| |
| |||||||
Log-Analyse und Auswertung: Mein Trojan.Generic 3580153Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
15.04.2010, 18:53
| #1 |
 |  Mein Trojan.Generic 3580153 Hallo, bin bezüglich Viren, Trojanern etc. noch ein ziemlicher Neuling, doch seit ca. 1 Woche nervt mich und mein Internet (laut Bitdefender) der Trojan.Generic 3580153, da mein Virenprogramm ausgelaufen ist und ich nicht sofort reagiert habe. Laut Bitdefender befindet er sich im system 32, genauer Pfad der Datei: C:\WINDOWS\system32\cfqrufu.dll Weiters existiert neben dieser cfqrufu.dll Datei eine cfqrufu.bak Datei, die sich beide nicht manuell, sowie auch nicht mit dem Bitdefender, AdAware und dem McAffee Stinger löschen oder wenigstens in Quarantäne befördern lassen. Hab mir also den HijackThis runtergeladen, hier der Log: -------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:33:18, on 15.04.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe C:\Programme\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\DOKUME~1\sascha\LOKALE~1\Temp\Lsr.exe C:\Programme\ICQ6Toolbar\ICQ Service.exe C:\WINDOWS\Llozia.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe C:\Programme\BitDefender\BitDefender 2009\bdagent.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = hxxp://search13.net/search.php?clid=486&q=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search13.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search13.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search13.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search13.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://facebook.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search13.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://search13.net/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {F754FF01-84BC-40F7-B262-A66BCD5D133C} - c:\windows\system32\cfqrufu.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] - O4 - HKLM\..\Run: [BDAgent] "C:\Programme\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programme\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [StartServiceFTFDHFHP] "C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\FTFDHFHP\StartService.exe" O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [CursorFX] "C:\Programme\Stardock\CursorFX\CursorFX.exe" O4 - HKCU\..\Run: [StartServiceFTFDHFHP] "C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\FTFDHFHP\StartService.exe" O4 - HKCU\..\Run: [YVIBBBHA8C] C:\DOKUME~1\sascha\LOKALE~1\Temp\Lsr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: &Search - hxxp://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000343&p=ZKfox000&si=&a=ZN9rs7RLuz3WSG2i26Dvwg&n=2010040909 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Programme\Stylish Profile\ct.htm (file missing) O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Programme\Stylish Profile\ct.htm (file missing) O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - hxxp://www.vexcast.com/download/vexcast.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9A86B0AF-47F0-44D5-BD21-C76CF655C07C}: NameServer = 195.3.96.67,195.3.96.68 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: 1226230772 (.1226230772) - Unknown owner - C:\Programme\1226230772\sash1226230772L.exe (file missing) O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. hxxp://www.bitdefender.com - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe (file missing) O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: SpyHunter 4 Service - Unknown owner - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Programme\BitDefender\BitDefender 2009\vsserv.exe -- End of file - 12922 bytes ------------------ Ich hoffe mir kann jemand helfen, brauche den PC dringend für die Schule und möchte weitgehendst ein neu aufsetzen vermeiden aufgrund der vielen Daten die es zu verschieben gäbe. Wäre nett, Danke! |
|
15.04.2010, 21:32
| #2 | |
| | Mein Trojan.Generic 3580153 1. http://www.trojaner-board.de/51187-a...i-malware.html
__________________Log posten. 2. http://www.trojaner-board.de/74908-a...t-scanner.html Log posten. 3. Hol dir OTL Starte OTL Kopiere unten in das Skript-Feld rein: Zitat:
Schließe alle anderen Programme. Klicke auf Quick Scan. Poste die beiden Logs - OTL.txt und Extras.txt |
|
17.04.2010, 20:47
| #5 |
| | Mein Trojan.Generic 3580153 ok, OTL Code:
ATTFilter OOTL Extras logfile created on: 17.04.2010 21:20:08 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Dokumente und Einstellungen\sascha\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 3069 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 17,54 Gb Free Space | 7,53% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 46,21 Gb Free Space | 19,84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 233,75 Gb Total Space | 19,83 Gb Free Space | 8,48% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SASH
Current User Name: sascha
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found
"C:\Programme\Electronic Arts\EADM\Core.exe" = C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\EA Sports\FIFA 09\FIFA09.exe" = C:\Programme\EA Sports\FIFA 09\FIFA09.exe:*:Enabled:FIFA09 -- ()
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Programme\StreamTorrent 1.0\StreamTorrent.exe" = C:\Programme\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent P2P Media Player -- (StreamTorrent)
"C:\Programme\EA Sports\FIFA 10\FIFA10.exe" = C:\Programme\EA Sports\FIFA 10\FIFA10.exe:*:Enabled:FIFA10 -- ()
"C:\Dokumente und Einstellungen\sascha\Desktop\u96\u96.exe" = C:\Dokumente und Einstellungen\sascha\Desktop\u96\u96.exe:*:Enabled:u96 -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:Windows Messenger -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F358CE-610B-A033-0D36-4FADA6E8F67A}" = Skins
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{255F566C-3F57-15AD-2CA5-E7EA41F9904F}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4287A29F-EA4C-24E4-4AAE-3E6CDC9C965A}" = CCC Help English
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4816702A-0879-4499-0085-ACFC0F65E811}" = NHL 2004
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{4FEEDAA3-0D0C-7584-63F2-0F216D3426C9}" = ccc-core-preinstall
"{5073A543-C332-45DA-B1E8-01C84574F790}_is1" = Fussball Manager Editor 1.1
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{568161BB-4D77-4534-AB92-55040CD92798}" = Panda Internet Security 2010
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{80AE66E6-E9FA-0CAC-C9F1-4E5A144886F0}" = Catalyst Control Center Graphics Full New
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{853456BB-0205-11D6-AC30-0020E06CCE77}" = Desktop Dreamscapes
"{88F92798-59AB-474F-B40D-1EC5F782F7EE}" = Ulead VideoStudio 9.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ACF317C-CA66-4363-AEBF-A073B124AA1A}" = BitDefender Total Security 2009
"{8D6EC7D6-E71D-8743-1396-591F4195F347}" = Catalyst Control Center Graphics Light
"{8FD697DD-C94F-22BE-6EFD-AA4CA7CF2B33}" = ccc-core-static
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{35355EBA-4636-40B2-A995-FEB4CDBD92B3}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B63540D-D942-4C38-B42E-A48AE0145970}" = Virtua Tennis(TM) 2009
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8C8EF21-88F1-4845-A0BF-5B2D66B5DD33}_is1" = Texas Hold'em Poker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B38C3184-F573-CDC2-9452-FA9C576AB010}" = ccc-utility
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DB6901C6-E8B7-F5F0-F0C6-9028AFCD5A74}" = Catalyst Control Center Graphics Previews Common
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E068CD0F-E631-17E7-9A01-05C2B2B54C84}" = Catalyst Control Center Core Implementation
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E601665F-7D55-4983-AA72-43551164FC03}" = ActiveDolls
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F58A58EB-3BD6-48A6-0096-1928C5A9DAE7}" = NHL® 2003
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver (Omega 3.8.442)
"auxilium 3.1 light_is1" = auxilium 3.1 light
"Creation Master 10_is1" = Creation Master 10 Beta 4
"CursorFX" = CursorFX
"DF CrcSfv_is1" = DF CrcSfv 1.3
"EA Download Manager" = EA Download Manager
"Easy GIF Animator_is1" = Easy GIF Animator 5.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FIFA 09 FAT Rebuilder" = FIFA 09 FAT Rebuilder
"FIFA RTWC 98" = FIFA RTWC 98
"FLV Player" = FLV Player 2.0 (build 25)
"Folder Access 2.1 Free Version" = Folder Access 2.1 Free Version
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free YouTube Download_is1" = Free YouTube Download 2.4
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"Goodnight Timer_is1" = Goodnight Timer 1.1
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"IsoBuster_is1" = IsoBuster 2.5.5
"LastFM_is1" = Last.fm 1.5.4.24567
"LEGO Racers" = LEGO Racers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"MetallicShades" = Metallic Shades 2.0 Visual Style
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MultiRes (remove only)" = MultiRes (remove only)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"Quest3DVirtual Hottie 2" = Virtual Hottie 2
"Radeon Omega Drivers for Windows XP/2kv4.8.442" = Radeon Omega Drivers v4.8.442 Setup Files and Tools
"Skispringen 2007_0001" = Skispringen 2007
"SopCast" = SopCast 3.0.3
"StreamTorrent 1.0" = StreamTorrent 1.0
"SystemRequirementsLab" = System Requirements Lab
"TmNationsForever_is1" = TmNationsForever
"UCL Popups by CJD 17(Fifa-Evolution)" = UCL Popups by CJD 17(Fifa-Evolution)
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.16
"VexcastPlayer2.0" = VexcastPlayer2.0
"VLC media player" = VLC media player 1.0.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zatacka_is1" = Zatacka 0.1.7
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"gso-ORF_MAIN" = Das Rennen - GSO
"sc10-ORF_MAIN" = ORF-Ski Challenge 2010
"Sky Patch 10" = Sky Patch 10
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.04.2010 10:10:57 | Computer Name = SASH | Source = Userenv | ID = 1007
Description = Die Ermittlung des zugewiesenen Standorts dieses Computer ist fehlgeschlagen.
(Der RPC-Server ist für diesen Vorgang zu stark ausgelastet. ). Die Verarbeitung
der Gruppenrichtlinie wurde abgebrochen.
Error - 17.04.2010 10:20:11 | Computer Name = SASH | Source = Userenv | ID = 1007
Description = Die Ermittlung des zugewiesenen Standorts dieses Computer ist fehlgeschlagen.
(Der RPC-Server ist für diesen Vorgang zu stark ausgelastet. ). Die Verarbeitung
der Gruppenrichtlinie wurde abgebrochen.
