- d-----w- c:\program files\Ask.com
2010-06-03 12:54 . 2010-06-03 12:54 -------- d-----w- c:\program files\CCleaner
2010-06-01 11:06 . 2010-06-01 11:57 -------- d-----w- c:\users\***\AppData\Roaming\Mumble
2010-06-01 11:05 . 2010-06-01 11:05 -------- d-----w- c:\program files\Mumble
2010-05-31 11:41 . 2010-05-31 11:43 -------- d-----w- c:\users\***\AppData\Roaming\avidemux
2010-05-31 11:21 . 2010-05-31 11:21 -------- d-----w- c:\program files\Xvid
2010-05-31 11:21 . 2009-06-07 14:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-05-31 11:21 . 2009-06-07 14:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-05-31 11:17 . 2010-05-31 11:17 -------- d-----w- c:\users\***\AppData\Roaming\MPEG Streamclip
2010-05-30 16:23 . 2010-05-30 16:23 -------- d--h--w- c:\windows\msdownld.tmp
2010-05-30 16:23 . 2010-05-30 16:23 -------- d-----w- c:\program files\Windows Media-Komponenten
2010-05-30 16:13 . 2010-05-30 17:03 -------- d-----w- c:\users\***\AppData\Roaming\.purple
2010-05-28 21:21 . 2010-05-28 21:22 -------- d-----w- c:\users\Homepage\AppData\Local\LogMeIn Hamachi
2010-05-28 19:20 . 2010-06-03 18:22 -------- d-----w- c:\users\***\AppData\Local\LogMeIn Hamachi
2010-05-28 19:20 . 2010-05-28 19:20 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-05-28 11:01 . 2010-06-09 20:56 -------- d-----w- c:\users\***\AppData\Roaming\FileZilla
2010-05-27 15:58 . 2010-05-27 15:58 -------- d-----w- c:\users\***\AppData\Roaming\Nvu
2010-05-27 14:16 . 2010-05-27 14:16 -------- d-----w- c:\users\***\dwhelper
2010-05-26 18:31 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2010-05-26 18:31 . 1998-09-02 08:28 155408 ----a-w- c:\windows\system32\LMRT.dll
2010-05-26 18:31 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2010-05-26 18:31 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2010-05-26 18:31 . 1998-08-20 10:38 217984 ----a-w- c:\windows\system32\strmdll.dll
2010-05-26 18:31 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll
2010-05-26 18:31 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2010-05-26 18:31 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2010-05-26 18:31 . 2010-05-26 18:31 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-05-26 18:31 . 2010-05-26 18:31 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-05-26 18:31 . 2010-05-26 18:31 -------- d-----w- c:\program files\Team17
2010-05-26 18:30 . 1997-08-26 10:06 315904 ----a-w- c:\windows\IsUninst.exe
2010-05-26 09:35 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 12:35 . 2010-05-25 12:35 -------- d-----w- c:\program files\TeamViewer
2010-05-24 16:18 . 2010-05-24 16:18 -------- d-----w- c:\users\***\AppData\Local\Opera
2010-05-24 16:18 . 2010-05-24 16:18 -------- d-----w- c:\program files\Opera
2010-05-21 22:21 . 2010-05-21 22:21 -------- d-----w- c:\program files\MSXML 4.0
2010-05-20 14:39 . 2010-05-20 14:39 -------- d-----w- c:\programdata\TerraTec
2010-05-20 14:39 . 2009-09-16 13:46 61440 ------r- c:\windows\system32\MFC71ITA.DLL
2010-05-20 14:39 . 2009-09-16 13:46 61440 ------r- c:\windows\system32\MFC71FRA.DLL
2010-05-20 14:39 . 2009-09-16 13:46 61440 ------r- c:\windows\system32\MFC71ESP.DLL
2010-05-19 15:29 . 2010-05-19 15:43 -------- d-----w- c:\program files\Super Mario Blue Twilight DX
2010-05-18 14:56 . 2010-05-18 14:56 -------- d-----w- c:\users\***\AppData\Local\TechSmith
2010-05-18 08:57 . 2010-05-18 11:39 -------- d-----w- c:\users\***\AppData\Local\Google
2010-05-18 08:57 . 2010-05-19 09:42 -------- d-----w- c:\program files\Google
2010-05-17 15:43 . 2010-05-17 15:43 -------- d-----w- c:\users\Homepage\AppData\Roaming\teamspeak2
2010-05-17 15:11 . 2010-05-17 15:11 -------- d-----w- c:\users\Homepage\AppData\Roaming\TeamViewer
2010-05-17 15:11 . 2010-05-17 15:11 -------- d-----w- c:\users\Homepage\temp
2010-05-17 14:59 . 2010-05-28 21:30 -------- d-----w- c:\users\Homepage\AppData\Roaming\NetSpeedMonitor
2010-05-17 13:44 . 2009-12-19 22:00 -------- d---a-w- C:\xampplite
2010-05-17 09:33 . 2010-05-17 09:33 -------- d-----w- c:\users\***\AppData\Roaming\fretsonfire
2010-05-17 09:27 . 2010-05-17 09:34 -------- d-----w- c:\program files\Frets on Fire
