| |
| |||||||
Log-Analyse und Auswertung: Exploit: Java/CVE-2009-3867 / TrojanDownloader:Java/OpenStream.F !Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
11.10.2010, 00:05
| #16 |
 |  Exploit: Java/CVE-2009-3867 / TrojanDownloader:Java/OpenStream.F ! Nun habe ich heute, obwohl vor ein paar Tagen nichts gefunden wurde, wieder einen JavaExploit durch Security Essentials gefunden... SASW und Malwarebytes haben nichts gefunden... Object: Exploit:Java/CVE-2010-0094.J containerfile:C:\Users\Markus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\50fe1a02-43792c3f file:C:\Users\Markus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\50fe1a02-43792c3f->a02cca0dac6.class HiJack-This-Log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 01:04:54, on 11.10.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\System32\Ctxfihlp.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Windows\SYSTEM32\CTXFISPI.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Markus\Desktop\HiJackThis204.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 4235 bytes danke |
|
11.10.2010, 00:11
| #17 |
| | Exploit: Java/CVE-2009-3867 / TrojanDownloader:Java/OpenStream.F ! OTL-Logs
__________________Code:
ATTFilter OTL logfile created on: 11.10.2010 01:09:03 - Run 3 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Markus\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 107,42 Gb Total Space | 75,62 Gb Free Space | 70,40% Space Free | Partition Type: NTFS Drive D: | 38,10 Gb Total Space | 1,54 Gb Free Space | 4,05% Space Free | Partition Type: NTFS Drive E: | 51,38 Gb Total Space | 0,84 Gb Free Space | 1,64% Space Free | Partition Type: NTFS Drive F: | 205,08 Gb Total Space | 139,96 Gb Free Space | 68,25% Space Free | Partition Type: NTFS Drive G: | 38,10 Gb Total Space | 8,77 Gb Free Space | 23,01% Space Free | Partition Type: NTFS Drive H: | 16,97 Gb Total Space | 0,67 Gb Free Space | 3,92% Space Free | Partition Type: NTFS Drive I: | 48,83 Gb Total Space | 9,30 Gb Free Space | 19,05% Space Free | Partition Type: NTFS Drive J: | 48,83 Gb Total Space | 48,75 Gb Free Space | 99,82% Space Free | Partition Type: NTFS Drive K: | 107,42 Gb Total Space | 102,61 Gb Free Space | 95,52% Space Free | Partition Type: NTFS Drive L: | 278,72 Gb Total Space | 20,71 Gb Free Space | 7,43% Space Free | Partition Type: NTFS Drive M: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MARKUS-PC Current User Name: Markus Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Users\Markus\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\System32\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Modules (SafeList) ========== MOD - C:\Users\Markus\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.) DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.) DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.) DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D 70 9A 1C 71 66 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.17 01:31:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.09 14:23:36 | 000,000,000 | ---D | M] [2009.12.05 14:14:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\mozilla\Extensions [2010.10.10 23:33:09 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\6qbgrghf.default\extensions [2010.05.27 14:04:10 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\6qbgrghf.default\extensions\eafo3fflauncher@ea.com [2010.07.21 14:53:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.07.16 01:54:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.16 01:54:27 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.14 01:47:18 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.14 01:47:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.14 01:47:18 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.14 01:47:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.14 01:47:18 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.11.11 23:18:15 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.09.10 23:33:59 | 000,000,000 | R--D | M] - M:\AutoRun -- [ UDF ] O32 - AutoRun File - [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - M:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2010.09.10 23:34:02 | 007,864,832 | R--- | M] () - M:\autorun.dat -- [ UDF ] O32 - AutoRun File - [2010.09.10 23:33:38 | 000,000,141 | R--- | M] () - M:\autorun.inf -- [ UDF ] O33 - MountPoints2\{446e6145-e194-11de-b510-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{446e6145-e194-11de-b510-806e6f6e6963}\Shell\AutoRun\command - "" = M:\AutoRun.exe -- [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.09 14:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010.10.09 14:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010.10.09 