Error - 17.04.2010 11:43:24 | Computer Name = SASH | Source = Userenv | ID = 1007
Description = Die Ermittlung des zugewiesenen Standorts dieses Computer ist fehlgeschlagen.
(Der RPC-Server ist für diesen Vorgang zu stark ausgelastet. ). Die Verarbeitung
der Gruppenrichtlinie wurde abgebrochen.
Error - 17.04.2010 12:06:30 | Computer Name = SASH | Source = Userenv | ID = 1007
Description = Die Ermittlung des zugewiesenen Standorts dieses Computer ist fehlgeschlagen.
(Der RPC-Server ist für diesen Vorgang zu stark ausgelastet. ). Die Verarbeitung
der Gruppenrichtlinie wurde abgebrochen.
Error - 17.04.2010 13:35:59 | Computer Name = SASH | Source = Userenv | ID = 1007
Description = Die Ermittlung des zugewiesenen Standorts dieses Computer ist fehlgeschlagen.
(Der RPC-Server ist für diesen Vorgang zu stark ausgelastet. ). Die Verarbeitung
der Gruppenrichtlinie wurde abgebrochen.
Error - 17.04.2010 13:45:00 | Computer Name = SASH | Source = Userenv | ID = 1007
Description = Die Ermittlung des zugewiesenen Standorts dieses Computer ist fehlgeschlagen.
(Der RPC-Server ist für diesen Vorgang zu stark ausgelastet. ). Die Verarbeitung
der Gruppenrichtlinie wurde abgebrochen.
Error - 17.04.2010 14:45:11 | Computer Name = SASH | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung startservice.exe, Version 6.35.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x011517ee.
Error - 17.04.2010 14:45:11 | Computer Name = SASH | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung startservice.exe, Version 6.35.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x011517ee.
Error - 17.04.2010 14:51:01 | Computer Name = SASH | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung startservice.exe, Version 6.35.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x011517ee.
Error - 17.04.2010 14:51:01 | Computer Name = SASH | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung startservice.exe, Version 6.35.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x011517ee.
[ OSession Events ]
Error - 15.07.2009 13:24:38 | Computer Name = SASH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 14 seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 08.04.2010 18:48:51 | Computer Name = SASH | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library
Error - 08.04.2010 18:48:58 | Computer Name = SASH | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library
Error - 08.04.2010 18:49:07 | Computer Name = SASH | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library
Error - 08.04.2010 18:49:31 | Computer Name = SASH | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library
Error - 08.04.2010 18:49:33 | Computer Name = SASH | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library
Error - 08.04.2010 18:53:23 | Computer Name = SASH | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library
Error - 10.04.2010 23:45:38 | Computer Name = SASH | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RENE",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{9A86B0AF-47F0-44D5-BD21-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 11.04.2010 03:03:08 | Computer Name = SASH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "1226230772" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 11.04.2010 03:03:08 | Computer Name = SASH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BDRSDRV" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 11.04.2010 10:00:00 | Computer Name = SASH | Source = Schedule | ID = 7901
Description = Der Befehl "At41.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942402
< End of report >
Code:
ATTFilter Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Datenbank Version: 3993
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
15.04.2010 23:52:55
mbam-log-2010-04-15 (23-52-55).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 115702
Laufzeit: 18 Minute(n), 46 Sekunde(n)
Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 21
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 7
Infizierte Verzeichnisse: 1
Infizierte Dateien: 18
Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Temp\Lsr.exe (Trojan.Fraudpack) -> No action taken.
C:\WINDOWS\Llozia.exe (Trojan.FraudPack.Gen) -> No action taken.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f754ff01-84bc-40f7-b262-a66bcd5d133c} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f754ff01-84bc-40f7-b262-a66bcd5d133c} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (hxxp://search13.net/) Good: (hxxp://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (hxxp://search13.net/) Good: (hxxp://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (hxxp://search13.net/) Good: (hxxp://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch (Hijack.SearchPage) -> Bad: (hxxp://search13.net/) Good: (hxxp://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (hxxp://search13.net/) Good: (hxxp://www.Google.com) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (hxxp://search13.net/) Good: (hxxp://www.Google.com) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken.
Infizierte Verzeichnisse:
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.
Infizierte Dateien:
c:\WINDOWS\system32\cfqrufu.dll (Trojan.BHO.H) -> No action taken.
C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Temp\Lsr.exe (Trojan.Fraudpack) -> No action taken.
C:\WINDOWS\Llozia.exe (Trojan.FraudPack.Gen) -> No action taken.
C:\Programme\Uninstall Fun Web Products.dll (Adware.MyWebSearch) -> No action taken.
C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Temp\Lsp.exe (Trojan.Fraudpack) -> No action taken.
C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Temp\Lsq.exe (Trojan.FraudPack.Gen) -> No action taken.
C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Temp\40.tmp (Rootkit.TDSS) -> No action taken.
C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Temp\32.tmp (Rootkit.TDSS) -> No action taken.
C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Temp\39.tmp (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\Temp\34.tmp (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\Temp\3A.tmp (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\Temp\42.tmp (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\Temp\svye.tmp\svchost.exe (Trojan.Zbot) -> No action taken.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> No action taken.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
|
|
17.04.2010, 20:54
| #6 |
| | Mein Trojan.Generic 3580153 Hast du die Funde von Malwarebytes entfernen lassen? Wenn nicht - nachholen. Es fehlt außerdem die OTL.txt (OTL erstellt zwei Logs). |
|
17.04.2010, 21:54
| #7 |
| | Mein Trojan.Generic 3580153 Sorry, hab vergessen den zu posten: Code:
ATTFilter OTL logfile created on: 17.04.2010 21:20:08 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Dokumente und Einstellungen\sascha\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): C:\pagefile.sys 2500 3069 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,88 Gb Total Space | 17,54 Gb Free Space | 7,53% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 46,21 Gb Free Space | 19,84% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 233,75 Gb Total Space | 19,83 Gb Free Space | 8,48% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SASH Current User Name: sascha Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.04.15 23:24:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sascha\Desktop\OTL.exe PRC - [2010.04.14 14:53:54 | 000,154,624 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Temp\Lsr.exe PRC - [2010.04.14 14:53:52 | 000,160,256 | ---- | M] () -- C:\WINDOWS\Llozia.exe PRC - [2010.04.12 23:55:58 | 000,413,696 | ---- | M] (BitDefender SRL) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe PRC - [2010.04.12 23:55:51 | 001,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Programme\BitDefender\BitDefender 2009\vsserv.exe PRC - [2010.04.12 23:55:23 | 000,782,336 | ---- | M] (BitDefender S.R.L.) -- C:\Programme\BitDefender\BitDefender 2009\bdagent.exe PRC - [2010.03.18 09:12:20 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe PRC - [2009.12.22 19:43:45 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2009.06.05 11:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2009.01.14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe PRC - [2006.07.03 16:22:58 | 000,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe PRC - [2005.01.31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (SafeList) ========== MOD - [2010.04.15 23:24:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sascha\Desktop\OTL.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (SpyHunter 4 Service) SRV - File not found [Auto | Stopped] -- -- (LckFldService) SRV - File not found [Auto | Stopped] -- -- (.1226230772) SRV - [2010.04.14 19:14:01 | 001,265,264 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010.04.12 23:55:58 | 000,413,696 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV) SRV - [2010.04.12 23:55:51 | 001,638,240 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Programme\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV) SRV - [2010.04.12 23:54:26 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan) SRV - [2010.01.25 11:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2009.09.24 04:59:24 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc) SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009.06.05 11:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.01.14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008.07.17 13:06:56 | 000,118,784 | ---- | M] (BitDefender S.R.L. hxxp://www.bitdefender.com) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3) SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM) SRV - [2006.07.03 16:22:58 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Running] -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService) SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005.01.31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2004.08.10 21:00:00 | 000,112,128 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\cfqrufu.dll -- (jxhbwamg) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search13.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search13.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search13.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://facebook.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C CA 50 16 3B 77 FC 43 84 B7 1E D2 96 0B EC EE [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://search13.