2010-05-15 13:53 . 2007-05-17 15:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2010-05-15 13:53 . 2004-02-22 08:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-05-15 13:53 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-05-15 13:53 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-05-15 13:53 . 2010-05-15 13:53 -------- d-----w- c:\program files\AviSynth 2.5
2010-05-15 10:48 . 2010-05-15 10:52 -------- d-----w- c:\program files\ASUS
2010-05-15 10:48 . 2010-05-15 10:48 -------- d-----w- c:\program files\ATKGFNEX
2010-05-15 10:47 . 2010-05-15 10:47 -------- d-----w- c:\users\***\AppData\Roaming\InstallShield
2010-05-15 10:47 . 2009-05-13 07:06 14392 ----a-w- c:\windows\system32\drivers\ATKACPI.sys
2010-05-13 12:22 . 2010-05-13 12:22 -------- d-----w- c:\users\***\AppData\Local\Aspyr
2010-05-13 12:11 . 2008-03-05 14:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-05-13 12:11 . 2008-03-05 14:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2010-05-13 12:11 . 2008-03-05 14:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2010-05-13 12:11 . 2007-10-22 01:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-05-12 10:40 . 2010-06-07 13:20 -------- d-----w- c:\users\***\AppData\Roaming\streamripper
2010-05-12 10:40 . 2010-05-12 10:40 -------- d-----w- c:\program files\Streamripper
2010-05-12 10:05 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 18:55 . 2010-05-11 19:29 -------- d-----w- c:\program files\SHOUTcast
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 10:39 . 2010-05-01 09:20 -------- d-----w- c:\users\***\AppData\Roaming\NetSpeedMonitor
2010-06-10 10:28 . 2009-07-14 08:47 658206 ----a-w- c:\windows\system32\perfh007.dat
2010-06-10 10:28 . 2009-07-14 08:47 132886 ----a-w- c:\windows\system32\perfc007.dat
2010-06-10 10:17 . 2010-04-26 14:09 -------- d-----w- c:\users\***\AppData\Roaming\Skype
2010-06-10 08:21 . 2010-04-26 14:10 -------- d-----w- c:\users\***\AppData\Roaming\skypePM
2010-06-10 07:53 . 2010-04-28 15:41 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-10 07:51 . 2010-04-26 14:08 -------- d-----w- c:\users\***\AppData\Roaming\ICQ
2010-06-09 21:51 . 2010-04-27 14:38 -------- d-----w- c:\program files\JDownloader
2010-06-09 18:14 . 2010-06-07 07:58 164880 ---ha-w- c:\users\***\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-06-09 15:39 . 2010-04-26 14:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-09 12:36 . 2010-04-27 14:37 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-09 12:25 . 2010-04-26 14:08 -------- d-----w- c:\program files\ICQ7.1
2010-06-09 12:16 . 2010-05-04 13:41 -------- d-----w- c:\programdata\Microsoft Help
2010-06-07 18:37 . 2010-06-07 18:37 45126 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{882C685B-3735-452E-9B77-D562A6A6AFE3}\_C0EDDA7A92A80D14F7FA33.exe
2010-06-07 18:37 . 2010-06-07 18:37 45126 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{882C685B-3735-452E-9B77-D562A6A6AFE3}\_6FEFF9B68218417F98F549.exe
2010-06-07 13:20 . 2010-04-26 17:48 -------- d-----w- c:\users\***\AppData\Roaming\Winamp
2010-06-06 18:17 . 2010-06-06 18:17 -------- d-----w- c:\programdata\Siemens
2010-06-06 15:29 . 2010-05-17 17:34 10240 ----a-w- c:\users\***\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2010-06-05 12:17 . 2010-04-26 13:20 87832 ----a-w- c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-05 12:13 . 2010-04-26 18:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-05 12:06 . 2010-06-05 12:49 38784 ----a-w- c:\users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-05 12:06 . 2010-06-05 12:08 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-03 20:45 . 2010-05-01 11:58 1222464 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-06-02 20:22 . 2010-04-30 08:35 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-06-02 20:22 . 2010-06-02 20:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-06-01 12:33 . 2010-05-07 18:45 -------- d-----w- c:\users\***\AppData\Roaming\teamspeak2
2010-05-30 19:44 . 2010-05-01 16:43 -------- d-----w- c:\program files\Steam
2010-05-30 16:56 . 2010-05-30 16:56 2157 ----a-w- c:\users\***\AppData\Roaming\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2010-05-30 16:56 . 2010-05-30 16:56 1791 ----a-w- c:\users\***\AppData\Roaming\.purple\certificates\x509\tls_peers\bos.oscar.aol.com
