| |
| |||||||
Log-Analyse und Auswertung: wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständigWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
20.06.2010, 16:24
| #1 |
 |  wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig Hi, das ist mein erster Post hier, und zwar aus dem Grund, dass ich mir vor zwei Tagen höchstwahrscheinlich Malware über ICQ eingefangen habe. Seitdem öffnet sich sehr häufig der Internet Explorer selbstständig mit diverser Werbung. In einer Mischung aus Verzweiflung, Panik und Dummheit (...DAU...) habe ich versucht, irgendwelche mir unbekannten Dateien zu löschen. Erst danach konnte ich mich besinnen und bin auf der Suche nach Hilfe auf dieses Board gestoßen. Ich hoffe, dass ich dadurch nicht alles noch verschlimmert habe und ihr mir trotzdem noch helfen könnt. 1) CCleaner habe ich schon benutzt 2) Malwarebytes-Anti-Malware auch ausgeführt: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4217 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 20.06.2010 16:40:58 mbam-log-2010-06-20 (16-40-58).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 149998 Laufzeit: 19 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Users\UseR\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows firewall service (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Public\winscdnr.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\UseR\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\UseR\AppData\Local\Temp\Avr.exe (Trojan.FakeAlert) -> Delete on reboot. 3) RSIT (habe ein 32bit-System): siehe Anhang so, ich hoffe die ersten Schritte habe ich alle richtig befolgt und jetzt bleibt nur noch zu hoffen, dass mir jemand von euch helfen kann, ich wäre wirklich extrem dankbar dafür  Grüße, sebbual |
|
20.06.2010, 18:45
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
21.06.2010, 17:26
| #3 |
| | wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständigCode:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4219
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
21.06.2010 01:35:40
mbam-log-2010-06-21 (01-35-40).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 362151
Laufzeit: 2 Stunde(n), 39 Minute(n), 40 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 15
Infizierte Speicherprozesse:
C:\Users\Public\winscrsn.exe (Trojan.Inject) -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows system updates (Trojan.Inject) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Public\winscrsn.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\0492.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\1989.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\3335.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\3596.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\3793.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\4583.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\5071.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\5144.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\5732.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\6046.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\7865.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\7874.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\7912.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\8863.exe (Trojan.Inject) -> Quarantined and deleted successfully.
Code:
ATTFilter OTL logfile created on: 21.06.2010 18:15:10 - Run 1 OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\UseR\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111.44 Gb Total Space | 7.26 Gb Free Space | 6.52% Space Free | Partition Type: NTFS Drive D: | 106.40 Gb Total Space | 28.56 Gb Free Space | 26.84% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-PC Current User Name: UseR Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\UseR\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () PRC - C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.) PRC - C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) PRC - C:\Users\UseR\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Program Files\Winstep\WsxService.exe (Winstep Software Technologies) PRC - C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.) PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\System32\wercon.exe (Microsoft Corporation) PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\ACER\Mobility Center\MobilityService.exe () PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Program Files\RocketDock\RocketDock.exe () PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) ========== Modules (SafeList) ========== MOD - C:\Users\UseR\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (Winstep Xtreme Service) -- C:\Program Files\Winstep\WsxService.exe (Winstep Software Technologies) SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.) SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (wip0204) -- C:\Windows\System32\drivers\wip0204.sys (Wippien Software) DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.) DRV - (vfs101x) -- C:\Windows\System32\drivers\vfs101x.sys (Validity Sensors, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. ) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys () DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com/hxxp://www.google.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.kleeblatt-forum.de/" FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 8 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.08 16:35:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.18 17:13:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.21 20:51:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.06.18 17:13:08 | 000,000,000 | ---D | M] [2008.06.19 15:30:43 | 000,000,000 | ---D | M] -- C:\Users\UseR\AppData\Roaming\mozilla\Extensions [2010.06.20 23:01:39 | 000,000,000 | ---D | M] -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions [2009.06.04 15:11:48 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009.08.22 20:06:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.27 23:57:56 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.09.19 09:17:07 | 000,000,000 | ---D | M] (firefix) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{343CB0C5-DA79-42ea-8FC8-BBA1CFCD2829} [2010.02.09 19:59:57 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2008.11.02 18:50:58 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2009.07.25 13:33:21 | 000,000,000 | ---D | M] -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\askopensearch-VTS@ask.com [2009.09.27 14:15:30 | 000,000,000 | ---D | M] -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\firefox@tvunetworks.com [2010.02.09 20:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions [2010.02.09 20:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions [2010.02.09 20:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions [2010.02.09 20:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions [2010.05.27 12:35:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.01.23 22:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.27 12:35:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.05.27 12:34:33 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010.03.13 01:28:18 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.13 01:28:19 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.13 01:28:19 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.13 01:28:19 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.13 01:28:19 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.05.17 16:30:47 | 000,000,029 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [Windows System Updates] C:\Users\Public\winscrsn.exe File not found O4 - Startup: C:\Users\UseR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Miranda IM.lnk = C:\Program Files\Miranda IM\miranda32.exe ( ) O4 - Startup: C:\Users\UseR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1 O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - CLSID or File not found. O24 - Desktop WallPaper: C:\Users\UseR\Bluetooth Software\Pictures\ShirtFFSpring09KickBlack2.jpg O24 - Desktop BackupWallPaper: C:\Users\UseR\Bluetooth Software\Pictures\ShirtFFSpring09KickBlack2.