14:22:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.10.01 14:12:15 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\FIFA 11 [2010.10.01 14:11:14 | 000,000,000 | RH-D | C] -- C:\Users\Markus\AppData\Roaming\SecuROM [2010.10.01 12:38:18 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Leadertech [2010.09.29 12:25:09 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys [2010.09.29 12:17:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.09.20 00:01:59 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\LucasArts [2009.06.04 01:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.11 01:09:43 | 002,359,296 | -HS- | M] () -- C:\Users\Markus\NTUSER.DAT [2010.10.10 12:47:32 | 000,014,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.10 12:47:32 | 000,014,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.10 12:40:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.10.10 12:40:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.10 12:39:58 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys [2010.10.10 02:14:52 | 000,054,280 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx [2010.10.10 02:14:52 | 000,054,280 | ---- | M] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx [2010.10.10 02:14:52 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx [2010.10.10 02:14:27 | 010,101,178 | -H-- | M] () -- C:\Users\Markus\AppData\Local\IconCache.db [2010.10.09 14:23:36 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.03 22:38:30 | 000,194,065 | ---- | M] () -- C:\Users\Markus\Documents\ts3_clientui-win32-12451-2010-10-03 22_38_27.708984.dmp [2010.10.01 14:10:59 | 000,001,092 | ---- | M] () -- C:\Users\Markus\Desktop\FIFA 11.lnk [2010.09.29 15:43:26 | 000,138,968 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.09.29 15:43:17 | 000,214,592 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010.09.29 02:17:57 | 000,005,775 | ---- | M] () -- C:\Users\Markus\.recently-used.xbel [2010.09.27 20:12:40 | 000,123,978 | ---- | M] () -- C:\Users\Markus\Documents\caguild.png [2010.09.27 20:08:42 | 000,012,761 | ---- | M] () -- C:\Users\Markus\Documents\bg.png [2010.09.27 20:08:26 | 000,210,167 | ---- | M] () -- C:\Users\Markus\Documents\bg.xcf [2010.09.27 19:52:36 | 000,127,983 | ---- | M] () -- C:\Users\Markus\Documents\ca.png [2010.09.24 22:09:44 | 023,760,428 | ---- | M] () -- C:\Users\Markus\Desktop\ts3_recording_10_09_24_22_2_55.wav [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.09 14:23:36 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.03 22:38:27 | 000,194,065 | ---- | C] () -- C:\Users\Markus\Documents\ts3_clientui-win32-12451-2010-10-03 22_38_27.708984.dmp [2010.10.01 14:10:59 | 000,001,092 | ---- | C] () -- C:\Users\Markus\Desktop\FIFA 11.lnk [2010.09.29 02:17:57 | 000,005,775 | ---- | C] () -- C:\Users\Markus\.recently-used.xbel [2010.09.27 20:12:40 | 000,123,978 | ---- | C] () -- C:\Users\Markus\Documents\caguild.png [2010.09.27 20:08:42 | 000,012,761 | ---- | C] () -- C:\Users\Markus\Documents\bg.png [2010.09.27 20:08:26 | 000,210,167 | ---- | C] () -- C:\Users\Markus\Documents\bg.xcf [2010.09.27 19:52:36 | 000,127,983 | ---- | C] () -- C:\Users\Markus\Documents\ca.png [2010.09.24 22:02:57 | 023,760,428 | ---- | C] () -- C:\Users\Markus\Desktop\ts3_recording_10_09_24_22_2_55.wav [2010.07.03 19:22:26 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.07.03 19:22:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.06.11 20:12:24 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2010.06.11 20:12:24 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2010.06.11 20:12:24 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.12.30 20:03:49 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.12.05 14:28:35 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2009.12.05 14:28:35 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2009.12.05 14:28:05 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIGER.DLL [2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009.09.28 10:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.04 02:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini [2009.06.04 02:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini [2009.06.04 01:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll [2009.05.27 10:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini [2004.08.13 10:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys < End of report > |
|
11.10.2010, 09:38
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Exploit: Java/CVE-2009-3867 / TrojanDownloader:Java/OpenStream.F ! Sieht unauffällig aus. Warst Du auf bestimmten/dubiosen Seiten als die Meldungen über den Java-Cache kamen? Java ist aktuell bei Dir?
