| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: sdra64.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.05.2010, 19:33
| #1 |
| |  sdra64.exe Hallo, ich habe mir die "Datei" sdra64.exe eingefangen. Als Computerviren-Legasteniker habe ich keine Ahnung, welche Informationen hierfür relevant sind... Müsste alles aus dem HijackThis-File hervorgehen // Ich nutze Windows Vista und habe Avira AntiVir laufen. Nebenbei bemerkt hab' ich ein Problem Malewarebytes zu öffnen, Installation etc. ist kein Problem, alle anderen Programme laufen problemlos... hatte dieses Problem mit Vista aber schon seit Beginn an mit einzelnen Programmen, auch 'als Admin öffnen' hilft nicht. Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:43:12, on 24.05.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\FSC OSD Utility\OSDUtility.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Users\Sommer\AppData\Roaming\SystemProc\lsass.exe C:\Windows\System32\rundll32.exe C:\Users\Sommer\Program Files\DNA\btdna.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\conime.exe C:\Program Files\Avira\AntiVir Desktop\avcenter.exe C:\Users\Sommer\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [FSC OSD Utility] c:\PROGRA~1\FSCOSD~1\OSDUTI~1.EXE O4 - HKLM\..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [fsc-reg] C:\fsc-reg\fscreg.exe 20100522 O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [NCsoft Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\Sommer\AppData\Local\Temp\Icx.exe O4 - HKCU\..\Run: [RTHDBPL] C:\Users\Sommer\AppData\Roaming\SystemProc\lsass.exe O4 - HKCU\..\Run: [userinit] C:\Users\Sommer\AppData\Roaming\sdra64.exe O4 - HKCU\..\Run: [opqnlisys] rundll32.exe "c:\users\sommer\appdata\local\temp\khgdab.dll",DllRegisterServer O4 - HKCU\..\Run: [mcexecwin] rundll32.exe C:\Users\Sommer\AppData\Local\Temp\mmony.dll, RestoreWindows O4 - HKCU\..\Run: [hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] C:\Users\Sommer\AppData\Local\Temp\idiox5j.exe O4 - HKCU\..\Run: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] C:\Users\Sommer\AppData\Local\Temp\user.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Sommer\Program Files\DNA\btdna.exe" O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'Default user') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {CA38EC3E-4521-4876-B18E-8C3D9B92694C} (OGNChatModule Control) - hxxp://ongamenet.com/uploadfiles/service/module/OGNChatModule.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: FSCLBaseUpdaterService - Unknown owner - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 6689 bytes Geändert von s0m (24.05.2010 um 19:43 Uhr) |
|
25.05.2010, 09:54
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | sdra64.exe Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Falls Malwarebytes nicht startet => http://www.trojaner-board.de/82699-m...tet-nicht.html Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
25.05.2010, 12:59
| #3 |
| | sdra64.exeCode:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4052
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18702
25.05.2010 12:27:30
mbam-log-2010-05-25 (12-27-30).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 206158
Laufzeit: 1 Stunde(n), 4 Minute(n), 21 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4
Infizierte Speicherprozesse:
C:\Users\***\AppData\Roaming\SystemProc\lsass.exe (Trojan.Agent) -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcexecwin (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\opqnlisys (Trojan.Vundo) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
C:\Users\Sommer\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RPVZM7B\hypwhc[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4NV2ZYQ\kkemu[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\khgdab.dll (Trojan.Vundo) -> Delete on reboot.
Code:
ATTFilter OTL logfile created on: 25.05.2010 13:00:09 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 92,21 Gb Total Space | 32,90 Gb Free Space | 35,68% Space Free | Partition Type: NTFS Drive D: | 131,89 Gb Total Space | 131,80 Gb Free Space | 99,93% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\***\Program Files\DNA\btdna.exe (BitTorrent, Inc.) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\FSC OSD Utility\OSDUtility.exe (Quanta Computer Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe () ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (FSCLBaseUpdaterService) -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe () ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (StMp3Rec) -- C:\Windows\System32\drivers\StMp3Rec.sys (Generic) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.04 18:48:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 18:48:55 | 000,000,000 | ---D | M] [2009.03.27 20:42:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.05.23 14:00:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ikjg0ue5.default\extensions [2010.05.23 14:00:35 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ikjg0ue5.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.04.18 20:17:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ikjg0ue5.default\extensions\searchrecs@veoh.com [2010.05.23 21:08:40 | 000,000,955 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ikjg0ue5.default\searchplugins\icqplugin.xml [2010.05.24 00:08:06 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.03.27 21:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.04.01 05:29:19 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll [2010.02.19 16:10:01 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.02.19 16:10:01 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.02.19 16:10:01 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.02.19 16:10:01 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.02.19 16:10:01 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FSC OSD Utility] c:\Programme\FSC OSD Utility\OSDUtility.exe (Quanta Computer Inc.) O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe File not found O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found O4 - HKLM..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\***\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [fccyyasys] c:\users\***\appdata\local\temp\khgdab.DLL File not found O4 - HKCU..\Run: [fsc-reg] C:\fsc-reg\fscreg.exe (Fujitsu Siemens) O4 - HKCU..\Run: [hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] C:\Users\***\AppData\Local\Temp\idiox5j.exe File not found O4 - HKCU..\Run: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] C:\Users\***\AppData\Local\Temp\user.exe File not found O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe File not found O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\***\AppData\Local\Temp\Icx.exe File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe File not found O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CA38EC3E-4521-4876-B18E-8C3D9B92694C} hxxp://ongamenet.com/uploadfiles/service/module/OGNChatModule.cab (OGNChatModule Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6ecb3626-ad1f-11de-80e1-00238b6321c7}\Shell - "" = AutoRun O33 - MountPoints2\{6ecb3626-ad1f-11de-80e1-00238b6321c7}\Shell\AutoRun\command - "" = F:\BOOT.EXE -- File not found O33 - MountPoints2\{94d78459-ca00-11de-bda1-00225f5c4026}\Shell - "" = AutoRun O33 - MountPoints2\{94d78459-ca00-11de-bda1-00225f5c4026}\Shell\AutoRun\command - "" = F:\BOOT.EXE -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.25 12:59:23 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.05.25 12:35:18 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner [2010.05.24 19:44:09 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.05.24 19:44:09 | 000,000,000 | ---D | C] -- C:\rsit [2010.05.24 19:42:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe [2010.05.24 18:58:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.24 18:58:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.24 18:57:51 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup.com [2010.05.24 18:46:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.05.24 18:45:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.24 18:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.24 