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{04dad287-db1b-11dd-94a4-001e4cd61bea}\Shell - "" = AutoRun O33 - MountPoints2\{04dad287-db1b-11dd-94a4-001e4cd61bea}\Shell\AutoRun\command - "" = F:\S3\Autorun.exe -- File not found O33 - MountPoints2\{6c22b373-083a-11de-b87d-001e4cd61bea}\Shell - "" = AutoRun O33 - MountPoints2\{6c22b373-083a-11de-b87d-001e4cd61bea}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{8426f62e-05c2-11df-9363-913c67c5ad42}\Shell\AutoRun\command - "" = G:\Menu.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.21 18:12:22 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\UseR\Desktop\OTL.exe [2010.06.20 17:58:01 | 000,000,000 | ---D | C] -- C:\Users\UseR\Desktop\paul kalkbrenner [2010.06.20 17:44:31 | 000,000,000 | ---D | C] -- C:\Users\UseR\Desktop\dub [2010.06.20 15:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010.06.20 15:57:41 | 000,000,000 | ---D | C] -- C:\rsit [2010.06.19 20:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2010.06.19 20:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.06.19 20:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010.06.19 18:21:30 | 000,000,000 | ---D | C] -- C:\Users\UseR\Desktop\Neuer Ordner [2010.06.18 18:34:08 | 000,000,000 | ---D | C] -- C:\Users\UseR\AppData\Roaming\Malwarebytes [2010.06.18 18:33:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.06.18 18:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.18 18:33:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.06.18 18:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.06.11 14:21:39 | 000,000,000 | ---D | C] -- C:\Users\UseR\Desktop\NobleM [2010.06.11 13:22:00 | 000,000,000 | R--D | C] -- C:\Users\UseR\Desktop\Bratze - Kraft [2010.06.09 14:03:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.06.09 13:30:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.06.09 13:30:40 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.06.09 13:30:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.06.09 13:30:36 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.06.09 13:30:36 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.06.09 13:30:36 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.06.09 13:30:35 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.06.09 13:30:35 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.06.09 13:30:35 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.06.09 13:30:35 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010.06.09 13:30:35 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.06.09 13:30:35 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.06.09 13:30:35 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.06.09 13:30:35 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.06.09 13:30:27 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2010.06.09 13:30:24 | 002,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.06.08 18:20:32 | 000,000,000 | ---D | C] -- C:\Users\UseR\Desktop\The Dance Inc. - The Fighting [2010.06.08 15:46:00 | 000,000,000 | ---D | C] -- C:\Users\UseR\Documents\u [2010.06.06 15:47:25 | 000,000,000 | ---D | C] -- C:\Users\UseR\Desktop\chewychocolatecookies [2010.05.27 12:36:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.05.27 12:35:39 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.05.27 12:35:38 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.05.27 12:35:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.05.27 12:35:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.05.26 10:32:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.05.23 14:48:48 | 000,000,000 | ---D | C] -- C:\Users\UseR\Desktop\Radical Hype [2010.05.23 12:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Graffiti Studio 2.0 ========== Files - Modified Within 30 Days ========== [2010.06.21 18:16:42 | 001,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.21 18:16:42 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.21 18:16:42 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.21 18:16:42 | 000,122,648 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.21 18:16:42 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.21 18:14:29 | 003,670,016 | ---- | M] () -- C:\Users\UseR\NTUSER.DAT [2010.06.21 18:12:56 | 000,048,992 | ---- | M] () -- C:\Users\UseR\AppData\Roaming\nvModes.001 [2010.06.21 18:12:24 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\UseR\Desktop\OTL.exe [2010.06.21 18:10:28 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.21 18:10:28 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2010.06.21 18:10:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.21 18:10:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.21 18:10:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.21 18:10:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.21 18:10:06 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2010.06.21 17:50:39 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.06.21 17:00:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.21 01:36:43 | 000,524,288 | -HS- | M] () -- C:\Users\UseR\NTUSER.DAT{c60c19a7-b3d6-11de-abb7-001e4cd61bea}.TMContainer00000000000000000001.regtrans-ms [2010.06.21 01:36:43 | 000,065,536 | -HS- | M] () -- C:\Users\UseR\NTUSER.DAT{c60c19a7-b3d6-11de-abb7-001e4cd61bea}.TM.blf [2010.06.21 01:36:30 | 003,317,355 | -H-- | M] () -- C:\Users\UseR\AppData\Local\IconCache.db [2010.06.20 18:38:37 | 000,002,721 | ---- | M] () -- C:\Users\UseR\.recently-used.xbel [2010.06.20 18:34:30 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4CB0668D-0C3B-4AA0-9AF4-ADEA5698541B}.job [2010.06.20 15:01:44 | 000,165,376 | ---- | M] () -- C:\Windows\Anozua.exe [2010.06.20 14:34:00 | 000,042,178 | ---- | M] () -- C:\Users\UseR\Desktop\601_0.JPG [2010.06.19 22:18:31 | 000,000,256 | ---- | M] () -- C:\Windows\wininit.ini [2010.06.19 21:14:54 | 007,970,885 | ---- | M] () -- C:\Users\UseR\Sven_Bomwollen.rar [2010.06.10 23:48:14 | 000,000,787 | ---- | M] () -- C:\Users\UseR\Desktop\Miranda IM.lnk [2010.06.10 23:46:01 | 000,074,240 | ---- | M] () -- C:\Users\UseR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.10 17:51:38 | 000,318,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.05.28 18:16:48 | 000,048,992 | ---- | M] () -- C:\Users\UseR\AppData\Roaming\nvModes.dat [2010.05.28 12:29:58 | 000,008,997 | ---- | M] () -- C:\Users\UseR\Desktop\medionmobile.odt [2010.05.27 12:34:33 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.05.27 12:34:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.05.27 12:34:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.05.27 12:34:32 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.05.26 18:16:50 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.05.26 16:25:15 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.05.23 12:05:33 | 000,000,024 | ---- | M] () -- C:\Windows\AM_D8.PRF ========== Files Created - No Company Name ========== [2010.06.20 18:38:37 | 000,002,721 | ---- | C] () -- C:\Users\UseR\.recently-used.xbel [2010.06.20 15:02:20 | 000,165,376 | ---- | C] () -- C:\Windows\Anozua.exe [2010.06.20 14:27:03 | 000,042,178 | ---- | C] () -- C:\Users\UseR\Desktop\601_0.JPG [2010.06.19 