__________________
__________________ |
|
11.10.2010, 17:28
| #19 |
| | Exploit: Java/CVE-2009-3867 / TrojanDownloader:Java/OpenStream.F ! ja 6 21 gruß |
|
11.10.2010, 17:29
| #20 |
| | Exploit: Java/CVE-2009-3867 / TrojanDownloader:Java/OpenStream.F ! das war aber das zweite mal, wie du an den alten posts siehst... warum kommt sowas aber vor? gruß |
|
11.10.2010, 19:55
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploit: Java/CVE-2009-3867 / TrojanDownloader:Java/OpenStream.F !Zitat:
__________________ --> Exploit: Java/CVE-2009-3867 / TrojanDownloader:Java/OpenStream.F ! |
|
12.10.2010, 12:58
| #22 |
| | Exploit: Java/CVE-2009-3867 / TrojanDownloader:Java/OpenStream.F ! Was ist denn bitte heute noch als seriös zu bezeichnen. Bei so gut wie jeder Seite werden Popups von irgend welchen "Love-Finder"-Seiten reingeschoben, welche kein Popupblocker blockieren kann... Ich überprüfe fast jeden 2. Tag meinen PC und hab einmal auf so ein Popup geklickt von sonem Lovefinderdringens... vllt. stammt das Teil von da. Muss ich aber noch irgendwelche Vorkehrungen treffen bzw. war die Javaversion aktuell genug ums zu blocken?? gruß |
|
12.10.2010, 13:34
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploit: Java/CVE-2009-3867 / TrojanDownloader:Java/OpenStream.F !Zitat:
Halte Dich am besten auch grob an diese fünf Regeln: 1) Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!! 2) Halte Windows und alle verwendeten Programme immer aktuell 3) Führe regelmäßig Backups auf externe Medien durch 4) Arbeite mit eingeschränkten Rechten 5) Nutze sichere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.10.2010, 15:40
| #24 |
| | Exploit: Java/CVE-2009-3867 / TrojanDownloader:Java/OpenStream.F ! Hmm... ich habe mir angeblich schon wieder einen JavaExploit eingefangen, diesmal CVE-2009-3867.LS Wo kommt der scheiß andauernd her? die Datei wurde sogar schon am 08.10. erstellt. Ich habe meine Javaversion grad überprüft und musste feststellen, dass ich 6 Update 21 habe... warum updatet sich das bitte nicht automatisch? hat das jetzt iwas angreifen können? Die Datei wurde angeblich schon wie o.g. erstellt aber damals machte ich einen Suchlauf und da war die Datei nicht infiziert... HijackThis Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:37:08, on 19.10.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\Ctxfihlp.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Windows\SYSTEM32\CTXFISPI.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Markus\Desktop\HiJackThis204.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 4235 bytes Code:
ATTFilter OTL logfile created on: 19.10.2010 16:39:14 - Run 4 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Markus\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 107,42 Gb Total Space | 76,58 Gb Free Space | 71,29% Space Free | Partition Type: NTFS Drive D: | 38,10 Gb Total Space | 1,54 Gb Free Space | 4,05% Space Free | Partition Type: NTFS Drive E: | 51,38 Gb Total Space | 0,84 Gb Free Space | 1,64% Space Free | Partition Type: NTFS Drive F: | 205,08 Gb Total Space | 153,23 Gb Free Space | 74,72% Space Free | Partition Type: NTFS Drive G: | 38,10 Gb Total Space | 8,77 Gb Free Space | 23,01% Space Free | Partition Type: NTFS Drive H: | 16,97 Gb Total Space | 0,67 Gb Free Space | 3,92% Space Free | Partition Type: NTFS Drive I: | 48,83 Gb Total Space | 9,30 Gb Free Space | 19,05% Space Free | Partition Type: NTFS Drive J: | 48,83 Gb Total Space | 48,75 Gb Free Space | 99,82% Space Free | Partition Type: NTFS Drive K: | 107,42 Gb Total Space | 102,61 Gb Free Space | 95,52% Space Free | Partition Type: NTFS Drive L: | 278,72 Gb Total Space | 49,43 Gb Free Space | 17,73% Space Free | Partition Type: NTFS Drive M: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MARKUS-PC Current User Name: Markus Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Users\Markus\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\System32\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Modules (SafeList) ========== MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Users\Markus\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\srvcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\slc.