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search13.net/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search13.net/search.php?clid=486&q=" FF - prefs.js..browser.search.selectedEngine: "Google (Language: DE)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7 FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.4.3 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8 FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA99}:1.0.1 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.20 FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA81}:1.0.2 FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {D249FD00-4DF9-11D9-9FDC-0080481ADA61}:1.2.4 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA80}:1.0.22 FF - prefs.js..extensions.enabledItems: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}:1.0 FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.3 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 FF - prefs.js..network.proxy.ftp: "216.114.194.18" FF - prefs.js..network.proxy.ftp_port: 7212 FF - prefs.js..network.proxy.http: "216.114.194.18" FF - prefs.js..network.proxy.http_port: 7212 FF - prefs.js..network.proxy.ssl: "216.114.194.18" FF - prefs.js..network.proxy.ssl_port: 7212 FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: C:\Programme\BitDefender\BitDefender 2009\FFToolbar\ [2010.04.13 00:28:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.12 18:46:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.02.12 15:52:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Programme\BitDefender\BitDefender 2009\tbextension\ [2010.04.12 18:46:00 | 000,000,000 | ---D | M] [2008.11.09 20:20:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Extensions [2010.04.17 20:55:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions [2010.01.23 13:30:21 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.02.11 17:59:29 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2009.11.22 20:54:01 | 000,000,000 | ---D | M] (PDF Download) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010.01.23 13:30:20 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2010.01.23 13:30:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80} [2010.01.23 13:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA81} [2010.03.20 21:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96} [2009.10.06 17:14:30 | 000,000,000 | ---D | M] (FBFan) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99} [2010.02.09 10:57:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.03.21 09:28:32 | 000,000,000 | ---D | M] (U Flv) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56} [2009.07.25 20:48:31 | 000,000,000 | ---D | M] (IE Tab) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2009.08.20 16:12:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{bf591015-b599-4125-9428-3cb746ddca31} [2009.11.22 20:54:01 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2009.12.27 21:28:06 | 000,000,000 | ---D | M] (MetaProducts Integration) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61} [2010.02.09 05:10:48 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.01.23 22:20:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\firefox@facebook.com [2009.03.28 14:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\moveplayer@movenetworks.com [2010.03.20 21:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\staged-xpis [2010.01.30 21:28:27 | 000,001,805 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\searchplugins\google-language-de.xml [2009.09.11 04:11:53 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\searchplugins\icqplugin-2.xml [2009.10.29 19:09:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\searchplugins\icqplugin-3.xml [2009.12.17 17:39:48 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\searchplugins\icqplugin-4.xml [2010.01.07 02:08:42 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\searchplugins\icqplugin-5.xml [2010.01.07 18:55:19 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\searchplugins\icqplugin-6.xml [2009.07.27 09:54:18 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\searchplugins\icqplugin.xml [2010.04.12 19:16:11 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.12 23:55:37 | 000,065,536 | ---- | M] () -- C:\Programme\Mozilla Firefox\components\FFComm.dll [2009.12.22 05:57:54 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.12.22 05:57:54 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.12.22 05:57:54 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.12.22 05:57:54 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.12.22 05:57:54 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.04.15 18:36:11 | 000,000,164 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com O1 - Hosts: 127.0.0.1 www.alcohol-soft.com O1 - Hosts: 127.0.0.1 images.alcohol-soft.com O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com O1 - Hosts: 127.0.0.1 alcohol-soft.com O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: () - {F754FF01-84BC-40F7-B262-A66BCD5D133C} - C:\WINDOWS\system32\cfqrufu.dll () O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe File not found O4 - HKLM..\Run: [AtiPTA] File not found O4 - HKLM..\Run: [BDAgent] C:\Programme\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.) O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Programme\BitDefender\BitDefender 2009\IEShow.exe (BitDefender) O4 - HKLM..\Run: [ccApp] File not found O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe File not found O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe File not found O4 - HKLM..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask .exe (Apple Inc.) O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe File not found O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe File not found O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found O4 - HKLM..\Run: [StartServiceFTFDHFHP] C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\FTFDHFHP\StartService.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe File not found O4 - HKCU..\Run: [AlcoholAutomount] C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe File not found O4 - HKCU..\Run: [CursorFX] C:\Programme\Stardock\CursorFX\CursorFX.exe File not found O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe File not found O4 - HKCU..\Run: [QZAIB7KITK] C:\WINDOWS\Llozia.exe () O4 - HKCU..\Run: [StartServiceFTFDHFHP] C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\FTFDHFHP\StartService.exe () O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found O4 - HKCU..\Run: [YVIBBBHA8C] C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Temp\Lsr.exe () O4 - Startup: C:\Dokumente und Einstellungen\sascha\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Programme\Stylish Profile\ct.htm File not found O9 - Extra 'Tools' menuitem : StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Programme\Stylish Profile\ct.htm File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://www.vexcast.com/download/vexcast.cab (VodClient Control Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avldr: DllName - avldr.dll - File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.09 13:33:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007.06.25 13:40:39 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{57d47600-3fac-11de-a937-00195b76e5f1}\Shell\AutoRun\command - "" = F:\.\dth_player.exe -- File not found O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2004.08.04 00:58:20 | 000,028,672 | ---- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: jxhbwamg - C:\WINDOWS\system32\cfqrufu.dll () NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.11.09 14:01:59 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (17465059307421696) ========== Files/Folders - Created Within 14 Days ========== [2010.04.15 23:33:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Malwarebytes [2010.04.15 23:32:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.15 23:32:12 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.15 23:32:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.15 23:32:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.04.15 23:24:41 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sascha\Desktop\OTL.exe [2010.04.15 19:30:02 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.04.15 19:20:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.04.14 19:15:02 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2010.04.14 19:14:57 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010.04.14 19:10:22 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010.04.14 19:10:07 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft [2010.04.14 19:10:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft [2010.04.14 15:19:29 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group [2010.04.14 15:17:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP [2010.04.14 15:16:57 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard [2010.04.14 15:13:57 | 000,487,320 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\sascha\Desktop\SpyHunter-Installer.exe [2010.04.14 14:53:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\FTFDHFHP [2010.04.13 18:37:26 | 007,975,431 | ---- | C] (McAfee Inc.) -- C:\Dokumente und Einstellungen\sascha\Desktop\stinger1010838.exe [2010.04.12 23:56:55 | 000,228,672 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys.bak [2010.04.12 23:56:55 | 000,108,864 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys.bak [2010.04.12 23:56:55 | 000,102,208 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys.bak [2010.04.12 23:56:54 | 000,082,568 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\BDVEDISK.sys.bak [2010.04.12 20:59:31 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec [2010.04.12 18:46:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\BitDefender [2010.04.11 23:15:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2010.04.11 23:14:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2010.04.11 20:08:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Eigene Dateien\NHL 2004 [2010.04.11 20:07:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Desktop\nhl2004-nocd-1_0-ENG [2010.04.11 19:36:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\Symantec [2010.04.11 18:47:42 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Pro [2010.04.11 18:47:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\DAEMON Tools Pro [2010.04.11 18:47:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro [2010.04.11 15:55:12 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2010.04.11 15:55:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2010.04.11 15:23:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Desktop\nhl2004key [2010.04.11 10:49:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Eigene Dateien\NHL 2003 [2010.04.11 10:49:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Desktop\NO-CD_Crack_NHL_2003_Deutsch_by_Flash [2010.04.11 09:35:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.04.11 09:35:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.04.10 22:54:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Desktop\NH03 [2010.04.10 20:49:34 | 000,000,000 | ---D | C] -- C:\Programme\Intelore [2010.04.09 15:06:01 | 000,759,288 | ---- | C] (MyWebSearch.com) -- C:\Programme\Uninstall Fun Web Products.dll [2010.04.09 14:48:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Desktop\Vice City stuff [2010.04.09 00:54:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Desktop\NHL [2010.04.08 23:27:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Eigene Dateien\Ulead VideoStudio [2010.04.08 23:26:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Ulead Systems [2010.04.08 20:49:49 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\SONY Digital Images [2010.04.08 20:48:45 | 000,000,000 | ---D | C] -- C:\SmartSound Software [2010.04.08 20:47:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Quicktime [2010.04.08 20:47:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2010.04.08 20:47:21 | 000,000,000 | ---D | C] -- C:\Programme\SmartSound Software [2010.04.08 20:46:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media [2010.04.08 20:46:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp [2010.04.08 20:45:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuickTime [2010.04.08 20:44:30 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media-Komponenten [2010.04.08 20:42:12 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Ulead Systems [2010.04.08 20:42:06 | 000,000,000 | ---D | C] -- C:\Programme\Ulead Systems [2010.04.08 20:42:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2010.04.07 17:41:30 | 000,000,000 | ---D | C] -- C:\Programme\Lavalys [2010.01.06 07:07:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google [2010.01.06 07:02:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google [2009.12.24 14:20:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\nagasoft [2008.11.27 18:27:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Rapidbar [2008.11.13 18:27:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple [2008.11.10 22:17:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2008.11.09 13:49:33 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft [35 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2010.12.15 21:04:36 | 000,022,150 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Eigene Dateien\_Organik [2010.04.17 21:17:02 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.04.17 21:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At46.job [2010.04.17 20:55:21 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{9A86B0AF-47F0-44D5-BD21-C76CF655C07C} [2010.04.17 20:54:05 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.04.17 20:51:01 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.04.17 20:50:24 