17:23:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.05.24 15:13:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Fujitsu [2010.05.24 15:13:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Fujitsu [2010.05.24 11:51:09 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Overflow [2010.05.24 11:29:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [2010.05.24 11:25:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DNA [2010.05.24 11:25:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DNA [2010.05.24 00:01:30 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Roaming\lowsec [2010.05.17 15:41:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DivX [2010.05.17 15:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.05.01 08:38:45 | 001,414,440 | ---- | C] (Nero AG) -- C:\Windows\System32\ShellManager310E2D762.dll [2010.05.01 08:34:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nero ========== Files - Modified Within 30 Days ========== [2010.05.25 13:01:49 | 002,359,296 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.05.25 12:59:01 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.05.25 12:57:58 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.05.25 12:56:58 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.25 12:56:58 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.25 12:56:58 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.25 12:56:58 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.25 12:56:58 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.25 12:30:01 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.05.25 12:29:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.25 12:29:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.25 12:29:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.25 12:29:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.25 12:29:29 | 3047,837,696 | -HS- | M] () -- C:\hiberfil.sys [2010.05.25 12:28:41 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.05.25 12:28:41 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.05.25 12:28:39 | 003,847,725 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.05.24 19:40:56 | 000,824,681 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe [2010.05.24 19:40:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe [2010.05.24 19:01:03 | 000,071,528 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.05.24 19:00:17 | 000,298,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.05.24 18:58:27 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.24 18:55:00 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup.com [2010.05.24 14:58:54 | 000,000,256 | -H-- | M] () -- C:\Windows\System32\LTAW14FN.BIN [2010.05.24 14:58:54 | 000,000,256 | -H-- | M] () -- C:\Windows\System32\FJLTAFOU.BIN [2010.05.24 14:46:27 | 000,000,779 | ---- | M] () -- C:\Users\***\Documents\Temp - Verknüpfung.lnk [2010.05.24 14:46:27 | 000,000,779 | ---- | M] () -- C:\Users\***\Desktop\Temp - Verknüpfung.lnk [2010.05.24 13:22:06 | 000,027,136 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.23 14:29:23 | 000,003,321 | -HS- | M] () -- C:\Users\***\AppData\Roaming\020000006ac3f672922P.manifest [2010.05.23 14:27:35 | 000,182,272 | ---- | M] () -- C:\ProgramData\dhcpsapi32.dll [2010.05.23 14:27:35 | 000,000,013 | -HS- | M] () -- C:\Users\***\AppData\Roaming\020000006ac3f672922C.manifest [2010.05.23 14:27:35 | 000,000,011 | -HS- | M] () -- C:\Users\***\AppData\Roaming\020000006ac3f672922S.manifest [2010.05.23 14:27:35 | 000,000,011 | -HS- | M] () -- C:\Users\***\AppData\Roaming\020000006ac3f672922O.manifest [2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.05.01 08:37:58 | 000,000,000 | ---- | M] () -- C:\Windows\Irremote.ini [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2010.05.24 19:42:37 | 000,824,681 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe [2010.05.24 18:58:27 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.24 14:58:54 | 000,000,256 | -H-- | C] () -- C:\Windows\System32\LTAW14FN.BIN [2010.05.24 14:58:54 | 000,000,256 | -H-- | C] () -- C:\Windows\System32\FJLTAFOU.BIN [2010.05.24 14:46:27 | 000,000,779 | ---- | C] () -- C:\Users\***\Documents\Temp - Verknüpfung.lnk [2010.05.24 14:46:27 | 000,000,779 | ---- | C] () -- C:\Users\***\Desktop\Temp - Verknüpfung.lnk [2010.05.23 14:27:35 | 000,182,272 | ---- | C] () -- C:\ProgramData\dhcpsapi32.dll [2010.05.23 14:27:35 | 000,003,321 | -HS- | C] () -- C:\Users\***\AppData\Roaming\020000006ac3f672922P.manifest [2010.05.23 14:27:35 | 000,000,013 | -HS- | C] () -- C:\Users\***\AppData\Roaming\020000006ac3f672922C.manifest [2010.05.23 14:27:35 | 000,000,011 | -HS- | C] () -- C:\Users\***\AppData\Roaming\020000006ac3f672922S.manifest [2010.05.23 14:27:35 | 000,000,011 | -HS- | C] () -- C:\Users\***\AppData\Roaming\020000006ac3f672922O.manifest [2010.05.23 14:27:23 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.05.01 08:38:45 | 000,774,144 | ---- | C] () -- C:\Windows\System32\NEROINSTAEC43759.DB [2010.05.01 08:37:58 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2009.10.24 22:53:39 | 000,000,020 | ---- | C] () -- C:\Windows\GKLauncherInfo.ini [2009.09.29 19:41:24 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.08.13 21:54:56 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2009.07.16 20:01:28 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.07.16 20:01:28 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.07.16 20:01:28 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009.04.19 14:59:53 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.03.27 17:24:43 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2008.10.10 15:12:12 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll [2008.04.25 15:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2004.10.11 20:51:40 | 000,223,232 | ---- | C] () -- C:\Windows\System32\sqlite3.dll ========== Files - Unicode (All) ========== [2010.05.24 17:11:13 | 000,001,910 | ---- | M] ()(C:\Users\***\Documents\???????.lnk) -- C:\Users\***\Documents\スクールディズ.lnk [2010.05.24 11:59:49 | 000,001,910 | ---- | C] ()(C:\Users\***\Documents\???????.lnk) -- C:\Users\***\Documents\スクールディズ.lnk < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.05.2010 13:00:09 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 32,90 Gb Free Space | 35,68% Space Free | Partition Type: NTFS
Drive D: | 131,89 Gb Total Space | 131,80 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B062B9-93FF-4C50-B2FF-EBC187559172}" = lport=139 | protocol=6 | dir=in | app=system |
"{02045E50-EBD3-4872-ADDE-204373EAED95}" = lport=137 | protocol=17 | dir=in | app=system |
"{2F35CEDA-CB9B-44CD-B2D4-76C73688D304}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4894008F-6D59-4B7F-A737-982D4032EF46}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6086BDE8-2C4C-4239-A1F8-880CF65E3B0E}" = rport=139 | protocol=6 | dir=out | app=system |
"{6A087D7C-48D8-4833-838C-F1593780A067}" = lport=445 | protocol=6 | dir=in | app=system |
"{A2062885-74B4-4810-BBCC-A211D810B643}" = lport=138 | protocol=17 | dir=in | app=system |
"{ADED89C8-F11B-4048-991A-9E6CAD9D492D}" = rport=445 | protocol=6 | dir=out | app=system |
"{B60D0FA1-353C-42AE-92CC-F85623AB5692}" = rport=138 | protocol=17 | dir=out | app=system |
"{D5BC0AF5-3562-4C9A-8A87-57E67F2B5AEB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D8F918DA-34B9-448F-848D-016EECD0A5A1}" = rport=137 | protocol=17 | dir=out | app=system |