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\EhStorShell.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.) DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.) DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.) DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D 70 9A 1C 71 66 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.17 01:31:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.09 14:23:36 | 000,000,000 | ---D | M] [2009.12.05 14:14:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\mozilla\Extensions [2010.10.18 17:29:50 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\6qbgrghf.default\extensions [2010.05.27 14:04:10 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\6qbgrghf.default\extensions\eafo3fflauncher@ea.com [2010.07.21 14:53:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.07.16 01:54:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.16 01:54:27 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.14 01:47:18 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.14 01:47:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.14 01:47:18 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.14 01:47:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.14 01:47:18 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.11.11 23:18:15 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.09.10 23:33:59 | 000,000,000 | R--D | M] - M:\AutoRun -- [ UDF ] O32 - AutoRun File - [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - M:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2010.09.10 23:34:02 | 007,864,832 | R--- | M] () - M:\autorun.dat -- [ UDF ] O32 - AutoRun File - [2010.09.10 23:33:38 | 000,000,141 | R--- | M] () - M:\autorun.inf -- [ UDF ] O33 - MountPoints2\{446e6145-e194-11de-b510-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{446e6145-e194-11de-b510-806e6f6e6963}\Shell\AutoRun\command - "" = M:\AutoRun.exe -- [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.13 08:15:01 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.13 08:15:01 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.13 08:15:01 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.13 08:15:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.13 08:15:00 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.13 08:15:00 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.13 08:15:00 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.13 08:15:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.13 08:15:00 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.13 08:15:00 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.13 08:15:00 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.13 08:13:24 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.13 08:13:24 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.13 07:51:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.13 07:47:53 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.13 07:47:13 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.13 07:46:51 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.10.13 07:45:54 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll [2010.10.09 14:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010.10.09 14:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010.10.01 14:12:15 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\FIFA 11 [2010.10.01 14:11:14 | 000,000,000 | RH-D | C] -- C:\Users\Markus\AppData\Roaming\SecuROM [2010.10.01 12:38:18 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Leadertech [2010.09.29 12:25:09 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys [2010.09.29 12:17:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.09.20 00:01:59 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\LucasArts [2009.06.04 01:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.19 16:39:29 | 002,359,296 | -HS- | M] () -- C:\Users\Markus\NTUSER.DAT [2010.10.19 13:02:33 | 000,014,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.19 13:02:33 | 000,014,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.19 12:55:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.10.19 12:54:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.19 12:54:55 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys [2010.10.19 02:27:29 | 000,054,280 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx [2010.10.19 02:27:29 | 000,054,280 | ---- | M] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx [2010.10.19 02:27:29 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx [2010.10.19 02:27:06 | 002,104,396 | -H-- | M] () -- C:\Users\Markus\AppData\Local\IconCache.db [2010.10.14 21:58:11 | 000,058,368 | ---- | M] () -- C:\Users\Markus\Desktop\ZUSAMMENFASSUNG KA1.doc [2010.10.13 12:07:37 | 000,286,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.13 09:55:08 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.10.12 17:26:23 | 000,000,727 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft Beta.lnk [2010.10.09 14:23:36 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.03 22:38:30 | 000,194,065 | ---- | M] () -- C:\Users\Markus\Documents\ts3_clientui-win32-12451-2010-10-03 22_38_27.708984.dmp [2010.10.01 14:10:59 | 000,001,092 | ---- | M] () -- C:\Users\Markus\Desktop\FIFA 11.lnk [2010.09.29 15:43:26 | 000,138,968 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.09.29 15:43:17 | 000,214,592 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010.09.29 02:17:57 | 000,005,775 | ---- | M] () -- C:\Users\Markus\.recently-used.xbel [2010.09.27 20:12:40 | 000,123,978 | ---- | M] () -- C:\Users\Markus\Documents\caguild.png [2010.09.27 20:08:42 | 000,012,761 | ---- | M] () -- C:\Users\Markus\Documents\bg.png [2010.09.27 20:08:26 | 000,210,167 | ---- | M] () -- C:\Users\Markus\Documents\bg.xcf [2010.09.27 19:52:36 | 000,127,983 | ---- | M] () -- C:\Users\Markus\Documents\ca.png [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.14 21:57:56 | 000,058,368 | ---- | C] () -- C:\Users\Markus\Desktop\ZUSAMMENFASSUNG KA1.doc [2010.10.12 15:19:39 | 000,000,727 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft Beta.lnk [2010.10.12 14:44:40 | 000,003,838 | ---- | C] () -- C:\ProgramData\driverinfo.txt [2010.10.09 14:23:36 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.03 22:38:27 | 000,194,065 | ---- | C] () -- C:\Users\Markus\Documents\ts3_clientui-win32-12451-2010-10-03 22_38_27.708984.dmp [2010.10.01 14:10:59 | 000,001,092 | ---- | C] () -- C:\Users\Markus\Desktop\FIFA 11.lnk [2010.09.29 02:17:57 | 000,005,775 | ---- | C] () -- C:\Users\Markus\.recently-used.xbel [2010.09.27 20:12:40 | 000,123,978 | ---- | C] () -- C:\Users\Markus\Documents\caguild.png [2010.09.27 20:08:42 | 000,012,761 | ---- | C] () -- C:\Users\Markus\Documents\bg.png [2010.09.27 20:08:26 | 000,210,167 | ---- | C] () -- C:\Users\Markus\Documents\bg.xcf [2010.09.27 19:52:36 | 000,127,983 | ---- | C] () -- C:\Users\Markus\Documents\ca.png [2010.07.03 19:22:26 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.07.03 19:22:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.06.11 20:12:24 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2010.06.11 20:12:24 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2010.06.11 20:12:24 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.12.30 20:03:49 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.12.05 14:28:35 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2009.12.05 14:28:35 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2009.12.05 14:28:05 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIGER.DLL [2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009.09.28 10:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.04 02:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini [2009.06.04 02:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini [2009.06.04 01:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll [2009.05.27 10:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini [2004.08.13 10:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys < End of report > gruß |