2010-05-30 16:56 . 2010-05-30 16:56 2095 ----a-w- c:\users\***\AppData\Roaming\.purple\certificates\x509\tls_peers\login.live.com
2010-05-30 16:56 . 2010-05-30 16:56 1779 ----a-w- c:\users\***\AppData\Roaming\.purple\certificates\x509\tls_peers\api.oscar.aol.com
2010-05-30 16:56 . 2010-05-30 16:56 1691 ----a-w- c:\users\***\AppData\Roaming\.purple\certificates\x509\tls_peers\api.screenname.aol.com
2010-05-28 21:31 . 2010-04-28 13:08 -------- d-----w- c:\users\Homepage\AppData\Roaming\FileZilla
2010-05-27 20:53 . 2010-05-20 14:34 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-27 18:44 . 2010-05-29 18:32 85464 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\b4hi09sa.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2010-05-27 18:44 . 2010-05-29 18:32 38872 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\b4hi09sa.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINCE\components\WeaveCrypto.dll
2010-05-25 12:36 . 2010-04-27 14:38 -------- d-----w- c:\users\***\AppData\Roaming\TeamViewer
2010-05-24 09:39 . 2010-04-26 14:12 -------- d-----w- c:\program files\Winamp
2010-05-22 13:14 . 2010-05-06 19:43 -------- d-----w- c:\program files\Fraps
2010-05-20 14:39 . 2010-05-20 14:11 -------- d-----w- c:\program files\Common Files\TerraTec
2010-05-20 14:38 . 2010-05-20 14:38 -------- d-----w- c:\program files\TerraTec
2010-05-20 14:36 . 2010-05-20 14:36 -------- d-----w- c:\users\***\AppData\Roaming\TerraTec
2010-05-19 20:10 . 2010-04-26 18:08 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-05-19 20:10 . 2010-05-19 20:10 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-05-18 17:44 . 2010-04-28 12:16 -------- d-----w- c:\users\Homepage\AppData\Roaming\ICQ
2010-05-17 15:22 . 2010-04-28 15:38 -------- d-----w- c:\users\Homepage\AppData\Roaming\Skype
2010-05-17 14:06 . 2010-04-28 15:38 -------- d-----w- c:\users\Homepage\AppData\Roaming\skypePM
2010-05-17 08:12 . 2010-04-26 18:07 1170240 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-05-12 10:09 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-12 09:21 . 2010-04-26 13:22 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-10 08:44 . 2010-05-10 08:42 -------- d-----w- c:\program files\T3Desk
2010-05-09 16:39 . 2010-05-09 16:39 -------- d-----w- c:\users\***\AppData\Roaming\ResizeMyPhotos
2010-05-09 16:39 . 2010-05-09 16:39 102134 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{3017C288-2300-4FFE-9CD8-EC59ACABBD45}\_CAEC5B585468F19928E621.exe
2010-05-09 16:39 . 2010-05-09 16:39 102134 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{3017C288-2300-4FFE-9CD8-EC59ACABBD45}\_6FEFF9B68218417F98F549.exe
2010-05-09 16:39 . 2010-05-09 16:39 102134 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{3017C288-2300-4FFE-9CD8-EC59ACABBD45}\_4250603AF37143FB87FA97.exe
2010-05-09 16:39 . 2010-05-09 16:39 10134 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{3017C288-2300-4FFE-9CD8-EC59ACABBD45}\_B5CD5BE235F07D18F6DC2E.exe
2010-05-09 16:39 . 2010-05-09 16:39 -------- d-----w- c:\program files\SHProd
2010-05-09 16:37 . 2010-05-09 16:37 -------- d-----w- c:\program files\ResizeMyPhotosSetup
2010-05-09 14:18 . 2010-05-09 14:18 -------- d-----w- c:\program files\WISSEN DIGITAL
2010-05-08 13:30 . 2010-04-26 14:27 -------- d-----w- c:\users\***\AppData\Roaming\TrueCrypt
2010-05-08 12:20 . 2010-05-08 12:20 -------- d-----w- c:\program files\FreeTime
2010-05-07 19:25 . 2010-05-07 19:25 -------- d-----w- c:\users\***\AppData\Roaming\TS3Client
2010-05-07 18:45 . 2010-05-07 18:44 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-05-07 12:01 . 2010-04-26 14:27 -------- d-----w- c:\programdata\TrueCrypt
2010-05-05 20:01 . 2010-05-04 13:44 -------- d-----w- c:\program files\Microsoft Works
2010-05-05 14:59 . 2010-05-01 16:44 -------- d-----w- c:\programdata\Apple Computer
2010-05-05 14:59 . 2010-05-01 16:44 -------- d-----w- c:\program files\QuickTime Alternative
2010-05-05 14:47 . 2010-05-05 14:46 -------- d-----w- c:\program files\iTunes
2010-05-05 14:46 . 2010-05-05 14:46 -------- d-----w- c:\program files\iPod