"{E5972430-80BA-43DA-A4FF-1C5DD1FEDAA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F8D8610-62FD-422F-92DB-20D5BC9E4AF3}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{0FDDAB68-6F18-4B46-A242-8E1398D6430D}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{1A606759-8516-4AAA-BD18-593EF9CCC156}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3152476D-E394-41ED-812B-06F0C244C11B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3D040730-F6C2-4B92-947B-892106A3AE04}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{415105D3-9E50-4BF9-B3FB-B2E523BE2A6A}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{48049245-7B91-4583-83F2-DB3281DD2234}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{62BD05C4-6F4B-412A-BDDE-C10EE5B49B79}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{65417830-2EA4-4A70-8FCF-0590955B6380}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6CE9C0E1-7567-4170-90F1-4EDFD3F314BE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{70FEA5A7-07AD-4338-8D38-3DD9A58A7352}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{727D98A8-A42C-40E6-9C34-ADFBCC1DE740}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{7EEF0A98-E621-4A78-8E0E-76324D7464A9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{83ED41C4-2C5E-4367-93B7-420B78A5C3A1}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{85F0F8EA-B4F4-4A86-BBA4-8943E7F572BF}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9E585A28-A6E6-43DE-A1DE-B9A8D3683627}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ACDB7FAC-6B0D-44C9-A5C6-0D76F1280DC1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B661DA2B-7D63-4375-B16F-6BBC897840B4}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{C678ECCB-1BA6-4AD5-9F92-653F0FA85D68}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CF3C9125-9391-4EF2-BE18-CF5996EB0D0E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D42129D2-F41B-45D2-942B-79C7D3222748}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{D53D4B7F-AED7-41B3-95A9-20022E4FCF50}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{F377F3BD-834E-460B-9EE9-745AB933E38D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F88866A6-211F-4C69-98FD-092D51DB1A3B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{019F574D-B542-4FD5-A4CF-09815D8E4DB7}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{154C01A2-0FEE-47C7-A12B-D5C01C1239C8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{94A0B690-C76A-470D-8707-833809743274}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{9ACAF55F-9672-4B44-9B11-3C94203B0B03}C:\program files\microprose\risiko ii\riskii.icd" = protocol=6 | dir=in | app=c:\program files\microprose\risiko ii\riskii.icd |
"TCP Query User{C7429DE0-B195-4A63-B47A-4593AFC9F3AB}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{FA0841A9-42AB-4F2A-A39E-5D26753C492B}C:\users\***\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\***\program files\dna\btdna.exe |
"UDP Query User{008CD2E9-47A1-4E4D-B877-34115D6E0459}C:\program files\microprose\risiko ii\riskii.icd" = protocol=17 | dir=in | app=c:\program files\microprose\risiko ii\riskii.icd |
"UDP Query User{14480D39-44D2-4461-94EB-2E699DF49CB3}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{3096F6D1-E3E9-48A3-A6E8-554C1F61F5AC}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{3F26720A-D46F-43A5-9227-F31ED52E16C0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{577AB4F1-4743-43A5-BCA1-9B1FD74BDFA6}C:\users\***\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\***\program files\dna\btdna.exe |
"UDP Query User{5CEC4972-6EEE-4883-AD3A-5FEFB25B6B52}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0590BB91-B280-4BAB-95D7-D6558117D27C}" = SA304x Device Manager
"{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}" = SA304x Media Converter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8FF800ED-97BB-4F68-AC79-A3CD20496157}" = SchoolDays
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{B72CF634-2F89-478A-86E7-96F80CDAF284}" = SA304x Media Converter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"RealAlt_is1" = Real Alternative 1.9.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Veoh Web Player Beta" = Veoh Web Player
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.05.2010 13:13:55 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.1.3726, Zeitstempel
0x4b9e5a0c, fehlerhaftes Modul xul.dll, Version 1.9.1.3726, Zeitstempel 0x4b9e59d7,
Ausnahmecode 0xc0000005, Fehleroffset 0x006a6064, Prozess-ID 0x9d0, Anwendungsstartzeit
01caf8fd29953b89.
Error - 22.05.2010 09:19:14 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 22.05.2010 09:19:14 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 22.05.2010 09:19:55 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =
Error - 23.05.2010 08:27:15 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Icv.exe, Version 0.0.0.0, Zeitstempel 0x4a19d3f2,
fehlerhaftes Modul msvcrt.dll, Version 7.0.6001.18000, Zeitstempel 0x4791a727,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a1b4, Prozess-ID 0x44c, Anwendungsstartzeit
01cafa7345fbde09.
Error - 23.05.2010 08:27:17 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Icw.exe, Version 0.0.0.0, Zeitstempel 0x49b6f3e3,
fehlerhaftes Modul MSVCRT.DLL, Version 7.0.6001.18000, Zeitstempel 0x4791a727,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a1b4, Prozess-ID 0x7a8, Anwendungsstartzeit
01cafa7347c81289.
Error - 23.05.2010 09:36:57 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.05.2010 09:36:57 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.05.2010 09:37:13 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =
< End of report >
|
|
25.05.2010, 13:16
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | sdra64.exeZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.05.2010, 16:05
| #5 |
| | sdra64.exeCode:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4142
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18702
25.05.2010 16:34:50
mbam-log-2010-05-25 (16-34-50).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 210179
Laufzeit: 1 Stunde(n), 1 Minute(n), 43 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsfg9w8gujsokgahi8gysgnsdgefshyjy (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fccyyasys (Trojan.Vundo) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\ProgramData\dhcpsapi32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Code:
ATTFilter OTL logfile created on: 25.05.2010 16:43:12 - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Sommer\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 32,69 Gb Free Space | 35,45% Space Free | Partition Type: NTFS
Drive D: | 131,89 Gb Total Space | 131,80 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC
Current User Name: Sommer
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Sommer\Desktop\OTL(3).exe (OldTimer Tools)
PRC - C:\Users\Sommer\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\FSC OSD Utility\OSDUtility.exe (Quanta Computer Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
========== Modules (SafeList) ==========
MOD - C:\Users\Sommer\Desktop\OTL(3).exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FSCLBaseUpdaterService) -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
========== Driver Services (SafeList) ==========
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (StMp3Rec) -- C:\Windows\System32\drivers\StMp3Rec.sys (Generic)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.04 18:48:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 18:48:55 | 000,000,000 | ---D | M]
[2009.03.27 20:42:39 | 000,000,000 | ---D | M] -- C:\Users\Sommer\AppData\Roaming\mozilla\Extensions
[2010.05.23 14:00:36 | 000,000,000 | ---D | M] -- C:\Users\Sommer\AppData\Roaming\mozilla\Firefox\Profiles\ikjg0ue5.default\extensions
[2010.05.23 14:00:35 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Sommer\AppData\Roaming\mozilla\Firefox\Profiles\ikjg0ue5.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.04.18 20:17:59 | 000,000,000 | ---D | M] -- C:\Users\Sommer\AppData\Roaming\mozilla\Firefox\Profiles\ikjg0ue5.default\extensions\searchrecs@veoh.com
[2010.05.23 21:08:40 | 000,000,955 | ---- | M] () -- C:\Users\Sommer\AppData\Roaming\Mozilla\FireFox\Profiles\ikjg0ue5.default\searchplugins\icqplugin.xml
[2010.05.24 00:08:06 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.03.27 21:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.01 05:29:19 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010.02.19 16:10:01 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.19 16:10:01 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.19 16:10:01 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.19 16:10:01 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.19 16:10:01 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FSC OSD Utility] c:\Programme\FSC OSD Utility\OSDUtility.exe (Quanta Computer Inc.)