|
19.10.2010, 15:41
| #25 |
| | Exploit: Java/CVE-2009-3867 / TrojanDownloader:Java/OpenStream.F ! Extra-Log Code:
ATTFilter OTL Extras logfile created on: 19.10.2010 16:39:14 - Run 4
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Markus\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,42 Gb Total Space | 76,58 Gb Free Space | 71,29% Space Free | Partition Type: NTFS
Drive D: | 38,10 Gb Total Space | 1,54 Gb Free Space | 4,05% Space Free | Partition Type: NTFS
Drive E: | 51,38 Gb Total Space | 0,84 Gb Free Space | 1,64% Space Free | Partition Type: NTFS
Drive F: | 205,08 Gb Total Space | 153,23 Gb Free Space | 74,72% Space Free | Partition Type: NTFS
Drive G: | 38,10 Gb Total Space | 8,77 Gb Free Space | 23,01% Space Free | Partition Type: NTFS
Drive H: | 16,97 Gb Total Space | 0,67 Gb Free Space | 3,92% Space Free | Partition Type: NTFS
Drive I: | 48,83 Gb Total Space | 9,30 Gb Free Space | 19,05% Space Free | Partition Type: NTFS
Drive J: | 48,83 Gb Total Space | 48,75 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
Drive K: | 107,42 Gb Total Space | 102,61 Gb Free Space | 95,52% Space Free | Partition Type: NTFS
Drive L: | 278,72 Gb Total Space | 49,43 Gb Free Space | 17,73% Space Free | Partition Type: NTFS
Drive M: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MARKUS-PC
Current User Name: Markus
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2BEB102E-F9CD-4881-984B-E288F66FD394}" = Quake Live Mozilla Plugin
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudioCS" = Creative Audio-Systemsteuerung
"CCleaner" = CCleaner
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"Diablo II" = Diablo II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Steam App 2130" = Dark Messiah Might and Magic Multi-Player
"Steam App 220" = Half-Life 2
"Steam App 28000" = Kane & Lynch 2: Dog Days
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 32360" = The Secret of Monkey Island: Special Edition
"Steam App 32460" = Monkey Island 2: Special Edition
"Steam App 50130" = Mafia II
"Steam App 550" = Left 4 Dead 2
"Steam App 8190" = Just Cause 2
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
"Wireshark" = Wireshark 1.2.5
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"World of Warcraft Public Test" = World of Warcraft Public Test
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Puzzle Pirates" = Puzzle Pirates
"SOE-EverQuest II Streaming" = EverQuest II
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.10.2010 12:54:46 | Computer Name = Markus-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Blizzard Downloader.exe, Version:
2.2.1.1373, Zeitstempel: 0x4cad43a1 Name des fehlerhaften Moduls: Blizzard Downloader.exe,
Version: 2.2.1.1373, Zeitstempel: 0x4cad43a1 Ausnahmecode: 0xc0000417 Fehleroffset:
0x000b7d26 ID des fehlerhaften Prozesses: 0xac8 Startzeit der fehlerhaften Anwendung:
0x01cb6af7553ae32e Pfad der fehlerhaften Anwendung: L:\World of Warcraft\Blizzard
Downloader.exe Pfad des fehlerhaften Moduls: L:\World of Warcraft\Blizzard Downloader.exe
Berichtskennung:
951ca27f-d6ea-11df-9d80-0018f36857aa
Error - 14.10.2010 06:06:04 | Computer Name = Markus-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Blizzard Downloader.exe, Version:
2.2.1.1373, Zeitstempel: 0x4cad43a1 Name des fehlerhaften Moduls: Blizzard Downloader.exe,
Version: 2.2.1.1373, Zeitstempel: 0x4cad43a1 Ausnahmecode: 0xc0000417 Fehleroffset:
0x000b7d26 ID des fehlerhaften Prozesses: 0x378 Startzeit der fehlerhaften Anwendung:
0x01cb6b87601e2f76 Pfad der fehlerhaften Anwendung: L:\World of Warcraft\Blizzard
Downloader.exe Pfad des fehlerhaften Moduls: L:\World of Warcraft\Blizzard Downloader.exe
Berichtskennung:
a744a407-d77a-11df-8ffc-0018f36857aa