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.04.17 20:50:16 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2010.04.17 20:50:11 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.04.17 20:50:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.04.17 20:49:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.04.17 20:44:54 | 000,000,544 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for sascha.job [2010.04.17 07:47:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At8.job [2010.04.17 07:03:53 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At32.job [2010.04.17 06:47:36 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At7.job [2010.04.17 06:03:53 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At31.job [2010.04.17 05:47:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At6.job [2010.04.17 05:03:54 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At30.job [2010.04.17 04:47:17 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At5.job [2010.04.17 04:03:56 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At29.job [2010.04.17 03:47:53 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2010.04.17 03:27:26 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At28.job [2010.04.17 03:21:43 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2010.04.17 03:10:28 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At27.job [2010.04.17 03:04:17 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2010.04.17 02:43:27 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At26.job [2010.04.17 02:36:26 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2010.04.17 02:30:42 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At25.job [2010.04.17 00:05:07 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At24.job [2010.04.16 23:56:27 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At48.job [2010.04.16 23:42:23 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At23.job [2010.04.16 23:26:53 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At47.job [2010.04.16 23:13:07 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At22.job [2010.04.16 20:50:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At21.job [2010.04.16 20:06:21 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At45.job [2010.04.16 19:53:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At20.job [2010.04.16 19:19:57 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At44.job [2010.04.16 19:02:37 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At19.job [2010.04.16 18:27:56 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At43.job [2010.04.16 18:07:48 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At18.job [2010.04.16 17:39:15 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At42.job [2010.04.16 17:02:46 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At17.job [2010.04.16 16:02:42 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At41.job [2010.04.16 15:46:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At16.job [2010.04.16 14:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At15.job [2010.04.16 00:17:01 | 009,437,184 | -H-- | M] () -- C:\Dokumente und Einstellungen\sascha\NTUSER.DAT [2010.04.16 00:00:35 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.04.16 00:00:34 | 000,051,200 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.15 23:32:17 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.15 23:25:15 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Desktop\ztfmh2mu.exe [2010.04.15 23:24:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sascha\Desktop\OTL.exe [2010.04.15 19:30:03 | 000,001,698 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Desktop\HijackThis.lnk [2010.04.15 18:36:11 | 000,000,164 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.04.15 09:00:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At34.job [2010.04.15 08:44:01 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\sascha\ntuser.ini [2010.04.14 19:15:57 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin [2010.04.14 19:14:55 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010.04.14 19:14:49 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2010.04.14 19:10:21 | 000,000,847 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk [2010.04.14 15:13:57 | 000,487,320 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\sascha\Desktop\SpyHunter-Installer.exe [2010.04.14 15:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At40.job [2010.04.14 14:53:52 | 000,160,256 | ---- | M] () -- C:\WINDOWS\Llozia.exe [2010.04.14 14:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At39.job [2010.04.14 13:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At14.job [2010.04.14 13:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At38.job [2010.04.14 12:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At13.job [2010.04.14 12:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At37.job [2010.04.14 11:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At12.job [2010.04.14 11:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At36.job [2010.04.14 10:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At11.job [2010.04.14 10:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At35.job [2010.04.14 09:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At10.job [2010.04.14 08:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At9.job [2010.04.13 18:27:04 | 007,975,431 | ---- | M] (McAfee Inc.) -- C:\Dokumente und Einstellungen\sascha\Desktop\stinger1010838.exe [2010.04.13 18:17:41 | 002,128,656 | -H-- | M] () -- C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.04.12 23:55:54 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys [2010.04.12 23:55:54 | 000,192,512 | ---- | M] () -- C:\WINDOWS\System32\txmlutil.dll [2010.04.12 23:55:53 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys [2010.04.12 23:55:53 | 000,104,456 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys [2010.04.12 23:55:53 | 000,082,696 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\BDVEDISK.sys [2010.04.12 23:26:28 | 000,000,112 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vx1266MA.dat [2010.04.12 18:46:22 | 000,001,833 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BitDefender Total Security 2009.lnk [2010.04.12 00:21:14 | 000,000,746 | ---- | M] () -- C:\WINDOWS\win.ini [2010.04.11 22:33:37 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME [2010.04.11 19:12:13 | 000,001,639 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NHL 2004.lnk [2010.04.11 19:05:34 | 000,000,654 | ---- | M] () -- C:\WINDOWS\eReg.dat [2010.04.11 18:47:48 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010.04.11 15:54:50 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At33.job [2010.04.11 09:38:20 | 000,001,639 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NHL® 2003.lnk [2010.04.11 09:02:51 | 000,306,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.04.09 15:02:46 | 000,759,288 | ---- | M] (MyWebSearch.com) -- C:\Programme\Uninstall Fun Web Products.dll [2010.04.08 22:23:15 | 000,085,240 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.04.08 21:22:58 | 000,000,906 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Desktop\DVDVideoSoft Free Studio.lnk [2010.04.08 20:44:30 | 000,001,794 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ulead VideoStudio 9.lnk [2010.04.08 17:27:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.04.05 23:05:17 | 000,044,297 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Desktop\Elektrochemie_Rechenuebung1.pdf [2010.04.05 20:04:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [35 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.15 21:04:36 | 000,022,150 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\Eigene Dateien\_Organik [2010.04.15 23:32:17 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.15 23:25:14 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\Desktop\ztfmh2mu.exe [2010.04.15 19:30:03 | 000,001,698 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\Desktop\HijackThis.lnk [2010.04.14 22:55:37 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2010.04.14 19:15:55 | 000,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.04.14 19:10:21 | 000,000,847 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk [2010.04.14 14:53:57 | 000,160,256 | ---- | C] () -- C:\WINDOWS\Llozia.exe [2010.04.14 14:53:56 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2010.04.14 14:53:53 | 000,000,248 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.04.12 23:26:34 | 000,071,170 | ---- | C] () -- C:\WINDOWS\Fonts\aAYrks.com_ [2010.04.12 18:46:22 | 000,001,833 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BitDefender Total Security 2009.lnk [2010.04.12 05:57:13 | 000,003,822 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\F754FF01-84BC-40F7-B262-A66BCD5D133C.txt [2010.04.11 19:12:13 | 000,001,639 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NHL 2004.lnk [2010.04.11 15:55:53 | 000,003,822 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\F754FF01-84BC-40F7-B262-A66BCD5D133C.txt [2010.04.11 15:54:51 | 000,000,112 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vx1266MA.dat [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At48.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At47.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At46.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At45.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At44.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At43.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At42.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At41.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At40.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At39.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At38.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At37.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At36.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At35.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At34.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At33.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At32.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At31.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At30.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At29.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At28.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At27.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At26.job [2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At25.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At9.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At8.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At7.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At6.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At5.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At4.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At3.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At24.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At23.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At22.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At21.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At20.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At2.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At19.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At18.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At17.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At16.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At15.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At14.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At13.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At12.