21:32:44 | 000,000,256 | ---- | C] () -- C:\Windows\wininit.ini [2010.05.29 08:01:30 | 000,000,787 | ---- | C] () -- C:\Users\UseR\Desktop\Miranda IM.lnk [2010.05.28 12:29:55 | 000,008,997 | ---- | C] () -- C:\Users\UseR\Desktop\medionmobile.odt [2010.05.23 12:05:33 | 000,000,024 | ---- | C] () -- C:\Windows\AM_D8.PRF [2010.01.20 16:05:44 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.05.05 17:07:45 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2009.01.05 13:20:14 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.09.24 15:22:33 | 000,000,044 | ---- | C] () -- C:\Windows\odbcddp.ini [2008.09.24 14:45:05 | 000,001,511 | ---- | C] () -- C:\Windows\ODBC.INI [2008.09.24 14:44:25 | 000,000,145 | ---- | C] () -- C:\Windows\KLETT.INI [2008.07.28 14:00:37 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008.06.17 17:14:40 | 000,000,675 | ---- | C] () -- C:\Windows\HAMMER.INI [2008.06.09 20:48:43 | 000,000,035 | ---- | C] () -- C:\Windows\WorldBuilder.INI [2008.04.30 18:19:07 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2008.04.30 18:19:07 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008.04.30 18:14:52 | 001,548,099 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2008.03.02 02:52:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.03.02 02:52:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.03.02 02:07:47 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.03.02 02:02:44 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.03.01 17:37:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.11.20 16:24:52 | 000,159,744 | ---- | C] () -- C:\Windows\gdf.dll [2007.11.14 15:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll [2007.04.24 18:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:FEBEC560 < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.06.2010 18:15:10 - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\UseR\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 7.26 Gb Free Space | 6.52% Space Free | Partition Type: NTFS
Drive D: | 106.40 Gb Total Space | 28.56 Gb Free Space | 26.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-PC
Current User Name: UseR
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Users\UseR\Downloads\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Users\UseR\Downloads\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C35374A-FAA1-4C93-B257-4DC2E9C7469B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3D5F351A-0265-4529-82D3-166EF394C09A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5514CC37-1D90-4B8A-8B5F-14ED59D7DC10}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93357A75-1E24-4B6A-B099-87A597329153}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9AC722CA-2806-4003-98BD-03F7E9247355}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9221726-B65F-47E9-A367-F25AEF92EEE3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD53168F-706B-428D-AD30-64CFB697ACAF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DDD86073-21E3-42B4-A23B-CBB92497B784}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FF32B348-BE63-4857-90E6-EC3ED586DA7C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0293BA5B-0BB3-4B7C-97DC-0FC5A0740014}" = protocol=17 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat |
"{0297915E-2996-4EE1-8B7E-905428ECA199}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05A5ECA6-6092-4BBC-85CE-6BDA5F758282}" = protocol=6 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat |
"{09256CFE-A0A7-4FA6-87C1-CCD9F07EA8D9}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{0E92EB7A-9CA0-4CDC-936B-63D3BAE681E2}" = protocol=6 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe |
"{1CB58AD0-103A-46C7-B049-856E172D71D6}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{1DBC5960-E110-4A86-9087-83212E9BF2EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2345779B-58C8-4576-88DC-EF52EA22D48C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{27905E4E-1316-49A6-A2E6-A1147FE2AE96}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{29DAE8CE-1904-470A-B951-95BB60E8FDB4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E9828C7-C09A-4F91-A30C-2D90003257D3}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{2EB929B5-CEF2-4BE6-BD52-F7F047B9FB53}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{34D8FC82-E8C8-4CCD-B2AC-4CCD7B972BD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37943B51-2FA8-44C9-9828-15697579F9A0}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{3CE6014B-D830-483A-9803-ACE5B70FACB3}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{412BC7EB-6986-4C55-A238-17E0DE2A66FC}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{44C5A4DA-A7DF-409A-BF75-44950D867499}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4EEC58DF-F90D-40E5-B15F-8EF49A3B4D67}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{52198524-6C1A-473E-ADA9-4C9BD05B49FA}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{55A8975D-44C3-49D3-A751-E2690A05C8CB}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{6AF76C7F-A502-415B-8B37-2FCF17B4DBEE}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{6F2108F8-BEC7-46F8-AF6F-44AD70AF3DC5}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{703BD8C6-78CE-462B-BE5A-136EFC1AEAD1}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{7205D839-C4E1-4B05-9132-021B3ADD91C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78C4359D-458A-4615-832F-CEE3F725847E}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{79675A6A-0A15-4E09-A213-FF6A561DA062}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{7B8E3539-60D1-4671-9736-41489579324F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{7E53915A-D0C2-486F-AEDC-29D62C7F7C6C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{7F848D6C-5AE2-47A4-B7DB-ACFC1786DDDC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{816A277F-51A8-49C7-9676-8E2C049645AA}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{8344E125-7EB8-44C0-B102-E1504769857F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{907BF8A8-5D4C-46AF-AC28-6858B79E75E9}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{97738E25-FAA4-4DA6-ADA6-26C5591F2905}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{97FA0EA2-D0B4-4602-8054-B73D03F12859}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{9A7A195D-33C4-4022-9A9F-F355D96EB9F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C8C0801-C4B6-4C15-80E5-6F5ACF0CEC6A}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{A94B8AFF-906A-4F30-BF87-D3DA7B818BE6}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{B12429AA-5C94-4188-AEB3-51EA15EBD31A}" = protocol=6 | dir=out | app=system |
"{B73B0C36-F8D9-4285-B49E-2B8EBF6E34E9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BAA54BE4-50A0-4E6C-9913-D0921989AA9B}" = protocol=17 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe |
"{BABCBCCC-6F9B-4C87-9D17-4BF35F366D47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5B1D504-305D-4717-B9B7-67780601AE61}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{D26299D5-10A1-4C5E-A45D-FFAD412997FA}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{DC94DC8C-D4C1-47F7-AE16-A7F87A1C5192}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{EA61ACBE-71FF-466A-B779-DC435280A5E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FDA51519-8BA7-4E32-848B-0E3F754DAAAC}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{FE56BF29-494F-4563-ACFA-CD8A0D7ACB10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0026D7AE-1A50-4291-BF72-84213786D515}C:\users\user\saved games\cs\hl.exe" = protocol=6 | dir=in | app=c:\users\user\saved games\cs\hl.exe |