Error - 14.10.2010 09:26:15 | Computer Name = Markus-PC | Source = Application Hang | ID = 1002
Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 990 Startzeit:
01cb6ba350eebc6c Endzeit: 25 Anwendungspfad: C:\Program Files\GIMP-2.0\bin\gimp-2.6.exe
Berichts-ID:
99aa0e51-d796-11df-8ffc-0018f36857aa
Error - 14.10.2010 10:35:46 | Computer Name = Markus-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3909 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d88 Startzeit:
01cb6ba543566033 Endzeit: 12 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
5257701d-d7a0-11df-8ffc-0018f36857aa
Error - 14.10.2010 20:51:15 | Computer Name = Markus-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Blizzard Downloader.exe, Version:
2.2.1.1373, Zeitstempel: 0x4cad43a1 Name des fehlerhaften Moduls: Blizzard Downloader.exe,
Version: 2.2.1.1373, Zeitstempel: 0x4cad43a1 Ausnahmecode: 0xc0000417 Fehleroffset:
0x000b7d26 ID des fehlerhaften Prozesses: 0xef8 Startzeit der fehlerhaften Anwendung:
0x01cb6c0304761c6b Pfad der fehlerhaften Anwendung: L:\World of Warcraft\Blizzard
Downloader.exe Pfad des fehlerhaften Moduls: L:\World of Warcraft\Blizzard Downloader.exe
Berichtskennung:
4fcde5a1-d7f6-11df-9778-0018f36857aa
Error - 15.10.2010 08:44:50 | Computer Name = Markus-PC | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 4.0.1.13164 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 70 Startzeit: 01cb6c668a6b20b8
Endzeit:
0 Anwendungspfad: L:\World of Warcraft\Wow.exe Berichts-ID: eca3f6d7-d859-11df-95bd-0018f36857aa
Error - 15.10.2010 08:44:50 | Computer Name = Markus-PC | Source = Application Hang | ID = 1002
Description = Programm WoW.exe, Version 4.0.1.13164 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 894 Startzeit:
01cb6c640081da04 Endzeit: 0 Anwendungspfad: L:\World of Warcraft\WoW.exe Berichts-ID:
b53a3531-d859-11df-95bd-0018f36857aa
Error - 15.10.2010 08:47:05 | Computer Name = Markus-PC | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 4.0.1.13164 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c1c Startzeit:
01cb6c66c1739465 Endzeit: 132 Anwendungspfad: L:\World of Warcraft\Wow.exe Berichts-ID:
4cc85c76-d85a-11df-95bd-0018f36857aa
Error - 16.10.2010 08:28:18 | Computer Name = Markus-PC | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 4.0.1.13164 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a08 Startzeit:
01cb6d2675501d22 Endzeit: 0 Anwendungspfad: L:\World of Warcraft\Wow.exe Berichts-ID:
824021fc-d920-11df-9f01-0018f36857aa
Error - 17.10.2010 16:06:29 | Computer Name = Markus-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3909 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a18 Startzeit:
01cb6e29b466e39e Endzeit: 10 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
04c14c41-da2a-11df-9aab-0018f36857aa
[ Media Center Events ]
Error - 24.07.2010 21:04:27 | Computer Name = Markus-PC | Source = MCUpdate | ID = 0
Description = 03:04:24 - Fehler beim Herstellen der Internetverbindung. 03:04:24
- Serververbindung konnte nicht hergestellt werden..
Error - 24.07.2010 22:04:32 | Computer Name = Markus-PC | Source = MCUpdate | ID = 0
Description = 04:04:31 - Fehler beim Herstellen der Internetverbindung. 04:04:31
- Serververbindung konnte nicht hergestellt werden..
Error - 24.07.2010 23:04:37 | Computer Name = Markus-PC | Source = MCUpdate | ID = 0
Description = 05:04:36 - Fehler beim Herstellen der Internetverbindung. 05:04:36
- Serververbindung konnte nicht hergestellt werden..
Error - 25.07.2010 00:04:41 | Computer Name = Markus-PC | Source = MCUpdate | ID = 0
Description = 06:04:41 - Fehler beim Herstellen der Internetverbindung. 06:04:41
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 12.06.2010 19:35:50 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen
aktuellen Status gemeldet: 0
Error - 13.06.2010 08:21:06 | Computer Name = Markus-PC | Source = volsnap | ID = 393245
Description = Die Schattenkopien von Volume "C:" wurde während der Ermittlung abgebrochen.