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At11.job [2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At10.job [2010.04.11 15:49:15 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At1.job [2010.04.11 10:26:02 | 000,005,076 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\F754FF01-84BC-40F7-B262-A66BCD5D133C.txt [2010.04.11 09:38:19 | 000,001,639 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NHL® 2003.lnk [2010.04.11 09:33:31 | 000,000,654 | ---- | C] () -- C:\WINDOWS\eReg.dat [2010.04.08 20:44:29 | 000,001,794 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ulead VideoStudio 9.lnk [2010.04.05 23:05:16 | 000,044,297 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\Desktop\Elektrochemie_Rechenuebung1.pdf [2010.03.26 16:15:18 | 000,708,624 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.03.19 22:17:58 | 000,002,300 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\.recently-used.xbel [2010.01.27 00:08:10 | 000,008,627 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\PAV_FOG.OPC [2010.01.24 15:43:02 | 000,000,376 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\Anwendungsdatenprivacy.xml [2009.11.24 05:20:33 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\PUTTY.RND [2009.11.01 01:39:40 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\Mlkf.dll [2009.10.28 15:10:36 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2009.08.20 13:32:10 | 000,000,259 | ---- | C] () -- C:\WINDOWS\WET.INI [2009.08.07 01:49:50 | 000,000,059 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\GoodnightTimer.ini [2009.07.14 10:55:04 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2009.06.14 22:53:33 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009.06.14 22:53:32 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009.05.29 23:29:38 | 000,000,055 | ---- | C] () -- C:\WINDOWS\SK STURM-PowerWorld.ini [2009.01.27 23:04:14 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini [2008.12.15 00:04:44 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008.11.30 19:27:51 | 000,000,110 | ---- | C] () -- C:\WINDOWS\csmash.ini [2008.11.17 01:12:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.11.14 02:14:05 | 000,051,200 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.11 01:08:31 | 000,021,691 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\CCCInstall_200811110008314531.log [2008.11.09 15:37:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll [2008.11.09 15:03:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008.11.09 15:03:36 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008.11.09 15:03:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008.11.09 15:03:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008.11.09 15:03:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008.11.09 15:03:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008.11.09 15:02:51 | 000,000,180 | R--- | C] () -- C:\WINDOWS\Option.ini [2008.11.09 14:58:46 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwxds.dll [2008.11.09 14:57:11 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\vuins32.dll [2008.11.09 14:04:01 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.11.09 14:03:13 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\sascha\ntuser.ini [2008.11.09 14:03:12 | 000,016,384 | -H-- | C] () -- C:\Dokumente und Einstellungen\sascha\ntuser.dat.LOG [2008.11.09 14:03:11 | 009,437,184 | -H-- | C] () -- C:\Dokumente und Einstellungen\sascha\NTUSER.DAT [2008.11.09 13:36:04 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008.10.07 11:04:32 | 000,121,562 | ---- | C] () -- C:\WINDOWS\System32\PicFormat32.dll [2008.04.23 18:34:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll [2007.01.31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll [2005.08.05 15:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004.08.10 21:00:00 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\zcmpqciq.dll [2004.08.10 21:00:00 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\icdqctv.dll [2004.08.10 21:00:00 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\cfqrufu.dll.bak [2004.08.10 21:00:00 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\cfqrufu.dll [2001.03.30 22:58:36 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\Property.dll ========== LOP Check ========== [2008.12.08 21:00:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Backup [2010.01.24 15:58:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender [2010.04.11 18:47:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro [2010.01.24 04:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts [2008.11.09 22:20:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2009.09.09 19:39:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm [2009.03.22 19:49:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus! [2010.04.08 20:47:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2008.11.20 21:48:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2009.11.18 18:59:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania [2010.04.08 23:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2009.03.19 18:50:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2010.04.14 19:10:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2009.09.21 01:49:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009.04.08 09:13:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010.01.26 23:14:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{DE032019-B933-4DF4-9174-48C52613DA13} [2009.04.09 09:32:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\2K Sports [2010.04.12 18:46:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\BitDefender [2009.08.09 12:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Command & Conquer 3 Kanes Rache [2009.08.02 14:43:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Command & Conquer 3 Tiberium Wars [2010.03.29 20:08:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Command and Conquer 4 [2010.04.11 19:33:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\DAEMON Tools Pro [2010.03.13 22:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Facebook [2009.06.14 23:00:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Games [2010.03.19 21:41:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\gtk-2.0 [2010.01.29 19:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\ICQ [2008.12.14 01:54:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\InterVideo [2008.11.16 23:12:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Leadertech [2008.12.03 11:45:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Red Alert 3 [2008.11.30 22:36:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Red Alert 3 Demo [2009.10.27 04:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\StreamTorrent [2008.11.20 21:58:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Teleca [2009.07.27 12:54:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\temp [2009.11.15 21:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Tific [2010.04.08 23:26:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Ulead Systems [2010.04.17 20:54:05 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2010.04.17 02:36:26 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job [2010.04.14 09:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job [2010.04.14 10:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job [2010.04.14 11:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job [2010.04.14 12:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job [2010.04.14 13:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job [2010.04.16 14:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job [2010.04.16 15:46:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job [2010.04.16 17:02:46 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job [2010.04.16 18:07:48 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job [2010.04.16 19:02:37 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job [2010.04.17 03:04:17 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job [2010.04.16 19:53:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job [2010.04.16 20:50:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job [2010.04.16 23:13:07 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job [2010.04.16 23:42:23 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job [2010.04.17 00:05:07 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job [2010.04.17 02:30:42 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job [2010.04.17 02:43:27 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job [2010.04.17 03:10:28 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job [2010.04.17 03:27:26 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job [2010.04.17 04:03:56 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job [2010.04.17 03:21:43 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job [2010.04.17 05:03:54 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job [2010.04.17 06:03:53 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job [2010.04.17 07:03:53 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job [2010.04.11 15:54:50 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job [2010.04.15 09:00:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job [2010.04.14 10:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job [2010.04.14 11:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job [2010.04.14 12:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job [2010.04.14 13:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job [2010.04.14 14:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job [2010.04.17 03:47:53 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job [2010.04.14 15:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job [2010.04.16 16:02:42 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job [2010.04.16 17:39:15 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job [2010.04.16 18:27:56 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job [2010.04.16 19:19:57 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job [2010.04.16 20:06:21 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job [2010.04.17 21:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job [2010.04.16 23:26:53 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job [2010.04.16 23:56:27 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job [2010.04.17 04:47:17 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job [2010.04.17 05:47:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job [2010.04.17 06:47:36 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job [2010.04.17 07:47:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job [2010.04.14 08:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job [2010.04.17 20:51:01 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.04.17 20:50:16 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.10 21:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.11.10 20:11:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.11.10 20:11:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: AHCIX86.SYS > [2008.03.08 03:24:52 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\ATI\SUPPORT\8-10_xp32_dd_ccc_wdm_enu_69561\SBDrv\RAID7xx\x86\ahcix86.sys < MD5 for: ATAPI.SYS > [2004.08.10 21:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.11.10 20:11:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.11.10 20:11:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.10 21:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.10 21:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008.07.17 13:06:54 | 000,001,536 | ---- | M] () MD5=CAA9BBBE220DDB97B81FAC66321B513B -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll < MD5 for: IASTOR.SYS > [2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.10 21:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: NVATABUS.SYS > [2005.08.18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvatabus.sys < MD5 for: NVRAID.SYS > [2005.08.18 17:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) MD5=A4F2A29B9D40F9FFBBB54E56CE483797 -- C:\WINDOWS\system32\drivers\nvraid.sys < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.10 21:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: VIAMRAID.SYS > [2005.04.08 11:43:26 | 000,060,928 | ---- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2004.08.10 21:00:00 | 000,136,192 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\zcmpqciq.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.04.12 23:55:53 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfm.sys [2010.04.12 23:55:53 | 000,104,456 | ---- | M] (BitDefender LLC) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfndisf.sys [2010.04.12 23:55:54 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfsfltr.sys [2010.04.11 18:47:48 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.11.09 14:06:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2008.11.09 14:06:08 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2008.11.09 14:06:08 | 000,462,848 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < End of report > |