"TCP Query User{0136F24A-4C21-4872-93E9-4C14521D5CC9}C:\program files\vgnoffline2010\programme\efaserver.exe" = protocol=6 | dir=in | app=c:\program files\vgnoffline2010\programme\efaserver.exe |
"TCP Query User{12504714-F9C4-4D8C-A5B2-C9109FFDD835}C:\program files\empire interactive\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\program files\empire interactive\flatout2\flatout2.exe |
"TCP Query User{1CD4B219-8D91-4B1E-892F-BFBA313C170B}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{49A3472F-A158-4C61-A19B-AB675101EEAA}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{6A9FCFB5-4A42-472E-8EC7-2B93917DA372}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{919DEF82-1436-4366-9B9E-71D2E77DE0E9}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{93654DF3-FC41-485E-9120-8E44EFBD8E05}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{97F3832A-9028-4824-9047-0F0E56C285AC}C:\program files\team17 software ltd\wormsfortsdemo\wf.exe" = protocol=6 | dir=in | app=c:\program files\team17 software ltd\wormsfortsdemo\wf.exe |
"TCP Query User{A092A5CD-7BA5-4052-A80C-BDB88B29EFCF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A6E18FA4-08BD-4A0A-8C05-D86D7882455B}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{A898F146-005F-430B-BE8D-F2841EB0C41D}E:\cs\hl.exe" = protocol=6 | dir=in | app=e:\cs\hl.exe |
"TCP Query User{B55BBF7C-269E-4F0F-BB96-6C11EC73FB86}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"TCP Query User{BED5E7EE-D0E7-443B-AA5B-CEA0DA44CB72}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{C8EC6BA7-D77C-4A1E-9B22-76811696A05E}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{D776B933-7B24-4E66-B7B0-06D21C56B77A}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{E76781C3-A0FE-4D55-906C-FA3A9FAE777D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{F12FFA0C-C921-4C0D-8798-301BF0DB59C6}C:\program files\java\jre1.6.0_06\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\java.exe |
"TCP Query User{F2E873ED-CC93-41F6-BDD7-2FDBA64192A9}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{F5E35949-2647-4934-8576-8D9AA427036C}D:\bluebyte\siedler3\s3.exe" = protocol=6 | dir=in | app=d:\bluebyte\siedler3\s3.exe |
"UDP Query User{02447EF8-D49E-49B3-A1F5-A28B381DFCBE}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{0258DE60-8F26-4AC3-9FF8-F5F76B495656}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{05A2AEC7-A5DD-4199-B8E1-465B59786F93}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{18477687-6AF2-4C29-9F85-4D27AB9A225E}C:\program files\empire interactive\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\program files\empire interactive\flatout2\flatout2.exe |
"UDP Query User{28376379-0AA4-4A03-B521-FE7CE03B2CB1}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{2B07C1C0-0F0F-4213-A03F-ACD16AC8B0B0}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{828E67E7-DBC5-49E0-B957-F279EDD7EB6D}C:\program files\java\jre1.6.0_06\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\java.exe |
"UDP Query User{8F46B48B-DD6B-4E66-A934-C9EE9279571A}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"UDP Query User{9FE5DFDD-B418-4673-90DB-992939733DFA}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{B44DE2E0-408E-400C-9445-2193487275BF}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{BD7B9EEC-4432-4051-899F-1401D50F0EDC}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{C03C06C2-D811-43B9-A3F8-57D90D0D4AF9}E:\cs\hl.exe" = protocol=17 | dir=in | app=e:\cs\hl.exe |
"UDP Query User{CAFF130D-ED33-4E38-BBEB-0828C61DA5E2}C:\program files\team17 software ltd\wormsfortsdemo\wf.exe" = protocol=17 | dir=in | app=c:\program files\team17 software ltd\wormsfortsdemo\wf.exe |
"UDP Query User{CBC5A18C-40C4-4A5F-8BB1-B99A43DC3A6A}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{D2552630-0DBE-4A16-8396-6951F0D3BD23}D:\bluebyte\siedler3\s3.exe" = protocol=17 | dir=in | app=d:\bluebyte\siedler3\s3.exe |
"UDP Query User{E1DE2B84-10E9-46D6-95C3-5CD210DB17BF}C:\users\user\saved games\cs\hl.exe" = protocol=17 | dir=in | app=c:\users\user\saved games\cs\hl.exe |
"UDP Query User{E45A4025-897E-498A-AE6E-F9CAF7DF2E3B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{EE300EE4-FC65-44D3-A628-3832501C2358}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{EF083C19-A85D-45C8-BBAF-B1E6544CD7F6}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{F4A7AD58-35A3-45F5-ADAC-9C4C4F6C793E}C:\program files\vgnoffline2010\programme\efaserver.exe" = protocol=17 | dir=in | app=c:\program files\vgnoffline2010\programme\efaserver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{49F2D7DE-0EEE-4411-8283-16BAAECF2079}" = Media Manager for WALKMAN 1.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E641E46-81DB-4D1D-906A-48342523051C}" = FlatOut2
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92C72ECF-B4BE-11D4-82B0-00A0C936A230}" = Dave Mirra Freestyle BMX
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DDB61-8868-46CF-BC36-BECC1674F0C1}" = Creative ZEN
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"1A5A977E511ED61600002E176F048ED6FCBD8560" = Windows-Treiberpaket - ITE Tech.Inc. (itecir) HIDClass (12/18/2007 5.0.0004.6)
"Acer Acer Bio Protection 6.0.00.08" = Acer Bio Protection
AAV 6.0.00.08
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AssaultCube_v1.0" = AssaultCube v1.0
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"FFOLKES Unlocks123 mod v1.4.1" = FFOLKES Unlocks123 mod v1.4.1
"Free Studio_is1" = Free Studio version 4.3
"Goldfinger 4" = Goldfinger 4
"Graffiti Studio 2.0_is1" = Graffiti Studio 2.0
"GridVista" = Acer GridVista
"IconPackager" = IconPackager
"ICQToolbar" = ICQ Toolbar
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.8.25
"Motocross Madness 2" = Microsoft Motocross Madness 2
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PhotoScape" = PhotoScape
"PokerTH 0.6.2" = PokerTH
"PokerTH 0.6.3" = PokerTH
"RocketDock_is1" = RocketDock 1.3.5
"RollerCoaster Tycoon Setup" = Roll
"S3" = Die Siedler III Gold Edition
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative Systeminformationen
"TmNationsForever_is1" = TmNationsForever
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.9
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"Winstep Xtreme_is1" = Winstep Xtreme 8.5
"XMoto" = X-Moto
"Zattoo" = Zattoo 3.3.4 Beta
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Winamp Detect" = Winamp Detector Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20.06.2010 14:51:57 | Computer Name = UseR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.06.2010 14:51:57 | Computer Name = UseR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.06.2010 16:56:24 | Computer Name = UseR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.06.2010 16:56:25 | Computer Name = UseR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.06.2010 16:56:34 | Computer Name = UseR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 21.06.2010 07:54:47 | Computer Name = UseR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 21.06.2010 07:54:47 | Computer Name = UseR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 21.06.2010 09:43:12 | Computer Name = UseR-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 21.06.2010 12:10:32 | Computer Name = UseR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 21.06.2010 12:10:32 | Computer Name = UseR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 20.06.2010 14:51:52 | Computer Name = UseR-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 20.06.2010 19:37:14 | Computer Name = UseR-PC | Source = Service Control Manager | ID = 7043
Description =
Error - 21.06.2010 07:54:07 | Computer Name = UseR-PC | Source = Application Popup | ID = 875
Description = Treiber sfvfs02.sys konnte nicht geladen werden.