2010-05-05 14:46 . 2010-05-01 16:45 -------- d-----w- c:\program files\Common Files\Apple
2010-05-05 14:33 . 2010-04-26 14:09 -------- d-----r- c:\program files\Skype
2010-05-04 17:47 . 2010-05-04 17:47 -------- d-----w- c:\users\***\AppData\Roaming\FUEL
2010-05-04 17:47 . 2010-05-04 17:47 -------- d--h--r- c:\users\***\AppData\Roaming\SecuROM
2010-05-04 13:43 . 2010-05-04 13:43 -------- d-----w- c:\program files\Microsoft.NET
2010-05-03 17:08 . 2010-05-03 17:08 -------- d-----w- c:\programdata\TechSmith
2010-05-03 17:08 . 2010-05-03 17:08 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-05-03 17:08 . 2010-05-03 17:08 -------- d-----w- c:\program files\TechSmith
2010-05-03 12:53 . 2010-05-03 12:53 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-05-02 10:22 . 2010-05-01 16:49 -------- d-----w- c:\users\***\AppData\Roaming\Apple Computer
2010-05-02 10:14 . 2010-05-01 16:45 -------- d-----w- c:\programdata\Apple
2010-05-01 16:49 . 2010-05-01 16:48 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-01 16:46 . 2010-05-01 16:46 -------- d-----w- c:\program files\Apple Software Update
2010-05-01 16:46 . 2010-04-28 13:02 -------- d-----w- c:\program files\Bonjour
2010-05-01 16:43 . 2010-05-01 16:43 -------- d-----w- c:\program files\Common Files\Steam
2010-05-01 09:20 . 2010-05-01 09:20 -------- d-----w- c:\program files\NetSpeedMonitor
2010-04-29 18:50 . 2010-04-29 18:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-04-28 15:42 . 2010-04-28 15:42 -------- d-----w- c:\users\***\AppData\Roaming\Thunderbird
2010-04-28 15:03 . 2010-04-28 15:03 -------- d-----w- c:\users\Homepage\AppData\Roaming\Winamp
2010-04-28 13:45 . 2010-04-28 13:45 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-28 13:15 . 2010-04-28 12:55 -------- d-----w- c:\programdata\FLEXnet
2010-04-28 13:12 . 2010-04-28 13:08 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-28 13:03 . 2010-05-17 14:49 79872 ----a-w- c:\users\Homepage\AppData\Roaming\Mozilla\Firefox\Profiles\3gg1yng9.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2010-04-28 13:03 . 2010-05-17 14:49 33280 ----a-w- c:\users\Homepage\AppData\Roaming\Mozilla\Firefox\Profiles\3gg1yng9.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINCE\components\WeaveCrypto.dll
2010-04-28 12:55 . 2010-04-28 12:55 58528 ----a-w- c:\users\Homepage\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-28 12:36 . 2010-04-28 12:36 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-28 12:24 . 2010-04-28 12:24 -------- d-----w- c:\program files\Alcohol Soft
2010-04-28 12:20 . 2010-04-28 12:20 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-28 12:08 . 2010-04-28 12:08 0 ----a-w- c:\windows\nsreg.dat
2010-04-27 19:20 . 2010-04-27 19:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-27 14:38 . 2010-04-27 14:38 -------- d-----w- c:\program files\QS
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"NetBalancer"="c:\program files\NetBalancer\SeriousBit.NetBalancer.Tray.exe" [2010-05-31 59904]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-02-03 394984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-10 13797920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-08-19 170624]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-18 11:03 136176 ----atw- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueCrypt]
2010-04-26 14:27 1415632 ----a-w- c:\program files\TrueCrypt\TrueCrypt.exe
R3 ABndis;ABndis Service;c:\windows\system32\DRIVERS\abndis.sys [2009-09-18 34312]
R3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [2006-03-02 133504]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TS111_USB;T-Sinus 111data Driver;c:\windows\system32\DRIVERS\TS111USB.sys [2003-09-09 645120]
R4 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-03-30 337064]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-28 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-01 405672]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2010-05-31 10752]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-04-16 173352]
S3 ABndisMP;ABndisMP;c:\windows\system32\DRIVERS\abndis.sys [2009-09-18 34312]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 Nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys [2010-05-14 28776]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-04-26 64032]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