|
17.04.2010, 22:10
| #8 |
| | Mein Trojan.Generic 3580153 1. Hol dir TDSSKiller von Kaspersky Extrahiere die Zip-Datei auf den Desktop (die tdsskiller.exe soll direkt auf dem Desktop liegen, nicht in einem Ordner). Starte tdsskiller.exe Wenn der Scan fertig ist, drücke eine beliebige Taste um fortzufahren. Das Log ist unter c:\TDSSKiller....._log.txt zu finden. Poste dieses Log. |
|
17.04.2010, 22:40
| #9 |
| | Mein Trojan.Generic 3580153Code:
ATTFilter 23:18:15:306 4072 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
23:18:15:306 4072 ================================================================================
23:18:15:306 4072 SystemInfo:
23:18:15:306 4072 OS Version: 5.1.2600 ServicePack: 3.0
23:18:15:306 4072 Product type: Workstation
23:18:15:306 4072 ComputerName: SASH
23:18:15:337 4072 UserName: sascha
23:18:15:337 4072 Windows directory: C:\WINDOWS
23:18:15:337 4072 Processor architecture: Intel x86
23:18:15:337 4072 Number of processors: 2
23:18:15:337 4072 Page size: 0x1000
23:18:15:353 4072 Boot type: Normal boot
23:18:15:353 4072 ================================================================================
23:18:15:353 4072 UnloadDriverW: NtUnloadDriver error 2
23:18:15:353 4072 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
23:18:15:478 4072 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
23:18:15:478 4072 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:18:15:478 4072 wfopen_ex: Trying to KLMD file open
23:18:15:478 4072 wfopen_ex: File opened ok (Flags 2)
23:18:15:478 4072 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
23:18:15:478 4072 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:18:15:478 4072 wfopen_ex: Trying to KLMD file open
23:18:15:478 4072 wfopen_ex: File opened ok (Flags 2)
23:18:15:478 4072 Initialize success
23:18:15:478 4072
23:18:15:493 4072 Scanning Services ...
23:18:16:009 4072 Raw services enum returned 383 services
23:18:16:040 4072
23:18:16:040 4072 Scanning Kernel memory ...
23:18:16:040 4072 Devices to scan: 6
23:18:16:040 4072
23:18:16:040 4072 Driver Name: Disk
23:18:16:040 4072 IRP_MJ_CREATE : F74EDBB0
23:18:16:040 4072 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
23:18:16:040 4072 IRP_MJ_CLOSE : F74EDBB0
23:18:16:040 4072 IRP_MJ_READ : F74E7D1F
23:18:16:040 4072 IRP_MJ_WRITE : F74E7D1F
23:18:16:040 4072 IRP_MJ_QUERY_INFORMATION : 804F4562
23:18:16:040 4072 IRP_MJ_SET_INFORMATION : 804F4562
23:18:16:040 4072 IRP_MJ_QUERY_EA : 804F4562
23:18:16:040 4072 IRP_MJ_SET_EA : 804F4562
23:18:16:040 4072 IRP_MJ_FLUSH_BUFFERS : F74E82E2
23:18:16:040 4072 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
23:18:16:040 4072 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
23:18:16:040 4072 IRP_MJ_DIRECTORY_CONTROL : 804F4562
23:18:16:040 4072 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
23:18:16:040 4072 IRP_MJ_DEVICE_CONTROL : F74E83BB
23:18:16:040 4072 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74EBF28
23:18:16:040 4072 IRP_MJ_SHUTDOWN : F74E82E2
23:18:16:040 4072 IRP_MJ_LOCK_CONTROL : 804F4562
23:18:16:040 4072 IRP_MJ_CLEANUP : 804F4562
23:18:16:040 4072 IRP_MJ_CREATE_MAILSLOT : 804F4562
23:18:16:040 4072 IRP_MJ_QUERY_SECURITY : 804F4562
23:18:16:040 4072 IRP_MJ_SET_SECURITY : 804F4562
23:18:16:040 4072 IRP_MJ_POWER : F74E9C82
23:18:16:040 4072 IRP_MJ_SYSTEM_CONTROL : F74EE99E
23:18:16:040 4072 IRP_MJ_DEVICE_CHANGE : 804F4562
23:18:16:040 4072 IRP_MJ_QUERY_QUOTA : 804F4562
23:18:16:040 4072 IRP_MJ_SET_QUOTA : 804F4562
23:18:16:056 4072 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
23:18:16:056 4072
23:18:16:056 4072 Driver Name: USBSTOR
23:18:16:056 4072 IRP_MJ_CREATE : 89BA51F8
23:18:16:056 4072 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
23:18:16:056 4072 IRP_MJ_CLOSE : 89BA51F8
23:18:16:056 4072 IRP_MJ_READ : 89BA51F8
23:18:16:056 4072 IRP_MJ_WRITE : 89BA51F8
23:18:16:056 4072 IRP_MJ_QUERY_INFORMATION : 804F4562
23:18:16:056 4072 IRP_MJ_SET_INFORMATION : 804F4562
23:18:16:056 4072 IRP_MJ_QUERY_EA : 804F4562
23:18:16:056 4072 IRP_MJ_SET_EA : 804F4562
23:18:16:056 4072 IRP_MJ_FLUSH_BUFFERS : 804F4562
23:18:16:056 4072 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
23:18:16:056 4072 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
23:18:16:056 4072 IRP_MJ_DIRECTORY_CONTROL : 804F4562
23:18:16:056 4072 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
23:18:16:056 4072 IRP_MJ_DEVICE_CONTROL : 89BA51F8
23:18:16:056 4072 IRP_MJ_INTERNAL_DEVICE_CONTROL : 89BA51F8
23:18:16:056 4072 IRP_MJ_SHUTDOWN : 804F4562
23:18:16:056 4072 IRP_MJ_LOCK_CONTROL : 804F4562
23:18:16:056 4072 IRP_MJ_CLEANUP : 804F4562
23:18:16:056 4072 IRP_MJ_CREATE_MAILSLOT : 804F4562
23:18:16:056 4072 IRP_MJ_QUERY_SECURITY : 804F4562
23:18:16:056 4072 IRP_MJ_SET_SECURITY : 804F4562
23:18:16:056 4072 IRP_MJ_POWER : 89BA51F8
23:18:16:056 4072 IRP_MJ_SYSTEM_CONTROL : 89BA51F8
23:18:16:056 4072 IRP_MJ_DEVICE_CHANGE : 804F4562
23:18:16:056 4072 IRP_MJ_QUERY_QUOTA : 804F4562
23:18:16:056 4072 IRP_MJ_SET_QUOTA : 804F4562
23:18:16:071 4072 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
23:18:16:071 4072
23:18:16:071 4072 Driver Name: Disk
23:18:16:071 4072 IRP_MJ_CREATE : F74EDBB0
23:18:16:071 4072 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
23:18:16:071 4072 IRP_MJ_CLOSE : F74EDBB0
23:18:16:071 4072 IRP_MJ_READ : F74E7D1F
23:18:16:071 4072 IRP_MJ_WRITE : F74E7D1F
23:18:16:071 4072 IRP_MJ_QUERY_INFORMATION : 804F4562
23:18:16:071 4072 IRP_MJ_SET_INFORMATION : 804F4562
23:18:16:071 4072 IRP_MJ_QUERY_EA : 804F4562
23:18:16:071 4072 IRP_MJ_SET_EA : 804F4562
23:18:16:071 4072 IRP_MJ_FLUSH_BUFFERS : F74E82E2
23:18:16:071 4072 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
23:18:16:071 4072 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
23:18:16:071 4072 IRP_MJ_DIRECTORY_CONTROL : 804F4562
23:18:16:071 4072 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
23:18:16:071 4072 IRP_MJ_DEVICE_CONTROL : F74E83BB
23:18:16:071 4072 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74EBF28
23:18:16:071 4072 IRP_MJ_SHUTDOWN : F74E82E2
23:18:16:071 4072 IRP_MJ_LOCK_CONTROL : 804F4562
23:18:16:071 4072 IRP_MJ_CLEANUP : 804F4562
23:18:16:071 4072 IRP_MJ_CREATE_MAILSLOT : 804F4562
23:18:16:071 4072 IRP_MJ_QUERY_SECURITY : 804F4562
23:18:16:071 4072 IRP_MJ_SET_SECURITY : 804F4562
23:18:16:071 4072 IRP_MJ_POWER : F74E9C82
23:18:16:071 4072 IRP_MJ_SYSTEM_CONTROL : F74EE99E
23:18:16:071 4072 IRP_MJ_DEVICE_CHANGE : 804F4562
23:18:16:071 4072 IRP_MJ_QUERY_QUOTA : 804F4562
23:18:16:071 4072 IRP_MJ_SET_QUOTA : 804F4562
23:18:16:087 4072 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
23:18:16:087 4072
23:18:16:087 4072 Driver Name: Disk
23:18:16:087 4072 IRP_MJ_CREATE : F74EDBB0
23:18:16:087 4072 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
23:18:16:087 4072 IRP_MJ_CLOSE : F74EDBB0
23:18:16:087 4072 IRP_MJ_READ : F74E7D1F
23:18:16:087 4072 IRP_MJ_WRITE : F74E7D1F
23:18:16:087 4072 IRP_MJ_QUERY_INFORMATION : 804F4562
23:18:16:087 4072 IRP_MJ_SET_INFORMATION : 804F4562
23:18:16:087 4072 IRP_MJ_QUERY_EA : 804F4562
23:18:16:087 4072 IRP_MJ_SET_EA : 804F4562
23:18:16:087 4072 IRP_MJ_FLUSH_BUFFERS : F74E82E2
23:18:16:087 4072 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
23:18:16:087 4072 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
23:18:16:087 4072 IRP_MJ_DIRECTORY_CONTROL : 804F4562
23:18:16:087 4072 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
23:18:16:087 4072 IRP_MJ_DEVICE_CONTROL : F74E83BB
23:18:16:087 4072 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74EBF28
23:18:16:087 4072 IRP_MJ_SHUTDOWN : F74E82E2
23:18:16:087 4072 IRP_MJ_LOCK_CONTROL : 804F4562
23:18:16:087 4072 IRP_MJ_CLEANUP : 804F4562
23:18:16:087 4072 IRP_MJ_CREATE_MAILSLOT : 804F4562
23:18:16:087 4072 IRP_MJ_QUERY_SECURITY : 804F4562
23:18:16:087 4072 IRP_MJ_SET_SECURITY : 804F4562
23:18:16:087 4072 IRP_MJ_POWER : F74E9C82
23:18:16:087 4072 IRP_MJ_SYSTEM_CONTROL : F74EE99E
23:18:16:087 4072 IRP_MJ_DEVICE_CHANGE : 804F4562
23:18:16:087 4072 IRP_MJ_QUERY_QUOTA : 804F4562
23:18:16:087 4072 IRP_MJ_SET_QUOTA : 804F4562
23:18:16:087 4072 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
23:18:16:087 4072
23:18:16:087 4072 Driver Name: atapi
23:18:16:087 4072 IRP_MJ_CREATE : F71E7B40
23:18:16:087 4072 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
23:18:16:087 4072 IRP_MJ_CLOSE : F71E7B40
23:18:16:087 4072 IRP_MJ_READ : 804F4562
23:18:16:087 4072 IRP_MJ_WRITE : 804F4562
23:18:16:087 4072 IRP_MJ_QUERY_INFORMATION : 804F4562
23:18:16:087 4072 IRP_MJ_SET_INFORMATION : 804F4562
23:18:16:087 4072 IRP_MJ_QUERY_EA : 804F4562
23:18:16:087 4072 IRP_MJ_SET_EA : 804F4562
23:18:16:087 4072 IRP_MJ_FLUSH_BUFFERS : 804F4562
23:18:16:087 4072 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
23:18:16:087 4072 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
23:18:16:087 4072 IRP_MJ_DIRECTORY_CONTROL : 804F4562
23:18:16:087 4072 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
23:18:16:087 4072 IRP_MJ_DEVICE_CONTROL : F71E7B40
23:18:16:087 4072 IRP_MJ_INTERNAL_DEVICE_CONTROL : F71E7B40
23:18:16:087 4072 IRP_MJ_SHUTDOWN : 804F4562
23:18:16:087 4072 IRP_MJ_LOCK_CONTROL : 804F4562
23:18:16:087 4072 IRP_MJ_CLEANUP : 804F4562
23:18:16:087 4072 IRP_MJ_CREATE_MAILSLOT : 804F4562
23:18:16:087 4072 IRP_MJ_QUERY_SECURITY : 804F4562
23:18:16:087 4072 IRP_MJ_SET_SECURITY : 804F4562
23:18:16:087 4072 IRP_MJ_POWER : F71E7B40
23:18:16:087 4072 IRP_MJ_SYSTEM_CONTROL : F71E7B40
23:18:16:087 4072 IRP_MJ_DEVICE_CHANGE : 804F4562
23:18:16:087 4072 IRP_MJ_QUERY_QUOTA : 804F4562
23:18:16:087 4072 IRP_MJ_SET_QUOTA : 804F4562
23:18:16:103 4072 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
23:18:16:103 4072
23:18:16:103 4072 Driver Name: atapi
23:18:16:103 4072 IRP_MJ_CREATE : 8A49EAC8
23:18:16:103 4072 IRP_MJ_CREATE_NAMED_PIPE : 8A49EAC8
23:18:16:103 4072 IRP_MJ_CLOSE : 8A49EAC8
23:18:16:103 4072 IRP_MJ_READ : 8A49EAC8
23:18:16:103 4072 IRP_MJ_WRITE : 8A49EAC8
23:18:16:103 4072 IRP_MJ_QUERY_INFORMATION : 8A49EAC8
23:18:16:103 4072 IRP_MJ_SET_INFORMATION : 8A49EAC8
23:18:16:103 4072 IRP_MJ_QUERY_EA : 8A49EAC8
23:18:16:103 4072 IRP_MJ_SET_EA : 8A49EAC8
23:18:16:103 4072 IRP_MJ_FLUSH_BUFFERS : 8A49EAC8
23:18:16:103 4072 IRP_MJ_QUERY_VOLUME_INFORMATION : 8A49EAC8
23:18:16:103 4072 IRP_MJ_SET_VOLUME_INFORMATION : 8A49EAC8
23:18:16:103 4072 IRP_MJ_DIRECTORY_CONTROL : 8A49EAC8
23:18:16:103 4072 IRP_MJ_FILE_SYSTEM_CONTROL : 8A49EAC8
23:18:16:103 4072 IRP_MJ_DEVICE_CONTROL : 8A49EAC8
23:18:16:103 4072 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A49EAC8
23:18:16:103 4072 IRP_MJ_SHUTDOWN : 8A49EAC8
23:18:16:103 4072 IRP_MJ_LOCK_CONTROL : 8A49EAC8
23:18:16:103 4072 IRP_MJ_CLEANUP : 8A49EAC8
23:18:16:103 4072 IRP_MJ_CREATE_MAILSLOT : 8A49EAC8
23:18:16:103 4072 IRP_MJ_QUERY_SECURITY : 8A49EAC8
23:18:16:103 4072 IRP_MJ_SET_SECURITY : 8A49EAC8
23:18:16:103 4072 IRP_MJ_POWER : 8A49EAC8
23:18:16:103 4072 IRP_MJ_SYSTEM_CONTROL : 8A49EAC8
23:18:16:103 4072 IRP_MJ_DEVICE_CHANGE : 8A49EAC8
23:18:16:103 4072 IRP_MJ_QUERY_QUOTA : 8A49EAC8
23:18:16:103 4072 IRP_MJ_SET_QUOTA : 8A49EAC8
23:18:16:103 4072 Driver "atapi" infected by TDSS rootkit!
23:18:16:118 4072 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
23:18:16:118 4072 File "C:\WINDOWS\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 23:18:16:118 4072 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
23:18:16:118 4072 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
23:18:16:587 4072 vfvi6
23:18:16:681 4072 !dsvbh1
23:18:19:353 4072 dsvbh2
23:18:19:353 4072 fdfb2
23:18:19:353 4072 Backup copy found, using it..
23:18:19:493 4072 will be cured on next reboot
23:18:19:493 4072 Reboot required for cure complete..