O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe File not found
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found
O4 - HKLM..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Sommer\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [fsc-reg] C:\fsc-reg\fscreg.exe (Fujitsu Siemens)
O4 - HKCU..\Run: [hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] C:\Users\Sommer\AppData\Local\Temp\idiox5j.exe File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe File not found
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CA38EC3E-4521-4876-B18E-8C3D9B92694C} hxxp://ongamenet.com/uploadfiles/service/module/OGNChatModule.cab (OGNChatModule Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6ecb3626-ad1f-11de-80e1-00238b6321c7}\Shell - "" = AutoRun
O33 - MountPoints2\{6ecb3626-ad1f-11de-80e1-00238b6321c7}\Shell\AutoRun\command - "" = F:\BOOT.EXE -- File not found
O33 - MountPoints2\{94d78459-ca00-11de-bda1-00225f5c4026}\Shell - "" = AutoRun
O33 - MountPoints2\{94d78459-ca00-11de-bda1-00225f5c4026}\Shell\AutoRun\command - "" = F:\BOOT.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.05.25 16:41:59 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Sommer\Desktop\OTL(3).exe
[2010.05.25 14:42:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.25 14:42:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.25 14:41:52 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sommer\Desktop\mbam146-setup.exe
[2010.05.25 12:35:18 | 000,000,000 | ---D | C] -- C:\Users\Sommer\Desktop\Neuer Ordner
[2010.05.24 19:44:09 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.05.24 19:44:09 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.24 19:42:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Sommer\Desktop\HiJackThis204.exe
[2010.05.24 18:46:07 | 000,000,000 | ---D | C] -- C:\Users\Sommer\AppData\Roaming\Malwarebytes
[2010.05.24 18:45:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.24 18:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.24 17:23:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.05.24 15:13:45 | 000,000,000 | ---D | C] -- C:\Users\Sommer\AppData\Roaming\Fujitsu
[2010.05.24 15:13:45 | 000,000,000 | ---D | C] -- C:\Users\Sommer\AppData\Local\Fujitsu
[2010.05.24 11:51:09 | 000,000,000 | ---D | C] -- C:\Users\Sommer\Documents\Overflow
[2010.05.24 11:29:24 | 000,000,000 | ---D | C] -- C:\Users\Sommer\AppData\Local\Temp
[2010.05.24 11:25:21 | 000,000,000 | ---D | C] -- C:\Users\Sommer\AppData\Local\DNA
[2010.05.24 11:25:20 | 000,000,000 | ---D | C] -- C:\Users\Sommer\AppData\Roaming\DNA
[2010.05.24 00:01:30 | 000,000,000 | -HSD | C] -- C:\Users\Sommer\AppData\Roaming\lowsec
[2010.05.17 15:41:57 | 000,000,000 | ---D | C] -- C:\Users\Sommer\AppData\Roaming\DivX
[2010.05.17 15:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.05.01 08:38:45 | 001,414,440 | ---- | C] (Nero AG) -- C:\Windows\System32\ShellManager310E2D762.dll
[2010.05.01 08:34:39 | 000,000,000 | ---D | C] -- C:\Users\Sommer\AppData\Roaming\Nero
========== Files - Modified Within 30 Days ==========
[2010.05.25 16:43:57 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.25 16:43:57 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.25 16:43:57 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.25 16:43:57 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.25 16:43:57 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.25 16:42:46 | 002,359,296 | -HS- | M] () -- C:\Users\Sommer\NTUSER.DAT
[2010.05.25 16:38:42 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Sommer\Desktop\OTL(3).exe
[2010.05.25 16:36:53 | 000,000,680 | ---- | M] () -- C:\Users\Sommer\AppData\Local\d3d9caps.dat
[2010.05.25 16:36:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.25 16:36:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.25 16:36:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.25 16:36:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.25 16:36:16 | 3049,902,080 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.25 16:35:30 | 000,524,288 | -HS- | M] () -- C:\Users\Sommer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.05.25 16:35:30 | 000,065,536 | -HS- | M] () -- C:\Users\Sommer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.05.25 16:35:28 | 006,291,456 | -H-- | M] () -- C:\Users\Sommer\AppData\Local\IconCache.db
[2010.05.25 14:42:28 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.24 19:40:56 | 000,824,681 | ---- | M] () -- C:\Users\Sommer\Desktop\RSIT.exe
[2010.05.24 19:40:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Sommer\Desktop\HiJackThis204.exe
[2010.05.24 19:01:03 | 000,071,528 | ---- | M] () -- C:\Users\Sommer\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.24 19:00:17 | 000,298,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.24 18:55:00 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sommer\Desktop\mbam146-setup.exe
[2010.05.24 14:58:54 | 000,000,256 | -H-- | M] () -- C:\Windows\System32\LTAW14FN.BIN
[2010.05.24 14:58:54 | 000,000,256 | -H-- | M] () -- C:\Windows\System32\FJLTAFOU.BIN
[2010.05.24 14:46:27 | 000,000,779 | ---- | M] () -- C:\Users\Sommer\Documents\Temp - Verknüpfung.lnk
[2010.05.24 14:46:27 | 000,000,779 | ---- | M] () -- C:\Users\Sommer\Desktop\Temp - Verknüpfung.lnk
[2010.05.24 13:22:06 | 000,027,136 | ---- | M] () -- C:\Users\Sommer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.23 14:29:23 | 000,003,321 | -HS- | M] () -- C:\Users\Sommer\AppData\Roaming\020000006ac3f672922P.manifest
[2010.05.23 14:27:35 | 000,000,013 | -HS- | M] () -- C:\Users\Sommer\AppData\Roaming\020000006ac3f672922C.manifest
[2010.05.23 14:27:35 | 000,000,011 | -HS- | M] () -- C:\Users\Sommer\AppData\Roaming\020000006ac3f672922S.manifest
[2010.05.23 14:27:35 | 000,000,011 | -HS- | M] () -- C:\Users\Sommer\AppData\Roaming\020000006ac3f672922O.manifest
[2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.01 08:37:58 | 000,000,000 | ---- | M] () -- C:\Windows\Irremote.ini
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2010.05.25 14:42:28 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.24 19:42:37 | 000,824,681 | ---- | C] () -- C:\Users\Sommer\Desktop\RSIT.exe
[2010.05.24 14:58:54 | 000,000,256 | -H-- | C] () -- C:\Windows\System32\LTAW14FN.BIN
[2010.05.24 14:58:54 | 000,000,256 | -H-- | C] () -- C:\Windows\System32\FJLTAFOU.BIN
[2010.05.24 14:46:27 | 000,000,779 | ---- | C] () -- C:\Users\Sommer\Documents\Temp - Verknüpfung.lnk
[2010.05.24 14:46:27 | 000,000,779 | ---- | C] () -- C:\Users\Sommer\Desktop\Temp - Verknüpfung.lnk
[2010.05.23 14:27:35 | 000,003,321 | -HS- | C] () -- C:\Users\Sommer\AppData\Roaming\020000006ac3f672922P.manifest
[2010.05.23 14:27:35 | 000,000,013 | -HS- | C] () -- C:\Users\Sommer\AppData\Roaming\020000006ac3f672922C.manifest
[2010.05.23 14:27:35 | 000,000,011 | -HS- | C] () -- C:\Users\Sommer\AppData\Roaming\020000006ac3f672922S.manifest
[2010.05.23 14:27:35 | 000,000,011 | -HS- | C] () -- C:\Users\Sommer\AppData\Roaming\020000006ac3f672922O.manifest
[2010.05.01 08:38:45 | 000,774,144 | ---- | C] () -- C:\Windows\System32\NEROINSTAEC43759.DB
[2010.05.01 08:37:58 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.10.24 22:53:39 | 000,000,020 | ---- | C] () -- C:\Windows\GKLauncherInfo.ini