Error - 21.06.2010 07:54:07 | Computer Name = UseR-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 21.06.2010 07:54:29 | Computer Name = UseR-PC | Source = HTTP | ID = 15016
Description =
Error - 21.06.2010 07:54:41 | Computer Name = UseR-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 21.06.2010 12:09:51 | Computer Name = UseR-PC | Source = Application Popup | ID = 875
Description = Treiber sfvfs02.sys konnte nicht geladen werden.
Error - 21.06.2010 12:09:51 | Computer Name = UseR-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 21.06.2010 12:10:15 | Computer Name = UseR-PC | Source = HTTP | ID = 15016
Description =
Error - 21.06.2010 12:10:26 | Computer Name = UseR-PC | Source = Service Control Manager | ID = 7026
Description =
[ TuneUp Events ]
Error - 08.02.2009 14:09:02 | Computer Name = UseR-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 08.02.2009 14:09:32 | Computer Name = UseR-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 09.02.2009 15:04:53 | Computer Name = UseR-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 09.02.2009 15:05:03 | Computer Name = UseR-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 09.02.2009 15:05:39 | Computer Name = UseR-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 09.02.2009 15:05:44 | Computer Name = UseR-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 09.02.2009 15:07:15 | Computer Name = UseR-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
< End of report >
|
|
24.06.2010, 19:32
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Windows System Updates] C:\Users\Public\winscrsn.exe File not found
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O33 - MountPoints2\{04dad287-db1b-11dd-94a4-001e4cd61bea}\Shell - "" = AutoRun
O33 - MountPoints2\{04dad287-db1b-11dd-94a4-001e4cd61bea}\Shell\AutoRun\command - "" = F:\S3\Autorun.exe -- File not found
O33 - MountPoints2\{6c22b373-083a-11de-b87d-001e4cd61bea}\Shell - "" = AutoRun
O33 - MountPoints2\{6c22b373-083a-11de-b87d-001e4cd61bea}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8426f62e-05c2-11df-9363-913c67c5ad42}\Shell\AutoRun\command - "" = G:\Menu.exe -- File not found
[2010.06.20 15:02:20 | 000,165,376 | ---- | C] () -- C:\Windows\Anozua.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Danach brauch ich den Quarantäneordner von OTL. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen! 2.) Ordner C:\_OTL in eine Datei zippen 3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.06.2010, 20:11
| #5 |
| | wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständigCode:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows System Updates deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Winamp Search\ deleted successfully.
C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04dad287-db1b-11dd-94a4-001e4cd61bea}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04dad287-db1b-11dd-94a4-001e4cd61bea}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04dad287-db1b-11dd-94a4-001e4cd61bea}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04dad287-db1b-11dd-94a4-001e4cd61bea}\ not found.
File F:\S3\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c22b373-083a-11de-b87d-001e4cd61bea}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c22b373-083a-11de-b87d-001e4cd61bea}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c22b373-083a-11de-b87d-001e4cd61bea}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c22b373-083a-11de-b87d-001e4cd61bea}\ not found.
File H:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8426f62e-05c2-11df-9363-913c67c5ad42}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8426f62e-05c2-11df-9363-913c67c5ad42}\ not found.
File G:\Menu.exe not found.
File C:\Windows\Anozua.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Gast
->Temp folder emptied: 2564018 bytes
->Temporary Internet Files folder emptied: 27849478 bytes
->Java cache emptied: 12 bytes
->FireFox cache emptied: 4433755 bytes
->Opera cache emptied: 343405 bytes
->Flash cache emptied: 3515 bytes
User: Max.UseR-PC
->Temp folder emptied: 899687646 bytes
->Temporary Internet Files folder emptied: 58812057 bytes
->Java cache emptied: 2139590 bytes
->FireFox cache emptied: 87205267 bytes
->Flash cache emptied: 173984 bytes
User: MAX~1~USE
->Temp folder emptied: 0 bytes
User: Public
User: UseR
->Temp folder emptied: 18165300 bytes
->Temporary Internet Files folder emptied: 28002839 bytes
->Java cache emptied: 2683987 bytes
->FireFox cache emptied: 36244254 bytes
->Google Chrome cache emptied: 7654850 bytes
->Opera cache emptied: 669454 bytes
->Flash cache emptied: 18105 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42106 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.122.00 mb
OTL by OldTimer - Version 3.2.6.1 log created on 06242010_205308
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Ich habe gerade etwas Probleme beim zippen des OTL-Ordners, da kommen bei mir immer die Meldungen "Konnte _OTL.rar nicht erstellen" und "Zugriff verweigert", was mache ich falsch? |
|
24.06.2010, 20:23
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständigZitat:
__________________ --> wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig |
|
24.06.2010, 20:28
| #7 | |
| | wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständigZitat:
|
|
24.06.2010, 20:30
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig Hm ok, dann lass es erstmal sein. Die Dateien, auf die ich scharf war, existierten zum zeitpunkt des Fixens eh nicht mehr  Mach bitte nun einen Durchgang mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.06.2010, 21:49
| #9 |
| | wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig Also ich weiß auch nicht was jetzt los ist: ich habe alle Anweisungen genau befolgt (ComboFix heruntergeladen, umbenannt, CCleaner, alle Programme aus, cofi.exe gestartet, Warnmeldungen bestätigt), dann als cofi.exe lief hab ich den PC verlassen (um WM zu schauen;-) ), aber als ich wiederkam, hatte der PC anscheinend neugestartet und es erschien dieser screen mit "Windows konnte nicht erfolgreich heruntergefahren werden" (oder so ähnlich, halt dieser wo man entscheiden kann zwischen Abgesichertem Modus und Normal starten usw.), und beim Starten erschien auch keine ComboFix-Textdatei. Da muss ja irgendetwas falsch gelaufen sein, oder? |
|
25.06.2010, 09:11
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig Probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.06.2010, 11:50
| #11 |
| | wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig Jetzt hat es geklappt... Code:
ATTFilter ComboFix 10-06-24.03 - UseR 25.06.2010 16:00:20.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3069.1941 [GMT 2:00]
ausgeführt von:: c:\users\UseR\Desktop\cofi.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((( Dateien erstellt von 2010-05-25 bis 2010-06-25 ))))))))))))))))))))))))))))))
.