Error - 13.06.2010 08:21:07 | Computer Name = Markus-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 13.06.2010 08:34:04 | Computer Name = Markus-PC | Source = bowser | ID = 8003
Description =
Error - 13.06.2010 08:48:02 | Computer Name = Markus-PC | Source = bowser | ID = 8003
Description =
Error - 13.06.2010 09:00:12 | Computer Name = Markus-PC | Source = bowser | ID = 8003
Description =
Error - 13.06.2010 11:33:48 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen
aktuellen Status gemeldet: 0
Error - 13.06.2010 16:34:08 | Computer Name = Markus-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 13.06.2010 17:58:17 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen
aktuellen Status gemeldet: 0
Error - 14.06.2010 11:56:15 | Computer Name = Markus-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
< End of report >
|
|
19.10.2010, 17:44
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploit: Java/CVE-2009-3867 / TrojanDownloader:Java/OpenStream.F ! Mach mal nen Durchang mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.10.2010, 20:34
| #27 |
| | Exploit: Java/CVE-2009-3867 / TrojanDownloader:Java/OpenStream.F ! moin... konnte das erst jetzt lesen. Warum soll ich einen ComboFix-Durchlauf machen? Ich habe gehört, dass man das nur bei Notfällen macht oder Verdachtsfälle, gruß |
|
19.10.2010, 20:45
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploit: Java/CVE-2009-3867 / TrojanDownloader:Java/OpenStream.F ! Ja es ist ja auch ein Notfall  So wirklich kann ich mir die Funde noch nicht erklären, denn die OTL-Logs sind unauffällig oder ich zu blind und deswegen könnte CF da Aufschluss bringen. Wir können das Ganze auch sein lassen und du machst ein format c: wenn Dir das lieber ist 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.10.2010, 20:46
| #29 |
| | Exploit: Java/CVE-2009-3867 / TrojanDownloader:Java/OpenStream.F ! ich beeile mich nur lädt die datei mit 8 kb/s runter... |
|
19.10.2010, 21:15
| #30 |
| | Exploit: Java/CVE-2009-3867 / TrojanDownloader:Java/OpenStream.F ! ComboFix-Log Code:
ATTFilter ComboFix 10-10-18.06 - Markus 19.10.2010 22:08:10.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3071.2170 [GMT 2:00]
ausgeführt von:: c:\users\Markus\Desktop\cofi.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\install.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-09-19 bis 2010-10-19 ))))))))))))))))))))))))))))))
.
2010-10-19 20:11 . 2010-10-19 20:12 -------- d-----w- c:\users\Markus\AppData\Local\temp
2010-10-19 19:36 . 2010-10-19 19:36 -------- d-----w- c:\program files\CCleaner
2010-10-19 13:37 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07FB13FE-E11C-442D-8EA0-35263BDC5881}\mpengine.dll
2010-10-13 06:13 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 06:13 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 05:53 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 05:53 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 05:53 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 05:53 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 05:52 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 05:52 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 05:51 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 05:51 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 05:51 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-13 05:47 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 05:47 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 05:47 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 05:46 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 05:45 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-09 12:23 . 2010-10-09 12:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-01 12:11 . 2010-10-01 12:11 -------- d--h--r- c:\users\Markus\AppData\Roaming\SecuROM
2010-10-01 10:38 . 2010-10-01 10:38 -------- d-----w- c:\users\Markus\AppData\Roaming\Leadertech
2010-09-29 10:25 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 10:17 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 10:17 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-19 22:01 . 2010-09-24 15:46 -------- d-----w- c:\users\Markus\AppData\Roaming\LucasArts
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-05 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-11-23 74480]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6qbgrghf.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
AddRemove-SOE-EverQuest II Streaming - l:\programdata\Sony Online Entertainment\Installed Games\EverQuest II\Uninstaller.exe
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2671611268-1187605280-3052518699-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2671611268-1187605280-3052518699-1000\Software\SecuROM\License information*]
"datasecu"=hex:b7,63,19,17,84,48,f7,25,82,49,bc,11,06,5d,93,ed,69,c9,7c,9f,91,
6b,20,c7,94,5f,fe,42,09,5a,e5,f1,13,35,aa,e7,ea,47,ff,67,75,8f,c9,8b,96,2c,\
"rkeysecu"=hex:3e,ce,47,8e,0f,3a,a0,ef,f2,c9,92,80,4b,da,4d,c0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-10-19 22:13:09
ComboFix-quarantined-files.txt 2010-10-19 20:13
Vor Suchlauf: 6 Verzeichnis(se), 81.845.014.528 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 81.755.811.840 Bytes frei
- - End Of File - - 7CD18124700A3187A9183987511C8444
gruß und nein, ich weiß nicht für was Install.exe nochmal war ^^ |
|
| Themen zu Exploit: Java/CVE-2009-3867 / TrojanDownloader:Java/OpenStream.F ! |
| antivir, bho, desktop, downloader, explorer, firefox, helper, hijackthis, internet, internet explorer, log, logfile, malwarebytes, micro, microsoft, microsoft security, microsoft security essentials, mozilla, neue, nvidia, plug-in, programme, security, security scan, software, system, windows, windows xp, winlogon |
Linear-Darstellung