23:18:19:509 4072 Cure on reboot scheduled successfully
23:18:19:509 4072
23:18:19:509 4072 Completed
23:18:19:509 4072
23:18:19:509 4072 Results:
23:18:19:509 4072 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
23:18:19:509 4072 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
23:18:19:509 4072 File objects infected / cured / cured on reboot: 1 / 0 / 1
23:18:19:509 4072
23:18:19:509 4072 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
23:18:19:509 4072 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
23:18:19:509 4072 UnloadDriverW: NtUnloadDriver error 1
23:18:19:509 4072 KLMD(ARK) unloaded successfully
|
|
17.04.2010, 22:45
| #10 |
| | Mein Trojan.Generic 3580153 Starte den PC neu (wenn nach dem Scan noch nicht gemacht) und das Ganze (also tdsskiller) noch mal. Geändert von Sion (17.04.2010 um 22:56 Uhr) |
|
17.04.2010, 22:57
| #11 |
| | Mein Trojan.Generic 3580153 Der neue Log nach neustart: Code:
ATTFilter 23:50:32:781 2300 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
23:50:32:781 2300 ================================================================================
23:50:32:781 2300 SystemInfo:
23:50:32:781 2300 OS Version: 5.1.2600 ServicePack: 3.0
23:50:32:781 2300 Product type: Workstation
23:50:32:781 2300 ComputerName: SASH
23:50:32:781 2300 UserName: sascha
23:50:32:781 2300 Windows directory: C:\WINDOWS
23:50:32:781 2300 Processor architecture: Intel x86
23:50:32:781 2300 Number of processors: 2
23:50:32:781 2300 Page size: 0x1000
23:50:32:781 2300 Boot type: Normal boot
23:50:32:781 2300 ================================================================================
23:50:32:781 2300 UnloadDriverW: NtUnloadDriver error 2
23:50:32:781 2300 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
23:50:32:890 2300 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
23:50:32:890 2300 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:50:32:890 2300 wfopen_ex: Trying to KLMD file open
23:50:32:890 2300 wfopen_ex: File opened ok (Flags 2)
23:50:32:890 2300 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
23:50:32:890 2300 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:50:32:890 2300 wfopen_ex: Trying to KLMD file open
23:50:32:890 2300 wfopen_ex: File opened ok (Flags 2)
23:50:32:890 2300 Initialize success
23:50:32:890 2300
23:50:32:890 2300 Scanning Services ...
23:50:33:359 2300 Raw services enum returned 382 services
23:50:33:390 2300
23:50:33:390 2300 Scanning Kernel memory ...
23:50:33:390 2300 Devices to scan: 6
23:50:33:390 2300
23:50:33:390 2300 Driver Name: Disk
23:50:33:390 2300 IRP_MJ_CREATE : F74EDBB0
23:50:33:390 2300 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
23:50:33:390 2300 IRP_MJ_CLOSE : F74EDBB0
23:50:33:390 2300 IRP_MJ_READ : F74E7D1F
23:50:33:390 2300 IRP_MJ_WRITE : F74E7D1F
23:50:33:390 2300 IRP_MJ_QUERY_INFORMATION : 804F4562
23:50:33:390 2300 IRP_MJ_SET_INFORMATION : 804F4562
23:50:33:390 2300 IRP_MJ_QUERY_EA : 804F4562
23:50:33:390 2300 IRP_MJ_SET_EA : 804F4562
23:50:33:390 2300 IRP_MJ_FLUSH_BUFFERS : F74E82E2
23:50:33:390 2300 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
23:50:33:390 2300 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
23:50:33:390 2300 IRP_MJ_DIRECTORY_CONTROL : 804F4562
23:50:33:390 2300 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
23:50:33:390 2300 IRP_MJ_DEVICE_CONTROL : F74E83BB
23:50:33:390 2300 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74EBF28
23:50:33:390 2300 IRP_MJ_SHUTDOWN : F74E82E2
23:50:33:390 2300 IRP_MJ_LOCK_CONTROL : 804F4562
23:50:33:390 2300 IRP_MJ_CLEANUP : 804F4562
23:50:33:390 2300 IRP_MJ_CREATE_MAILSLOT : 804F4562
23:50:33:390 2300 IRP_MJ_QUERY_SECURITY : 804F4562
23:50:33:390 2300 IRP_MJ_SET_SECURITY : 804F4562
23:50:33:390 2300 IRP_MJ_POWER : F74E9C82
23:50:33:390 2300 IRP_MJ_SYSTEM_CONTROL : F74EE99E
23:50:33:390 2300 IRP_MJ_DEVICE_CHANGE : 804F4562
23:50:33:390 2300 IRP_MJ_QUERY_QUOTA : 804F4562
23:50:33:390 2300 IRP_MJ_SET_QUOTA : 804F4562
23:50:33:437 2300 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
23:50:33:437 2300
23:50:33:437 2300 Driver Name: USBSTOR
23:50:33:437 2300 IRP_MJ_CREATE : 8A2B83C8
23:50:33:437 2300 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
23:50:33:437 2300 IRP_MJ_CLOSE : 8A2B83C8
23:50:33:437 2300 IRP_MJ_READ : 8A2B83C8
23:50:33:437 2300 IRP_MJ_WRITE : 8A2B83C8
23:50:33:437 2300 IRP_MJ_QUERY_INFORMATION : 804F4562
23:50:33:437 2300 IRP_MJ_SET_INFORMATION : 804F4562
23:50:33:437 2300 IRP_MJ_QUERY_EA : 804F4562
23:50:33:437 2300 IRP_MJ_SET_EA : 804F4562
23:50:33:437 2300 IRP_MJ_FLUSH_BUFFERS : 804F4562
23:50:33:437 2300 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
23:50:33:437 2300 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
23:50:33:437 2300 IRP_MJ_DIRECTORY_CONTROL : 804F4562
23:50:33:437 2300 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
23:50:33:437 2300 IRP_MJ_DEVICE_CONTROL : 8A2B83C8
23:50:33:437 2300 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A2B83C8
23:50:33:437 2300 IRP_MJ_SHUTDOWN : 804F4562
23:50:33:437 2300 IRP_MJ_LOCK_CONTROL : 804F4562
23:50:33:437 2300 IRP_MJ_CLEANUP : 804F4562
23:50:33:437 2300 IRP_MJ_CREATE_MAILSLOT : 804F4562
23:50:33:437 2300 IRP_MJ_QUERY_SECURITY : 804F4562
23:50:33:437 2300 IRP_MJ_SET_SECURITY : 804F4562
23:50:33:437 2300 IRP_MJ_POWER : 8A2B83C8
23:50:33:437 2300 IRP_MJ_SYSTEM_CONTROL : 8A2B83C8
23:50:33:437 2300 IRP_MJ_DEVICE_CHANGE : 804F4562
23:50:33:437 2300 IRP_MJ_QUERY_QUOTA : 804F4562
23:50:33:437 2300 IRP_MJ_SET_QUOTA : 804F4562
23:50:33:437 2300 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
23:50:33:437 2300
23:50:33:437 2300 Driver Name: Disk
23:50:33:437 2300 IRP_MJ_CREATE : F74EDBB0
23:50:33:437 2300 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
23:50:33:437 2300 IRP_MJ_CLOSE : F74EDBB0
23:50:33:437 2300 IRP_MJ_READ : F74E7D1F
23:50:33:437 2300 IRP_MJ_WRITE : F74E7D1F
23:50:33:437 2300 IRP_MJ_QUERY_INFORMATION : 804F4562
23:50:33:437 2300 IRP_MJ_SET_INFORMATION : 804F4562
23:50:33:437 2300 IRP_MJ_QUERY_EA : 804F4562
23:50:33:437 2300 IRP_MJ_SET_EA : 804F4562
23:50:33:437 2300 IRP_MJ_FLUSH_BUFFERS : F74E82E2
23:50:33:437 2300 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
23:50:33:437 2300 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
23:50:33:437 2300 IRP_MJ_DIRECTORY_CONTROL : 804F4562
23:50:33:437 2300 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
23:50:33:437 2300 IRP_MJ_DEVICE_CONTROL : F74E83BB
23:50:33:437 2300 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74EBF28
23:50:33:437 2300 IRP_MJ_SHUTDOWN : F74E82E2
23:50:33:437 2300 IRP_MJ_LOCK_CONTROL : 804F4562
23:50:33:437 2300 IRP_MJ_CLEANUP : 804F4562
23:50:33:437 2300 IRP_MJ_CREATE_MAILSLOT : 804F4562
23:50:33:437 2300 IRP_MJ_QUERY_SECURITY : 804F4562
23:50:33:437 2300 IRP_MJ_SET_SECURITY : 804F4562
23:50:33:437 2300 IRP_MJ_POWER : F74E9C82
23:50:33:453 2300 IRP_MJ_SYSTEM_CONTROL : F74EE99E
23:50:33:453 2300 IRP_MJ_DEVICE_CHANGE : 804F4562
23:50:33:453 2300 IRP_MJ_QUERY_QUOTA : 804F4562
23:50:33:453 2300 IRP_MJ_SET_QUOTA : 804F4562
23:50:33:453 2300 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
23:50:33:453 2300
23:50:33:453 2300 Driver Name: Disk
23:50:33:453 2300 IRP_MJ_CREATE : F74EDBB0
23:50:33:453 2300 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
23:50:33:453 2300 IRP_MJ_CLOSE : F74EDBB0
23:50:33:453 2300 IRP_MJ_READ : F74E7D1F
23:50:33:453 2300 IRP_MJ_WRITE : F74E7D1F
23:50:33:453 2300 IRP_MJ_QUERY_INFORMATION : 804F4562
23:50:33:453 2300 IRP_MJ_SET_INFORMATION : 804F4562
23:50:33:453 2300 IRP_MJ_QUERY_EA : 804F4562