2010-06-25 14:12 . 2010-06-25 14:13 -------- d-----w- c:\users\UseR\AppData\Local\temp
2010-06-25 14:12 . 2010-06-25 14:12 -------- d-----w- c:\users\MAX~1~USE\AppData\Local\temp
2010-06-25 14:12 . 2010-06-25 14:12 -------- d-----w- c:\users\Max.UseR-PC\AppData\Local\temp
2010-06-25 14:12 . 2010-06-25 14:12 -------- d-----w- c:\users\Gast\AppData\Local\temp
2010-06-25 14:12 . 2010-06-25 14:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-24 18:53 . 2010-06-24 18:53 -------- d-----w- C:\_OTL
2010-06-24 14:52 . 2010-06-24 14:52 -------- d-----w- c:\program files\Zattoo4
2010-06-23 12:14 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-06-23 12:14 . 2010-04-14 17:46 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-06-23 12:13 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 12:13 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 12:13 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 12:13 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 12:13 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 10:27 . 2010-04-16 16:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 10:27 . 2010-04-16 14:17 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-20 13:57 . 2010-06-20 14:47 -------- d-----w- c:\program files\trend micro
2010-06-20 13:57 . 2010-06-20 13:58 -------- d-----w- C:\rsit
2010-06-19 18:26 . 2010-06-19 18:26 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-06-19 18:16 . 2010-06-20 14:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-19 18:16 . 2010-06-24 18:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-18 16:34 . 2010-06-18 16:34 -------- d-----w- c:\users\UseR\AppData\Roaming\Malwarebytes
2010-06-18 16:33 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-18 16:33 . 2010-06-18 16:33 -------- d-----w- c:\programdata\Malwarebytes
2010-06-18 16:33 . 2010-06-18 16:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-18 16:33 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-15 19:33 . 2010-06-15 19:33 1079048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-07 17:49 . 2010-06-07 17:49 -------- d-----w- c:\users\Max.UseR-PC\AppData\Roaming\IrfanView
2010-05-27 10:35 . 2010-05-27 10:34 411368 ----a-w- c:\windows\system32\deployJava1.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-25 13:51 . 2006-11-02 15:33 618442 ----a-w- c:\windows\system32\perfh007.dat
2010-06-25 13:51 . 2006-11-02 15:33 122648 ----a-w- c:\windows\system32\perfc007.dat
2010-06-25 13:44 . 2008-05-13 16:39 836 ----a-w- c:\windows\bthservsdp.dat
2010-06-25 13:22 . 2009-01-19 19:14 -------- d-----w- c:\users\Max.UseR-PC\AppData\Roaming\ICQ
2010-06-25 11:04 . 2009-01-20 14:52 48825 ----a-w- c:\users\Max.UseR-PC\AppData\Roaming\nvModes.dat
2010-06-24 18:41 . 2009-01-21 13:18 -------- d-----w- c:\users\Max.UseR-PC\AppData\Roaming\Skype
2010-06-24 18:13 . 2009-01-21 13:18 -------- d-----w- c:\users\Max.UseR-PC\AppData\Roaming\skypePM
2010-06-19 18:03 . 2009-03-30 15:57 -------- d-----w- c:\users\UseR\AppData\Roaming\Skype
2010-06-19 18:02 . 2008-05-17 11:58 -------- d-----w- c:\users\UseR\AppData\Roaming\ICQ
2010-06-19 16:24 . 2009-03-30 15:58 -------- d-----w- c:\users\UseR\AppData\Roaming\skypePM
2010-06-18 15:48 . 2008-03-02 00:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-18 15:12 . 2008-05-24 14:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-17 21:06 . 2010-01-04 11:59 1 ----a-w- c:\users\UseR\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-17 18:36 . 2010-01-13 14:03 1 ----a-w- c:\users\Max.UseR-PC\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-10 14:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-09 13:43 . 2009-01-23 14:20 -------- d-----w- c:\users\Max.UseR-PC\AppData\Roaming\Winamp
2010-06-09 11:59 . 2010-01-23 20:13 -------- d-----w- c:\program files\ICQ7.0
2010-06-08 14:36 . 2008-05-17 12:27 -------- d-----w- c:\program files\Winamp
2010-05-28 16:16 . 2008-05-14 19:50 48992 ----a-w- c:\users\UseR\AppData\Roaming\nvModes.dat
2010-05-27 10:36 . 2008-05-23 14:44 -------- d-----w- c:\program files\Common Files\Java
2010-05-27 10:34 . 2008-05-23 14:44 -------- d-----w- c:\program files\Java
2010-05-26 16:16 . 2010-06-09 11:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-09 11:30 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-25 08:12 . 2010-05-25 08:12 7680 ----a-w- c:\users\UseR\AppData\Roaming\Trillian\languages\de\talk.dll
2010-05-25 08:12 . 2010-05-25 08:12 7168 ----a-w- c:\users\UseR\AppData\Roaming\Trillian\languages\de\events.dll
2010-05-25 08:12 . 2010-05-25 08:12 2048 ----a-w- c:\users\UseR\AppData\Roaming\Trillian\languages\de\toolkit.dll
2010-05-25 08:12 . 2010-05-25 08:12 10240 ----a-w- c:\users\UseR\AppData\Roaming\Trillian\languages\de\buddy.dll
2010-05-23 10:05 . 2010-05-23 10:05 -------- d-----w- c:\program files\Graffiti Studio 2.0
2010-05-21 12:14 . 2009-10-03 13:39 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-19 14:28 . 2010-05-19 14:28 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-19 14:28 . 2010-05-19 14:28 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-19 14:28 . 2010-05-19 14:28 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-19 14:28 . 2010-05-19 14:28 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-05-19 14:28 . 2010-05-19 14:28 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-05-19 14:28 . 2009-04-15 14:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-19 14:26 . 2010-05-19 14:29 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-05-19 14:26 . 2010-05-19 14:29 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-13 11:49 . 2008-05-26 15:42 -------- d-----w- c:\program files\Google
2010-05-07 14:27 . 2010-05-07 14:27 68256 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.0.232\German\setup.exe
2010-05-04 18:42 . 2010-06-09 11:30 833024 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-09 11:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 16:53 . 2010-06-09 11:30 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 19:03 . 2009-02-26 19:18 -------- d-----w- c:\users\Max.UseR-PC\AppData\Roaming\dvdcss