2010-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3876224472-4217357141-984306666-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-18 11:03]
2010-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3876224472-4217357141-984306666-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-18 11:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = bbs2isa:8080
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{40525A66-DB98-480D-BCF9-7AF88C1AF438} - {40525A66-DB98-480D-BCF9-7AF88C1AF438} -
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {FD58899A-2E12-44DA-AAA2-BEA35FF56B73} = 192.168.1.1
TCP: 8416E6E6962616C60294940245563747 = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\b4hi09sa.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\***\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-RocketDock - c:\program files\RocketDock\RocketDock.exe
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85BB81F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
DeleteProcedure -> 0x8c208d30
user & kernel MBR OK
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-3876224472-4217357141-984306666-1000\Software\SecuROM\License information*]
"datasecu"=hex:e9,16,30,5d,15,63,b7,bd,1e,c7,45,07,ce,72,17,02,99,1b,cb,fd,15,
c0,52,32,6b,5d,36,d2,b7,e4,4a,67,4c,d7,e2,81,4b,c6,74,91,ef,5b,c6,8a,65,4b,\
"rkeysecu"=hex:ef,89,76,70,72,0c,13,6d,40,93,e5,fc,c6,ac,d8,a9
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(4456)
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-10 12:43:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-06-10 10:43
Vor Suchlauf: 10 Verzeichnis(se), 28.775.010.304 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 28.507.705.344 Bytes frei
- - End Of File - - FDEADD77A2F041AB9FB70A678F70A468
|
|
10.06.2010, 12:18
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wuaucld.exe bitte um schnelle Hilfe! Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.06.2010, 17:12
| #11 |
| | wuaucld.exe bitte um schnelle Hilfe! GMER GMER Logfile: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-10 17:57:00
Windows 6.1.7600
Running: ulq0p4m3.exe; Driver: C:\Users\***\AppData\Local\Temp\pwlyipog.sys
---- System - GMER 1.0.15 ----
SSDT 94E00423 ZwLoadDriver
SSDT 94E00428 ZwSetSystemInformation
SSDT 94E003E7 ZwTerminateProcess
SSDT 94E003E2 ZwWriteVirtualMemory
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83428AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83428104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 834283F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83410634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83410898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 834281DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83428958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 834286F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83428F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 834291A8
Code 8823CC4C ZwTraceEvent
Code 8823CC4B NtTraceEvent
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!NtTraceEvent 83477E34 5 Bytes JMP 8823CC50
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83488599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834ACF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 45C 834B496C 4 Bytes [23, 04, E0, 94] {AND EAX, [EAX]; XCHG ESP, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 768 834B4C78 4 Bytes [28, 04, E0, 94] {SUB [EAX], AL; XCHG ESP, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 834B4CC8 4 Bytes [E7, 03, E0, 94] {OUT 0x3, EAX; LOOPNZ 0xffffffffffffff98}
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 834B4D3C 4 Bytes [E2, 03, E0, 94] {LOOP 0x5; LOOPNZ 0xffffffffffffff98}
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 836BA0E5 5 Bytes JMP 8823CE30
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort + 2 836BBB0D 5 Bytes JMP 8823CD90
PAGE ntkrnlpa.exe!NtRequestPort + 2 836CFD73 5 Bytes JMP 8823CCF0
? System32\Drivers\spse.sys Das System kann den angegebenen Pfad nicht finden. !