[2009.09.29 19:41:24 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.08.13 21:54:56 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009.07.16 20:01:28 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.07.16 20:01:28 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.07.16 20:01:28 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009.04.19 14:59:53 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.03.27 17:24:43 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2008.10.10 15:12:12 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.04.25 15:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.10.11 20:51:40 | 000,223,232 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
========== Files - Unicode (All) ==========
[2010.05.24 17:11:13 | 000,001,910 | ---- | M] ()(C:\Users\Sommer\Documents\???????.lnk) -- C:\Users\Sommer\Documents\スクールディズ.lnk
[2010.05.24 11:59:49 | 000,001,910 | ---- | C] ()(C:\Users\Sommer\Documents\???????.lnk) -- C:\Users\Sommer\Documents\スクールディズ.lnk
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 25.05.2010 16:43:12 - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Sommer\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 32,69 Gb Free Space | 35,45% Space Free | Partition Type: NTFS
Drive D: | 131,89 Gb Total Space | 131,80 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC
Current User Name: Sommer
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B062B9-93FF-4C50-B2FF-EBC187559172}" = lport=139 | protocol=6 | dir=in | app=system |
"{02045E50-EBD3-4872-ADDE-204373EAED95}" = lport=137 | protocol=17 | dir=in | app=system |
"{2F35CEDA-CB9B-44CD-B2D4-76C73688D304}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4894008F-6D59-4B7F-A737-982D4032EF46}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6086BDE8-2C4C-4239-A1F8-880CF65E3B0E}" = rport=139 | protocol=6 | dir=out | app=system |
"{6A087D7C-48D8-4833-838C-F1593780A067}" = lport=445 | protocol=6 | dir=in | app=system |
"{A2062885-74B4-4810-BBCC-A211D810B643}" = lport=138 | protocol=17 | dir=in | app=system |
"{ADED89C8-F11B-4048-991A-9E6CAD9D492D}" = rport=445 | protocol=6 | dir=out | app=system |
"{B60D0FA1-353C-42AE-92CC-F85623AB5692}" = rport=138 | protocol=17 | dir=out | app=system |
"{D5BC0AF5-3562-4C9A-8A87-57E67F2B5AEB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D8F918DA-34B9-448F-848D-016EECD0A5A1}" = rport=137 | protocol=17 | dir=out | app=system |
"{E5972430-80BA-43DA-A4FF-1C5DD1FEDAA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F8D8610-62FD-422F-92DB-20D5BC9E4AF3}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{0FDDAB68-6F18-4B46-A242-8E1398D6430D}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{1A606759-8516-4AAA-BD18-593EF9CCC156}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3152476D-E394-41ED-812B-06F0C244C11B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3D040730-F6C2-4B92-947B-892106A3AE04}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{415105D3-9E50-4BF9-B3FB-B2E523BE2A6A}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{48049245-7B91-4583-83F2-DB3281DD2234}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{62BD05C4-6F4B-412A-BDDE-C10EE5B49B79}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{65417830-2EA4-4A70-8FCF-0590955B6380}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6CE9C0E1-7567-4170-90F1-4EDFD3F314BE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{70FEA5A7-07AD-4338-8D38-3DD9A58A7352}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{727D98A8-A42C-40E6-9C34-ADFBCC1DE740}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{7EEF0A98-E621-4A78-8E0E-76324D7464A9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{83ED41C4-2C5E-4367-93B7-420B78A5C3A1}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{85F0F8EA-B4F4-4A86-BBA4-8943E7F572BF}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9E585A28-A6E6-43DE-A1DE-B9A8D3683627}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ACDB7FAC-6B0D-44C9-A5C6-0D76F1280DC1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B661DA2B-7D63-4375-B16F-6BBC897840B4}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{C678ECCB-1BA6-4AD5-9F92-653F0FA85D68}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CF3C9125-9391-4EF2-BE18-CF5996EB0D0E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D42129D2-F41B-45D2-942B-79C7D3222748}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{D53D4B7F-AED7-41B3-95A9-20022E4FCF50}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{F377F3BD-834E-460B-9EE9-745AB933E38D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F88866A6-211F-4C69-98FD-092D51DB1A3B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{019F574D-B542-4FD5-A4CF-09815D8E4DB7}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{154C01A2-0FEE-47C7-A12B-D5C01C1239C8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{94A0B690-C76A-470D-8707-833809743274}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{9ACAF55F-9672-4B44-9B11-3C94203B0B03}C:\program files\microprose\risiko ii\riskii.icd" = protocol=6 | dir=in | app=c:\program files\microprose\risiko ii\riskii.icd |
"TCP Query User{C7429DE0-B195-4A63-B47A-4593AFC9F3AB}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{FA0841A9-42AB-4F2A-A39E-5D26753C492B}C:\users\sommer\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\sommer\program files\dna\btdna.exe |
"UDP Query User{008CD2E9-47A1-4E4D-B877-34115D6E0459}C:\program files\microprose\risiko ii\riskii.icd" = protocol=17 | dir=in | app=c:\program files\microprose\risiko ii\riskii.icd |
"UDP Query User{14480D39-44D2-4461-94EB-2E699DF49CB3}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{3096F6D1-E3E9-48A3-A6E8-554C1F61F5AC}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{3F26720A-D46F-43A5-9227-F31ED52E16C0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{577AB4F1-4743-43A5-BCA1-9B1FD74BDFA6}C:\users\sommer\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\sommer\program files\dna\btdna.exe |
"UDP Query User{5CEC4972-6EEE-4883-AD3A-5FEFB25B6B52}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0590BB91-B280-4BAB-95D7-D6558117D27C}" = SA304x Device Manager
"{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}" = SA304x Media Converter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8FF800ED-97BB-4F68-AC79-A3CD20496157}" = SchoolDays
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{B72CF634-2F89-478A-86E7-96F80CDAF284}" = SA304x Media Converter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"RealAlt_is1" = Real Alternative 1.9.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Veoh Web Player Beta" = Veoh Web Player
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.05.2010 09:19:14 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 22.05.2010 09:19:55 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =
Error - 23.05.2010 08:27:15 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Icv.exe, Version 0.0.0.0, Zeitstempel 0x4a19d3f2,
fehlerhaftes Modul msvcrt.dll, Version 7.0.6001.18000, Zeitstempel 0x4791a727,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a1b4, Prozess-ID 0x44c, Anwendungsstartzeit
01cafa7345fbde09.