23:50:33:453 2300 IRP_MJ_SET_EA : 804F4562
23:50:33:453 2300 IRP_MJ_FLUSH_BUFFERS : F74E82E2
23:50:33:453 2300 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
23:50:33:453 2300 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
23:50:33:453 2300 IRP_MJ_DIRECTORY_CONTROL : 804F4562
23:50:33:453 2300 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
23:50:33:453 2300 IRP_MJ_DEVICE_CONTROL : F74E83BB
23:50:33:453 2300 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74EBF28
23:50:33:453 2300 IRP_MJ_SHUTDOWN : F74E82E2
23:50:33:453 2300 IRP_MJ_LOCK_CONTROL : 804F4562
23:50:33:453 2300 IRP_MJ_CLEANUP : 804F4562
23:50:33:453 2300 IRP_MJ_CREATE_MAILSLOT : 804F4562
23:50:33:453 2300 IRP_MJ_QUERY_SECURITY : 804F4562
23:50:33:453 2300 IRP_MJ_SET_SECURITY : 804F4562
23:50:33:453 2300 IRP_MJ_POWER : F74E9C82
23:50:33:453 2300 IRP_MJ_SYSTEM_CONTROL : F74EE99E
23:50:33:453 2300 IRP_MJ_DEVICE_CHANGE : 804F4562
23:50:33:453 2300 IRP_MJ_QUERY_QUOTA : 804F4562
23:50:33:453 2300 IRP_MJ_SET_QUOTA : 804F4562
23:50:33:453 2300 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
23:50:33:453 2300
23:50:33:453 2300 Driver Name: atapi
23:50:33:453 2300 IRP_MJ_CREATE : F71E7B40
23:50:33:453 2300 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
23:50:33:453 2300 IRP_MJ_CLOSE : F71E7B40
23:50:33:453 2300 IRP_MJ_READ : 804F4562
23:50:33:453 2300 IRP_MJ_WRITE : 804F4562
23:50:33:453 2300 IRP_MJ_QUERY_INFORMATION : 804F4562
23:50:33:453 2300 IRP_MJ_SET_INFORMATION : 804F4562
23:50:33:453 2300 IRP_MJ_QUERY_EA : 804F4562
23:50:33:453 2300 IRP_MJ_SET_EA : 804F4562
23:50:33:453 2300 IRP_MJ_FLUSH_BUFFERS : 804F4562
23:50:33:453 2300 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
23:50:33:453 2300 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
23:50:33:453 2300 IRP_MJ_DIRECTORY_CONTROL : 804F4562
23:50:33:453 2300 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
23:50:33:453 2300 IRP_MJ_DEVICE_CONTROL : F71E7B40
23:50:33:453 2300 IRP_MJ_INTERNAL_DEVICE_CONTROL : F71E7B40
23:50:33:453 2300 IRP_MJ_SHUTDOWN : 804F4562
23:50:33:453 2300 IRP_MJ_LOCK_CONTROL : 804F4562
23:50:33:453 2300 IRP_MJ_CLEANUP : 804F4562
23:50:33:453 2300 IRP_MJ_CREATE_MAILSLOT : 804F4562
23:50:33:453 2300 IRP_MJ_QUERY_SECURITY : 804F4562
23:50:33:453 2300 IRP_MJ_SET_SECURITY : 804F4562
23:50:33:453 2300 IRP_MJ_POWER : F71E7B40
23:50:33:453 2300 IRP_MJ_SYSTEM_CONTROL : F71E7B40
23:50:33:453 2300 IRP_MJ_DEVICE_CHANGE : 804F4562
23:50:33:453 2300 IRP_MJ_QUERY_QUOTA : 804F4562
23:50:33:453 2300 IRP_MJ_SET_QUOTA : 804F4562
23:50:33:468 2300 C:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1
23:50:33:468 2300
23:50:33:468 2300 Driver Name: atapi
23:50:33:468 2300 IRP_MJ_CREATE : 8A49DAC8
23:50:33:468 2300 IRP_MJ_CREATE_NAMED_PIPE : 8A49DAC8
23:50:33:468 2300 IRP_MJ_CLOSE : 8A49DAC8
23:50:33:468 2300 IRP_MJ_READ : 8A49DAC8
23:50:33:468 2300 IRP_MJ_WRITE : 8A49DAC8
23:50:33:468 2300 IRP_MJ_QUERY_INFORMATION : 8A49DAC8
23:50:33:468 2300 IRP_MJ_SET_INFORMATION : 8A49DAC8
23:50:33:468 2300 IRP_MJ_QUERY_EA : 8A49DAC8
23:50:33:468 2300 IRP_MJ_SET_EA : 8A49DAC8
23:50:33:468 2300 IRP_MJ_FLUSH_BUFFERS : 8A49DAC8
23:50:33:468 2300 IRP_MJ_QUERY_VOLUME_INFORMATION : 8A49DAC8
23:50:33:468 2300 IRP_MJ_SET_VOLUME_INFORMATION : 8A49DAC8
23:50:33:468 2300 IRP_MJ_DIRECTORY_CONTROL : 8A49DAC8
23:50:33:468 2300 IRP_MJ_FILE_SYSTEM_CONTROL : 8A49DAC8
23:50:33:468 2300 IRP_MJ_DEVICE_CONTROL : 8A49DAC8
23:50:33:468 2300 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A49DAC8
23:50:33:468 2300 IRP_MJ_SHUTDOWN : 8A49DAC8
23:50:33:468 2300 IRP_MJ_LOCK_CONTROL : 8A49DAC8
23:50:33:468 2300 IRP_MJ_CLEANUP : 8A49DAC8
23:50:33:468 2300 IRP_MJ_CREATE_MAILSLOT : 8A49DAC8
23:50:33:468 2300 IRP_MJ_QUERY_SECURITY : 8A49DAC8
23:50:33:468 2300 IRP_MJ_SET_SECURITY : 8A49DAC8
23:50:33:468 2300 IRP_MJ_POWER : 8A49DAC8
23:50:33:468 2300 IRP_MJ_SYSTEM_CONTROL : 8A49DAC8
23:50:33:468 2300 IRP_MJ_DEVICE_CHANGE : 8A49DAC8
23:50:33:468 2300 IRP_MJ_QUERY_QUOTA : 8A49DAC8
23:50:33:468 2300 IRP_MJ_SET_QUOTA : 8A49DAC8
23:50:33:468 2300 Driver "atapi" infected by TDSS rootkit!
23:50:33:515 2300 C:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1
23:50:33:515 2300 File "C:\WINDOWS\system32\drivers\atapi.sys" infected by TDSS rootkit ... 23:50:33:515 2300 Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
23:50:33:515 2300 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
23:50:33:781 2300 vfvi6
23:50:33:875 2300 !dsvbh1
23:50:36:984 2300 dsvbh2
23:50:36:984 2300 fdfb2
23:50:36:984 2300 Backup copy found, using it..
23:50:37:046 2300 will be cured on next reboot
23:50:37:046 2300 Reboot required for cure complete..
23:50:37:062 2300 Cure on reboot scheduled successfully
23:50:37:062 2300
23:50:37:062 2300 Completed
23:50:37:062 2300
23:50:37:062 2300 Results:
23:50:37:062 2300 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
23:50:37:062 2300 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
23:50:37:062 2300 File objects infected / cured / cured on reboot: 1 / 0 / 1
23:50:37:062 2300
23:50:37:062 2300 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
23:50:37:062 2300 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
23:50:37:062 2300 UnloadDriverW: NtUnloadDriver error 1
23:50:37:062 2300 KLMD(ARK) unloaded successfully
|
|
17.04.2010, 23:06
| #12 | |
| | Mein Trojan.Generic 3580153 Der tdsskiller packt's nicht.Starte OTL. Klicke auf None Kopiere unten in das Skriptfeld rein: Zitat:
|
|
17.04.2010, 23:20
| #13 |
| | Mein Trojan.Generic 3580153Code:
ATTFilter OTL logfile created on: 18.04.2010 00:14:51 - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Dokumente und Einstellungen\sascha\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 3069 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 17,50 Gb Free Space | 7,51% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 46,21 Gb Free Space | 19,84% Space Free | Partition Type: NTFS
Drive E: | 3,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
Drive G: | 233,75 Gb Total Space | 19,83 Gb Free Space | 8,48% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SASH
Current User Name: sascha
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Custom Scans ==========
< MD5 for: ATAPI.SYS >
[2004.08.10 21:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.11.10 20:11:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.11.10 20:11:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010.04.17 23:51:36 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.10 21:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< End of report >
|
|
18.04.2010, 10:00
| #14 | ||
| | Mein Trojan.Generic 3580153 War schon spät gestern... Du hast anscheinend vom tdsskiller ein und das selbe Log gepostet: Zitat:
Zitat:
|
|
18.04.2010, 10:51
| #15 |
| | Mein Trojan.Generic 3580153 Also die 2 Daten passen gar nicht zum gestrigen Tag, die stehen jedoch bei beiden Logs dabei. Links steht doch die Uhrzeit oder? Zumindest würde das passen, weil ich den ersten Log um 23:18 und den 2. um 23:50 erstellt habe. Aber ich kann ruhig nochmal einen erstellen, nur wird sich (keine Ahnung warum) am 22. März nichts ändern. |
|
| Themen zu Mein Trojan.Generic 3580153 |
| ad-aware, bho, browser, defender, desktop, dringend, einstellungen, enigma, firefox, google, gupdate, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, jusched.exe, mozilla, neu aufsetzen, plug-in, programm, security, security suite, senden, software, spyhunter 4, system, system 32, trojaner, uleadburninghelper, viren, virus, windows, windows xp |
Linear-Darstellung