PAGE ataport.SYS!DllUnload + 1 8B2F9AD7 4 Bytes JMP 85BB41D9
.text USBPORT.SYS!DllUnload 90F41CA0 5 Bytes JMP 86E0A1D8
.text avx84uho.SYS 9153B000 12 Bytes [44, 38, 41, 83, EE, 36, 41, ...]
.text avx84uho.SYS 9153B00D 9 Bytes [17, 41, 83, 48, 3B, 41, 83, ...] {POP SS; INC ECX; OR DWORD [EAX+0x3b], 0x41; ADD DWORD [EAX], 0x0}
.text avx84uho.SYS 9153B017 20 Bytes [00, DE, 57, 1A, 8B, E6, 55, ...]
.text avx84uho.SYS 9153B02C 149 Bytes [00, 00, 00, 00, D0, 31, 48, ...]
.text avx84uho.SYS 9153B0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text win32k.sys!XFORMOBJ_iGetXform + 331A 99774C57 5 Bytes JMP 8823C610
.text win32k.sys!EngAllocMem + 7E47 99785142 5 Bytes JMP 8823C750
.text win32k.sys!PATHOBJ_bEnum + 7A2F 9979782E 5 Bytes JMP 8823C6B0
.text win32k.sys!PATHOBJ_bEnum + 8714 99798513 5 Bytes JMP 8823C930
.text win32k.sys!EngCreateSemaphore + CBA0 997B63B7 5 Bytes JMP 8823C9D0
.text win32k.sys!EngCreateSemaphore + CEDC 997B66F3 5 Bytes JMP 8823C570
.text win32k.sys!EngCopyBits + 1F22 997B89DC 5 Bytes JMP 8823C4D0
.text win32k.sys!EngBitBlt + 23D2 997C17BD 5 Bytes JMP 8823C430
.text win32k.sys!EngLpkInstalled + 6119 997D782A 5 Bytes JMP 8823CA70
.text win32k.sys!PATHOBJ_vGetBounds + EB7 99855CA1 5 Bytes JMP 8823C890
.text win32k.sys!EngCTGetCurrentGamma + 1C7A 99859CBC 5 Bytes JMP 8823C7F0
.text win32k.sys!CLIPOBJ_cEnumStart + 6D00 998655E5 5 Bytes JMP 8823CB10
.text win32k.sys!CLIPOBJ_cEnumStart + 7208 99865AED 5 Bytes JMP 8823CBB0
.text peauth.sys 95D5DC9D 28 Bytes [0F, E5, DB, BF, 3E, 7E, 12, ...]
.text peauth.sys 95D5DCC1 28 Bytes [0F, E5, DB, BF, 3E, 7E, 12, ...]
PAGE peauth.sys 95D63B9B 72 Bytes [A7, D6, 27, 14, 74, DC, 49, ...]
PAGE peauth.sys 95D63BEC 111 Bytes [90, 02, 9C, C8, 66, 42, 81, ...]
PAGE peauth.sys 95D63E20 101 Bytes [E4, F5, 45, A9, 5F, 59, 36, ...]