2010-05-01 13:53 . 2010-06-09 11:30 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 14:56 . 2010-04-24 10:08 -------- d-----w- c:\users\UseR\AppData\Roaming\gtk-2.0
2010-04-30 14:18 . 2010-04-30 14:18 -------- d-----w- c:\program files\PhotoScape
2010-04-30 14:17 . 2010-04-30 14:17 -------- d-----w- c:\users\UseR\AppData\Roaming\IrfanView
2010-04-30 14:17 . 2010-04-30 14:17 -------- d-----w- c:\program files\IrfanView
2010-04-24 17:26 . 2008-06-01 14:31 77544 ----a-w- c:\users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-23 13:55 . 2010-05-26 08:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-23 09:22 . 2008-05-23 15:41 680 ----a-w- c:\users\UseR\AppData\Local\d3d9caps.dat
2010-04-16 16:10 . 2010-06-09 11:30 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-04-16 16:05 . 2010-06-23 10:27 459776 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:05 . 2010-06-23 10:27 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:05 . 2010-06-23 10:27 2153984 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-16 16:05 . 2010-06-23 10:27 541696 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-05 16:07 . 2010-06-09 11:30 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-03-31 01:58 . 2008-05-17 12:27 133616 ------w- c:\windows\system32\pxafs.dll
.
------- Sigcheck -------
[7] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e\shsvcs.dll
[-] 2008-07-08 . 534B3525C497688ABE3C7FFE7D7DC5ED . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-02-03 21:14 39472 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-26 4939776]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-03 523312]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-02-06 589824]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-04-30 3642368]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-02-13 805384]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-04 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-04 8534560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-04-30 16:14 3024384 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^UseR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Miranda IM.lnk]
path=c:\users\UseR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Miranda IM.lnk
backup=c:\windows\pss\Miranda IM.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 11:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"ePower_DMC"=c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
"CTCheck"=c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe"
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-05 717296]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-02-22 80784]
R3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\DRIVERS\wip0204.sys [2008-12-30 23480]
R3 zlportio;zlportio;c:\users\UseR\Saved Games\UltraStar Deluxe\zlportio.sys [x]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-04-30 43184]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-01-29 41456]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 21752]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-02-14 24576]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-02-15 595248]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files\Winstep\WsxService [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-02-15 40752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners
2010-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 11:49]
2010-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 11:49]
2010-06-25 c:\windows\Tasks\User_Feed_Synchronization-{4CB0668D-0C3B-4AA0-9AF4-ADEA5698541B}.job
- c:\windows\system32\msfeedssync.exe [2008-06-17 07:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.intl.acer.yahoo.com
mStart Page = hxxp://de.intl.acer.yahoo.com
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\UseR\AppData\Roaming\Mozilla\Firefox\Profiles\xhlvsqb8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.kleeblatt-forum.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - component: c:\users\UseR\AppData\Roaming\Mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\users\UseR\AppData\Roaming\Mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: general.useragent.extra.zencast - c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
AddRemove-BitTorrent DNA - c:\users\UseR\Program Files\DNA\btdna.exe
AddRemove-Winamp Detect - g:\winamp detect\UninstWaDetect.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-25 16:13
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winstep Xtreme Service]
"ImagePath"="c:\program files\Winstep\WsxService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1052262869-3660729671-1865004345-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:63,5a,75,f1,98,7d,2a,ed,74,0d,79,65,d3,41,00,78,5f,5e,ea,1c,6c,0a,17,
76,ec,0f,83,eb,18,66,c0,5b,ec,d5,5c,45,1f,75,27,03,7e,36,07,8a,a5,46,fb,73,\
"??"=hex:5f,7b,9c,cd,ad,23,34,98,d3,59,d4,2c,fe,6c,26,db
[HKEY_USERS\S-1-5-21-1052262869-3660729671-1865004345-1000\Software\SecuROM\License information*]
"datasecu"=hex:b9,43,53,d7,2d,4e,9d,ba,6a,98,3a,21,79,9e,01,89,db,9b,48,d5,7c,
fb,85,be,c1,24,e2,4c,83,46,53,98,e0,1b,72,c6,0e,83,3c,27,2c,3d,f9,53,32,bb,\
"rkeysecu"=hex:89,02,16,cf,72,14,c1,72,e5,e7,04,b1,4a,95,a4,15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(1768)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btmmhook.dll
.
Zeit der Fertigstellung: 2010-06-25 16:20:10
ComboFix-quarantined-files.txt 2010-06-25 14:19
Vor Suchlauf: 14 Verzeichnis(se), 10.198.544.384 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 10.141.466.624 Bytes frei
- - End Of File - - 9D2C5025A762957BD2A701B85C04725C
|
|
26.06.2010, 12:25
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig Dann probier jetzt mal Logs mit GMER und OSAM zu erstellen. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus.