Error - 23.05.2010 08:27:17 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Icw.exe, Version 0.0.0.0, Zeitstempel 0x49b6f3e3,
fehlerhaftes Modul MSVCRT.DLL, Version 7.0.6001.18000, Zeitstempel 0x4791a727,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a1b4, Prozess-ID 0x7a8, Anwendungsstartzeit
01cafa7347c81289.
Error - 23.05.2010 09:36:57 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.05.2010 09:36:57 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.05.2010 09:37:13 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =
Error - 23.05.2010 15:46:54 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.05.2010 15:46:54 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.05.2010 15:48:10 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =
< End of report >
|
|
25.05.2010, 19:53
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | sdra64.exe Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKCU..\Run: [hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] C:\Users\Sommer\AppData\Local\Temp\idiox5j.exe File not found
O33 - MountPoints2\{6ecb3626-ad1f-11de-80e1-00238b6321c7}\Shell - "" = AutoRun
O33 - MountPoints2\{6ecb3626-ad1f-11de-80e1-00238b6321c7}\Shell\AutoRun\command - "" = F:\BOOT.EXE -- File not found
O33 - MountPoints2\{94d78459-ca00-11de-bda1-00225f5c4026}\Shell - "" = AutoRun
O33 - MountPoints2\{94d78459-ca00-11de-bda1-00225f5c4026}\Shell\AutoRun\command - "" = F:\BOOT.EXE -- File not found
[2010.05.24 11:25:21 | 000,000,000 | ---D | C] -- C:\Users\Sommer\AppData\Local\DNA
[2010.05.24 11:25:20 | 000,000,000 | ---D | C] -- C:\Users\Sommer\AppData\Roaming\DNA
[2010.05.24 00:01:30 | 000,000,000 | -HSD | C] -- C:\Users\Sommer\AppData\Roaming\lowsec
[2010.05.24 14:58:54 | 000,000,256 | -H-- | M] () -- C:\Windows\System32\LTAW14FN.BIN
[2010.05.24 14:58:54 | 000,000,256 | -H-- | M] () -- C:\Windows\System32\FJLTAFOU.BIN
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> sdra64.exe |
|
25.05.2010, 21:36
| #7 |
| | sdra64.exeCode:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\hsfe8owijfisjhgs7ye39gjsoighsd7y3eu deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ecb3626-ad1f-11de-80e1-00238b6321c7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ecb3626-ad1f-11de-80e1-00238b6321c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ecb3626-ad1f-11de-80e1-00238b6321c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ecb3626-ad1f-11de-80e1-00238b6321c7}\ not found.
File F:\BOOT.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94d78459-ca00-11de-bda1-00225f5c4026}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94d78459-ca00-11de-bda1-00225f5c4026}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94d78459-ca00-11de-bda1-00225f5c4026}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94d78459-ca00-11de-bda1-00225f5c4026}\ not found.
File F:\BOOT.EXE not found.
C:\Users\Sommer\AppData\Local\DNA\Cache folder moved successfully.
C:\Users\Sommer\AppData\Local\DNA folder moved successfully.
C:\Users\Sommer\AppData\Roaming\DNA folder moved successfully.
C:\Users\Sommer\AppData\Roaming\lowsec folder moved successfully.
C:\Windows\System32\LTAW14FN.BIN moved successfully.
C:\Windows\System32\FJLTAFOU.BIN moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Sommer
->Temp folder emptied: 3687568 bytes
->Temporary Internet Files folder emptied: 165006075 bytes
->FireFox cache emptied: 45876418 bytes
->Flash cache emptied: 41636 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6211614882 bytes
RecycleBin emptied: 11101 bytes
Total Files Cleaned = 6.129,00 mb
OTL by OldTimer - Version 3.2.5.0 log created on 05252010_222616
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
26.05.2010, 09:01
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | sdra64.exe Ok, dann mach mal jetzt mit CF weiter: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.05.2010, 12:43
| #9 | |
| | sdra64.exeZitat:
Code:
ATTFilter ComboFix 10-05-25.03 - Sommer 26.05.2010 12:41:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2908.1856 [GMT 2:00]
ausgeführt von:: c:\users\Sommer\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Sommer\AppData\Roaming\020000006ac3f672922C.manifest
c:\users\Sommer\AppData\Roaming\020000006ac3f672922O.manifest
c:\users\Sommer\AppData\Roaming\020000006ac3f672922P.manifest
c:\users\Sommer\AppData\Roaming\020000006ac3f672922S.manifest
----- BITS: Eventuell infizierte Webseiten -----
hxxp://bike-alm.de
hxxp://solaruploader.net
.
((((((((((((((((((((((( Dateien erstellt von 2010-04-26 bis 2010-05-26 ))))))))))))))))))))))))))))))
.
2010-05-26 10:20 . 2010-05-26 10:20 -------- d-----w- c:\program files\CCleaner
2010-05-25 20:30 . 2010-05-26 10:38 -------- d-----w- c:\users\Sommer\AppData\Roaming\DNA
2010-05-25 20:30 . 2010-05-25 20:30 -------- d-----w- c:\users\Sommer\AppData\Local\DNA
2010-05-25 20:26 . 2010-05-25 20:26 -------- d-----w- C:\_OTL
2010-05-25 12:42 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-25 12:42 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-24 17:44 . 2010-05-24 17:44 -------- d-----w- C:\rsit
2010-05-24 17:44 . 2010-05-24 17:44 -------- d-----w- c:\program files\trend micro
2010-05-24 16:46 . 2010-05-24 16:46 -------- d-----w- c:\users\Sommer\AppData\Roaming\Malwarebytes
2010-05-24 16:45 . 2010-05-25 12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-24 16:45 . 2010-05-24 16:45 -------- d-----w- c:\programdata\Malwarebytes
2010-05-24 13:13 . 2010-05-24 13:13 -------- d-----w- c:\users\Sommer\AppData\Roaming\Fujitsu
2010-05-24 13:13 . 2010-05-24 13:13 -------- d-----w- c:\users\Sommer\AppData\Local\Fujitsu
2010-05-17 13:42 . 2010-05-23 22:18 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-17 13:42 . 2010-05-17 13:39 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-17 13:41 . 2010-05-17 13:43 -------- d-----w- c:\users\Sommer\AppData\Roaming\DivX
2010-05-17 13:39 . 2010-05-23 22:17 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-17 13:39 . 2010-05-23 22:18 -------- d-----w- c:\programdata\DivX