PAGE ...
? C:\Users\***\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B0A9042] \SystemRoot\System32\Drivers\spse.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B0A96D6] \SystemRoot\System32\Drivers\spse.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B0A9800] \SystemRoot\System32\Drivers\spse.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B0A913E] \SystemRoot\System32\Drivers\spse.sys
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortNotification] 000003E3
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortQuerySystemTime] [8B24568B] \SystemRoot\system32\DRIVERS\pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortReadPortUchar] 50522046
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortStallExecution] FFED23E8
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortWritePortUchar] 08C483FF
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortWritePortUlong] 0874FF85
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortGetPhysicalAddress] FF53006A
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 08C483D7
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortGetScatterGatherList] 81107D8B
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortGetParentBusType] 0003E5FF
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortRequestCallback] 0F840F00
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 81000001
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0003E3FF
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortCompleteRequest] EC840F00
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortCopyMemory] 8B000000
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortEtwTraceLog] 0001F88E
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] FC8E0B00
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0F000001
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 0000DA84
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortReadPortBufferUshort] ECF2E800
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortInitialize] 8E8BFFFF
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortGetDeviceBase] 000001F8
IAT \SystemRoot\System32\Drivers\avx84uho.SYS[ataport.SYS!AtaPortDeviceStateChange] 01E08E01
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.exe[4456] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [74632494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4456] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [74615624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4456] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [746156E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4456] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [7463250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4456] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74628573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4456] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [74624D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4456] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [746250CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4456] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [746251A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4456] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746266D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4456] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [746282CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4456] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74628819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4456] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7462907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4456] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7462E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4456] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [74624C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 85BBB1F8
Device \Driver\volmgr \Device\VolMgrControl 85BB61F8
Device \Driver\usbohci \Device\USBPDO-0 86E2E1F8
Device \Driver\usbehci \Device\USBPDO-1 86E2F1F8
Device \Driver\volmgr \Device\HarddiskVolume1 85BB61F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume2 85BB61F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 86DC31F8
Device \Driver\cdrom \Device\CdRom1 86DC31F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85BB81F8
Device \Driver\atapi \Device\Ide\IdePort0 85BB81F8
Device \Driver\atapi \Device\Ide\IdePort1 85BB81F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85BB81F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 85BB91F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 85BB91F8
Device \Driver\sptd \Device\3114626432 spse.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 86DDF1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{FD58899A-2E12-44DA-AAA2-BEA35FF56B73} 86DDF1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{92A60B72-9D6F-40DB-879E-60E7B7B87AA4} 86DDF1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E826EF37-1DFF-4DB8-A3F2-82A5E5A5AD20} 86DDF1F8
Device \Driver\usbohci \Device\USBFDO-0 86E2E1F8
Device \Driver\usbehci \Device\USBFDO-1 86E2F1F8
Device \Driver\PCI_PNP8432 \Device\0000007a spse.sys
Device \Driver\ACPI_HAL \Device\0000006e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{BD940A36-9B79-47E1-A857-62B580696EF2} 86DDF1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2110998F-C92B-43A4-918C-E692587D5F22} 86DDF1F8
Device \Driver\avx84uho \Device\Scsi\avx84uho1Port2Path0Target0Lun0 86D741F8
Device \Driver\avx84uho \Device\Scsi\avx84uho1 86D741F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\00158315a310@0060d10006ed 0xEF 0x40 0x6F 0x50 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x85 0x8D 0x38 0x9A ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7D 0x8F 0xB2 0x3D ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x3E 0xDE 0xE9 0xE4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a310
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a310@0060d10006ed 0xEF 0x40 0x6F 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x85 0x8D 0x38 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7D 0x8F 0xB2 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x3E 0xDE 0xE9 0xE4 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\00158315a310@0060d10006ed 0xEF 0x40 0x6F 0x50 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x85 0x8D 0x38 0x9A ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7D 0x8F 0xB2 0x3D ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x3E 0xDE 0xE9 0xE4 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
---- EOF - GMER 1.0.15 ----
--- --- --- OSAM Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:11:00 on 10.06.2010 OS: Windows 7 (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.3 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-3876224472-4217357141-984306666-1000Core.job" - "Google Inc." - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-3876224472-4217357141-984306666-1000UA.job" - "Google Inc." - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "AxSWindC.cpl" - "Alcohol Soft Development Team" - C:\Windows\system32\AxSWindC.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime Alternative\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ab0hcnpb" (ab0hcnpb) - "Microsoft Corporation" - C:\Windows\system32\drivers\ab0hcnpb.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "ABndis Service" (ABndis) - "ArcaBit" - C:\Windows\System32\DRIVERS\abndis.sys "ABndisMP" (ABndisMP) - "ArcaBit" - C:\Windows\System32\DRIVERS\abndis.sys "adfs" (adfs) - ? - C:\Windows\system32\drivers\adfs.sys (File not found) "ASMMAP" (ASMMAP) - ? - C:\Program Files\ATKGFNEX\ASMMAP.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys (File not found) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "NetBalancer Service" (Nbdrv) - "SeriousBit" - C:\Windows\System32\DRIVERS\nbdrv.sys "SbieDrv" (SbieDrv) - "tzuk" - C:\Program Files\Sandboxie\SbieDrv.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "T-Sinus 111data Driver" (TS111_USB) - "Deutsche Telekom AG" - C:\Windows\System32\DRIVERS\TS111USB.sys "truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys "Virtual Machine Monitor" (vmm) - "Microsoft Corporation" - C:\Windows\system32\Drivers\vmm.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D7824897-C8DC-49b4-B790-30F7ED16A5FD} "ArcaVir Shell Extension" - ? - (File not found | COM-object registry key not found) {1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71} "CShellStitcher Object" - "Microsoft Corporation" - C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {8932AEFE-9DB6-4f43-AFB2-5682F55E773A} "VPCHostCopyHook" - "Microsoft Corporation" - C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll {40525A66-DB98-480D-BCF9-7AF88C1AF438} "ArcaVir >>" - ? - (File not found | COM-object registry key not found) "ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {AD6E6555-FB2C-47D4-8339-3E2965509877} "TerraTec Home Cinema" - "TerraTec Electronic GmbH" - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "NetBalancer" - "SeriousBit" - C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe "SandboxieControl" - "tzuk" - "C:\Program Files\Sandboxie\SbieCtrl.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ATKMEDIA" - "ASUS" - C:\Program Files\ASUS\ATK Media\DMedia.exe "ATKOSD2" - "ASUS" - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "HControlUser" - "ASUS" - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASLDR Service" (ASLDRService) - "ASUS" - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe "ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NetBalancer Windows Service" (NetBalancer Windows Service) - "Microsoft" - C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Sandboxie Service" (SbieSvc) - "tzuk" - C:\Program Files\Sandboxie\SbieSvc.exe "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
10.06.2010, 19:07
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wuaucld.exe bitte um schnelle Hilfe! Sieht auch unauffällig aus. Macht der Rechner noch zicken??
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.06.2010, 19:10
| #13 | |
| | wuaucld.exe bitte um schnelle Hilfe! Mein Notebook ist wieder topfit. Zitat von Avira: Zitat:
|
|
10.06.2010, 20:32
| #14 |
| | wuaucld.exe bitte um schnelle Hilfe! hi sry das ich auch hier poaste .. habe mir auch diesen trojaner dümmlicherweise auf mein laptop gezogen. kann die datei wuaucld.exe nicht löschen. wie bekomm ich nun den trojaner wieder weg. avast hat ihn leider nicht erkannt kann ihn somit auch nicht in quarantäne verschieben. danke schon mal für eure hilfe Micha |
|
10.06.2010, 20:38
| #15 |
| | wuaucld.exe bitte um schnelle Hilfe! Taskmanager -> Prozesse -> wuaucld.exe "Prozess beenden" dannach solltest du sie löschen können! Ansonsten Unlocker |
|
| Themen zu wuaucld.exe bitte um schnelle Hilfe! |
| avira, bist du das, bot-netz, datei, dateien, defender, dns, firefox, frage, internet, kaspersky, neue, neustart, probleme, programme, prozess, schnelle hilfe, schuelervz, sicherheit, system32, trojan-psw.msil.netpass.aj, virus, virustotal, virustotal.com, von selbst, windows |