2010-05-12 14:05 . 2010-01-29 16:21 738304 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-01 06:38 . 2008-03-17 13:45 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2010-05-01 06:34 . 2010-05-01 06:34 -------- d-----w- c:\users\Sommer\AppData\Roaming\Nero
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 10:46 . 2008-01-21 07:15 618442 ----a-w- c:\windows\system32\perfh007.dat
2010-05-26 10:46 . 2008-01-21 07:15 122842 ----a-w- c:\windows\system32\perfc007.dat
2010-05-26 10:00 . 2009-10-07 18:29 680 ----a-w- c:\users\Sommer\AppData\Local\d3d9caps.dat
2010-05-24 17:01 . 2009-03-27 15:26 71528 ----a-w- c:\users\Sommer\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-24 16:19 . 2009-09-01 22:28 -------- d-----w- c:\users\Sommer\AppData\Roaming\BitTorrent
2010-05-24 16:19 . 2009-09-28 15:24 -------- d-----w- c:\users\Sommer\AppData\Roaming\GetRightToGo
2010-05-24 16:19 . 2009-03-29 00:12 -------- d-----w- c:\users\Sommer\AppData\Roaming\Template
2010-05-24 16:19 . 2009-09-01 22:26 -------- d-----w- c:\users\Sommer\AppData\Roaming\uTorrent
2010-05-24 09:59 . 2009-09-29 17:58 53248 ----a-r- c:\users\Sommer\AppData\Roaming\Microsoft\Installer\{8FF800ED-97BB-4F68-AC79-A3CD20496157}\NewShortcut3_8FF800ED97BB4F68AC79A3CD20496157.exe
2010-05-24 09:59 . 2009-09-29 17:58 53248 ----a-r- c:\users\Sommer\AppData\Roaming\Microsoft\Installer\{8FF800ED-97BB-4F68-AC79-A3CD20496157}\NewShortcut2_8FF800ED97BB4F68AC79A3CD20496157.exe
2010-05-24 09:59 . 2009-09-29 17:58 53248 ----a-r- c:\users\Sommer\AppData\Roaming\Microsoft\Installer\{8FF800ED-97BB-4F68-AC79-A3CD20496157}\NewShortcut1_8FF800ED97BB4F68AC79A3CD20496157.exe
2010-05-24 09:59 . 2009-09-29 17:58 10134 ----a-r- c:\users\Sommer\AppData\Roaming\Microsoft\Installer\{8FF800ED-97BB-4F68-AC79-A3CD20496157}\ARPPRODUCTICON.exe
2010-05-23 22:18 . 2009-04-04 08:31 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-05-13 01:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-13 01:01 . 2008-10-10 13:25 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 09:21 . 2009-10-03 08:34 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-05 16:23 . 2009-09-10 16:30 -------- d-----w- c:\programdata\PMB Files
2010-05-02 08:58 . 2009-03-27 19:40 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-01 06:39 . 2008-10-10 13:20 -------- d-----w- c:\programdata\Nero
2010-05-01 06:39 . 2008-10-10 13:20 -------- d-----w- c:\program files\Common Files\Nero
2010-05-01 06:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-04-12 16:18 . 2009-04-18 18:12 -------- d-----w- c:\users\Sommer\AppData\Roaming\.anki
2010-04-08 21:52 . 2010-04-08 21:52 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-04-07 02:29 . 2009-03-27 18:32 8146 ----a-w- c:\users\Sommer\AppData\Roaming\wklnhst.dat
2010-04-03 20:52 . 2010-04-03 20:58 258352 ----a-w- c:\windows\system32\unicows.dll
2010-04-01 12:35 . 2010-04-01 12:35 -------- d-----w- c:\users\Sommer\AppData\Roaming\NeopleLauncherDFO
2010-03-09 16:28 . 2010-03-30 23:23 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-03-30 23:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-03-30 23:23 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-04 18:54 . 2010-04-14 14:24 430080 ----a-w- c:\windows\system32\vbscript.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"fsc-reg"="c:\fsc-reg\fscreg.exe" [2008-08-01 380688]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-01 2937528]
"BitTorrent DNA"="c:\users\Sommer\Program Files\DNA\btdna.exe" [2010-04-01 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-16 6253088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
"FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-06-18 268096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\fsc-reg\fscreg.exe" [2008-08-01 380688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-05 691696]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-02-18 2769658]
R3 XDva285;XDva285;c:\windows\system32\XDva285.sys [x]
R3 XDva295;XDva295;c:\windows\system32\XDva295.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 FSCLBaseUpdaterService;FSCLBaseUpdaterService;c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [2007-06-04 65536]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2008-06-26 337920]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {CA38EC3E-4521-4876-B18E-8C3D9B92694C} - hxxp://ongamenet.com/uploadfiles/service/module/OGNChatModule.cab
FF - ProfilePath - c:\users\Sommer\AppData\Roaming\Mozilla\Firefox\Profiles\ikjg0ue5.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\users\Sommer\Program Files\DNA\plugins\npbtdna.dll
FF - plugin: c:\users\Sommer\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-26 13:13
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Zeit der Fertigstellung: 2010-05-26 13:15:49
ComboFix-quarantined-files.txt 2010-05-26 11:15
Vor Suchlauf: 13 Verzeichnis(se), 42.052.046.848 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 41.581.785.088 Bytes frei
- - End Of File - - 694601B03494981F95A6A9BB46E7C748
|
|
26.05.2010, 17:57
| #11 |
| | sdra64.exe GMER Logfile: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-26 18:25:30
Windows 6.0.6001 Service Pack 1
Running: 7ix0mhve.exe; Driver: C:\Users\Sommer\AppData\Local\Temp\uxryqpoc.sys
---- System - GMER 1.0.15 ----
SSDT A83F5D34 ZwCreateThread
SSDT A83F5D20 ZwOpenProcess
SSDT A83F5D25 ZwOpenThread
SSDT A83F5D2F ZwTerminateProcess
INT 0x72 ? 8627EBF8
INT 0x82 ? 8627EBF8
INT 0x92 ? 84646BF8
INT 0x92 ? 84646BF8
INT 0x92 ? 84646BF8
INT 0x92 ? 84646BF8
INT 0x92 ? 8627EBF8
INT 0x92 ? 8627EBF8
INT 0x92 ? 8627EBF8
INT 0x92 ? 84646BF8
INT 0xA2 ? 8627EBF8
INT 0xB2 ? 8627EBF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 454 82300B18 4 Bytes [34, 5D, 3F, A8]
.text ntkrnlpa.exe!KeSetTimerEx + 624 82300CE8 4 Bytes [20, 5D, 3F, A8]
.text ntkrnlpa.exe!KeSetTimerEx + 640 82300D04 4 Bytes [25, 5D, 3F, A8]
.text ntkrnlpa.exe!KeSetTimerEx + 854 82300F18 4 Bytes [2F, 5D, 3F, A8]
? System32\Drivers\spss.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8E5D446F 5 Bytes JMP 8627E1D8
.text a1jp5hta.SYS 8A17D000 22 Bytes [26, C2, 21, 82, 10, C1, 21, ...]
.text a1jp5hta.SYS 8A17D017 181 Bytes [00, 32, A7, 78, 80, 3D, A5, ...]
.text a1jp5hta.SYS 8A17D0CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text a1jp5hta.SYS 8A17D0DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text a1jp5hta.SYS 8A17D0E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1816] kernel32.dll!SetUnhandledExceptionFilter 76866E2D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068E6D6] \SystemRoot\System32\Drivers\spss.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068E042] \SystemRoot\System32\Drivers\spss.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068E800] \SystemRoot\System32\Drivers\spss.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068E0C0] \SystemRoot\System32\Drivers\spss.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068E13E] \SystemRoot\System32\Drivers\spss.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069DB90] \SystemRoot\System32\Drivers\spss.sys
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortWritePortUchar] 838A1A3F
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8A1A10
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\a1jp5hta.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 854061F8
Device \FileSystem\fastfat \FatCdrom 8705D500
Device \Driver\volmgr \Device\VolMgrControl 846481F8
Device \Driver\usbuhci \Device\USBPDO-0 8630C1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{1CBCFD11-E818-43B0-B559-B1218B3299E8} 86A19500
Device \Driver\usbuhci \Device\USBPDO-1 8630C1F8
Device \Driver\usbuhci \Device\USBPDO-2 8630C1F8
Device \Driver\usbehci \Device\USBPDO-3 861901F8
Device \Driver\usbuhci \Device\USBPDO-4 8630C1F8
Device \Driver\usbuhci \Device\USBPDO-5 8630C1F8
Device \Driver\usbuhci \Device\USBPDO-6 8630C1F8
Device \Driver\volmgr \Device\HarddiskVolume1 846481F8
Device \Driver\usbehci \Device\USBPDO-7 861901F8
Device \Driver\volmgr \Device\HarddiskVolume2 846481F8
Device \Driver\cdrom \Device\CdRom0 8628A1F8
Device \Driver\volmgr \Device\HarddiskVolume3 846481F8
Device \Driver\cdrom \Device\CdRom1 8628A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 854041F8
Device \Driver\atapi \Device\Ide\IdePort0 854041F8
Device \Driver\atapi \Device\Ide\IdePort1 854041F8
Device \Driver\atapi \Device\Ide\IdePort2 854041F8
Device \Driver\atapi \Device\Ide\IdePort3 854041F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 854041F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 854051F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 854051F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 854051F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 854051F8
Device \Driver\netbt \Device\NetBT_Tcpip_{0E914C0A-0899-4E6D-8671-13B2FE1F3BA6} 86A19500
Device \Driver\netbt \Device\NetBt_Wins_Export 86A19500
Device \Driver\Smb \Device\NetbiosSmb 86B8C1F8
Device \Driver\PCI_PNP2936 \Device\0000004e spss.sys
Device \Driver\iScsiPrt \Device\RaidPort0 862971F8
Device \Driver\usbuhci \Device\USBFDO-0 8630C1F8
Device \Driver\usbuhci \Device\USBFDO-1 8630C1F8
Device \Driver\sptd \Device\1412044948 spss.sys
Device \Driver\usbuhci \Device\USBFDO-2 8630C1F8
Device \Driver\usbehci \Device\USBFDO-3 861901F8
Device \Driver\usbuhci \Device\USBFDO-4 8630C1F8
Device \Driver\usbuhci \Device\USBFDO-5 8630C1F8
Device \Driver\usbuhci \Device\USBFDO-6 8630C1F8
Device \Driver\usbehci \Device\USBFDO-7 861901F8
Device \Driver\a1jp5hta \Device\Scsi\a1jp5hta1Port5Path0Target0Lun0 863CE500
Device \Driver\a1jp5hta \Device\Scsi\a1jp5hta1 863CE500
Device \FileSystem\fastfat \Fat 8705D500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs 84ECF1F8
---- Threads - GMER 1.0.15 ----
Thread System [4:2160] A9B628C8
Thread System [4:2164] A9B628C8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7F 0x85 0x21 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x05 0x73 0xF5 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x37 0x40 0x48 0x77 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5E 0xFE 0x2B 0x85 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x05 0x73 0xF5 0x5D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x37 0x40 0x48 0x77 ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:46:03 on 26.05.2010 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 3.5.9 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a1jp5hta" (a1jp5hta) - "Microsoft Corporation" - C:\Windows\system32\drivers\a1jp5hta.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Sommer\AppData\Local\Temp\catchme.sys (File not found) "EagleNT" (EagleNT) - ? - C:\Users\Sommer\AppData\Local\Temp\EagleNT.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "Player Recovery Device Control Driver" (StMp3Rec) - "Generic" - C:\Windows\System32\Drivers\StMp3Rec.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "uxryqpoc" (uxryqpoc) - ? - C:\Users\Sommer\AppData\Local\Temp\uxryqpoc.sys (Hidden registry entry, rootkit activity | File not found) "XDva285" (XDva285) - ? - C:\Windows\system32\XDva285.sys (File not found) "XDva295" (XDva295) - ? - C:\Windows\system32\XDva295.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CA38EC3E-4521-4876-B18E-8C3D9B92694C} "OGNChatModule Control" - "(주)온게임네트워크" - C:\Windows\DOWNLO~1\OGNCHA~1.OCX / hxxp://ongamenet.com/uploadfiles/service/module/OGNChatModule.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) {DBC80044-A445-435b-BC74-9C25C1C588A9} "{DBC80044-A445-435b-BC74-9C25C1C588A9}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Sommer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "BitTorrent DNA" - "BitTorrent, Inc." - "C:\Users\Sommer\Program Files\DNA\btdna.exe" "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "fsc-reg" - "Fujitsu Siemens" - C:\fsc-reg\fscreg.exe 20100522 "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background "Pando Media Booster" - ? - C:\Program Files\Pando Networks\Media Booster\PMB.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "FSC OSD Utility" - "Quanta Computer Inc." - c:\PROGRA~1\FSCOSD~1\OSDUTI~1.EXE "FSCRecovery" - "Fujitsu Siemens Computers GmbH" - c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe " Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "FSCLBaseUpdaterService" (FSCLBaseUpdaterService) - ? - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
26.05.2010, 18:57
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | sdra64.exe Sieht auch ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.05.2010, 23:20
| #13 |
| | sdra64.exeCode:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4145
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18702
26.05.2010 21:33:19
mbam-log-2010-05-26 (21-33-19).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 217027
Laufzeit: 1 Stunde(n), 4 Minute(n), 13 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com
Generiert 05/27/2010 bei 00:11 AM
Version der Applikation : 4.37.1000
Version der Kern-Datenbank : 4992
Version der Spur-Datenbank : 2804
Scan Art : kompletter Scann
Totale Scann-Zeit : 01:57:27
Gescannte Speicherelemente : 623
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 5611
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 162713
Erfasste Datei-Elemente : 0
|
|
27.05.2010, 18:34
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | sdra64.exe Sehr schön, keine Funde  Wenn der Rechner soweit wieder normal läuft bitte unbedingt die Updates prüfen; Dir fehlt da min. das SP2 für Vista! Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.05.2010, 22:12
| #15 |
| | sdra64.exe Wird erledigt, 'n herzliches Danke Mr. Ankathete/Hypotenuse. ^^ Ach und, welche der Programme soll ich beibehalten? Neben meinem Antivir noch Malwarebytes? |
|
| Themen zu sdra64.exe |
| adobe, antivir, antivir guard, avg, avira, bho, defender, desktop, dll, explorer, google, hijack, hkus\s-1-5-18, installation, internet, internet explorer, local\temp, microsoft, norman, pando media booster, plug-in, problem, programme, rundll, senden, software, system, vista, windows |
Linear-Darstellung