__________________ Logfiles bitte immer in CODE-Tags posten Geändert von cosinus (26.06.2010 um 12:31 Uhr) |
|
26.06.2010, 13:51
| #13 |
| | wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-26 14:21:46
Windows 6.0.6001 Service Pack 1
Running: 8lnbnbjx.exe; Driver: C:\Users\UseR\AppData\Local\Temp\kgtdapob.sys
---- System - GMER 1.0.15 ----
SSDT 9FBB9284 ZwCreateThread
SSDT 9FBB9270 ZwOpenProcess
SSDT 9FBB9275 ZwOpenThread
SSDT 9FBB927F ZwTerminateProcess
INT 0x52 ? 88408F00
INT 0x62 ? 85759BF8
INT 0x72 ? 85759BF8
INT 0x82 ? 8575DBF8
INT 0x92 ? 88408F00
INT 0xA3 ? 88408F00
INT 0xB2 ? 88408F00
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 454 82EECB18 4 Bytes [84, 92, BB, 9F]
.text ntkrnlpa.exe!KeSetTimerEx + 624 82EECCE8 4 Bytes [70, 92, BB, 9F]
.text ntkrnlpa.exe!KeSetTimerEx + 640 82EECD04 4 Bytes [75, 92, BB, 9F]
.text ntkrnlpa.exe!KeSetTimerEx + 854 82EECF18 4 Bytes [7F, 92, BB, 9F]
? System32\Drivers\spoh.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F607340, 0x3A08F7, 0xE8000020]
.text USBPORT.SYS!DllUnload 900F146F 5 Bytes JMP 884084E0
.text ak3pesrb.SYS 9055D004 11 Bytes [88, 87, 7A, 48, 00, 00, 00, ...]
.text ak3pesrb.SYS 9055D010 1 Byte [25]
.text ak3pesrb.SYS 9055D010 6 Bytes [25, 00, 00, 00, 20, 18]
.text ak3pesrb.SYS 9055D017 3 Bytes [00, 20, 0E] {ADD [EAX], AH; PUSH CS}
.text ak3pesrb.SYS 9055D01C 69 Bytes [00, 00, 00, 00, 00, 00, 01, ...]
.text ...
C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0xA3A25000]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last section [0xA3A26000, 0x1000, 0x00000000]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[1928] SHELL32.dll!InitNetworkAddressControl + 2939 765C0064 4 Bytes [F0, 1F, 00, 10]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806996D2] \SystemRoot\System32\Drivers\spoh.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80699040] \SystemRoot\System32\Drivers\spoh.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806997FC] \SystemRoot\System32\Drivers\spoh.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806990BE] \SystemRoot\System32\Drivers\spoh.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069913C] \SystemRoot\System32\Drivers\spoh.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A9048] \SystemRoot\System32\Drivers\spoh.sys
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortNotification] 488D3675
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortWritePortUchar] F0F28B40
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortWritePortUlong] 3331C10F
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 8480C7C9
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] DE000000
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortGetScatterGatherList] 899055EF
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortReadPortUchar] 00008880
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortStallExecution] 8C888900
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortGetParentBusType] 89000000
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortRequestCallback] 00009088
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 7CC08300
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 89515052
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortCompleteRequest] 10A6E808
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortMoveMemory] 06EB0002
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] FE3AE850
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 5D5EFFFF
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] CC0004C2
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortReadPortUshort] 51EC8B55
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 00FC6583
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortInitialize] 20BB5653
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortGetDeviceBase] 5790583F
IAT \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortDeviceStateChange] 583FB0BE
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73EE88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F298A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73EEB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73EDFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73EE7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73EDEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73F1B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73EEBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73EE074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73EE06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73ED71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73F6D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73F07379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73EDE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73ED697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73ED69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73EE2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002300] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002690] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001290] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 857601F8
Device \Driver\BTHUSB \Device\0000008f bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\netbt \Device\NetBT_Tcpip_{DC6C1383-482A-4263-A545-D05548BD62E1} 93E22500
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 8575B1F8
Device \Driver\usbuhci \Device\USBPDO-0 884321F8
Device \Driver\usbuhci \Device\USBPDO-1 884321F8
Device \Driver\usbehci \Device\USBPDO-2 884331F8
Device \Driver\usbuhci \Device\USBPDO-3 884321F8
Device \Driver\usbuhci \Device\USBPDO-4 884321F8
Device \Driver\usbuhci \Device\USBPDO-5 884321F8
Device \Driver\PCI_PNP4216 \Device\00000062 spoh.sys
Device \Driver\usbehci \Device\USBPDO-6 884331F8
Device \Driver\volmgr \Device\HarddiskVolume1 8575B1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8575B1F8
Device \Driver\cdrom \Device\CdRom0 884C81F8
Device \Driver\volmgr \Device\HarddiskVolume3 8575B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8575E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\iaStor0 [80CFA580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 8575E1F8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 8575E1F8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [80CFA580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\cdrom \Device\CdRom1 884C81F8
Device \Driver\volmgr \Device\HarddiskVolume4 8575B1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 93E22500
Device \Driver\BTHUSB \Device\00000091 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\Smb \Device\NetbiosSmb 939901F8
Device \Driver\netbt \Device\NetBT_Tcpip_{62D63F80-07DE-42D6-88C3-EF7713BD9AB9} 93E22500
Device \Driver\iScsiPrt \Device\RaidPort0 88512350
Device \Driver\usbuhci \Device\USBFDO-0 884321F8
Device \Driver\usbuhci \Device\USBFDO-1 884321F8
Device \Driver\usbehci \Device\USBFDO-2 884331F8
Device \Driver\usbuhci \Device\USBFDO-3 884321F8
Device \Driver\usbuhci \Device\USBFDO-4 884321F8
Device \Driver\usbuhci \Device\USBFDO-5 884321F8
Device \Driver\sptd \Device\3759958230 spoh.sys
Device \Driver\usbehci \Device\USBFDO-6 884331F8
Device \Driver\netbt \Device\NetBT_Tcpip_{9F4CB8F4-2B33-4E61-99FE-E3D789B06B17} 93E22500
Device \Driver\ak3pesrb \Device\Scsi\ak3pesrb1Port4Path0Target0Lun0 88507408
Device \Driver\ak3pesrb \Device\Scsi\ak3pesrb1Port4Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ak3pesrb \Device\Scsi\ak3pesrb1 88507408
Device \Driver\ak3pesrb \Device\Scsi\ak3pesrb1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\cdfs \Cdfs 85FE21F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001e4cd61bea
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1F 0xBB 0x3F 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCB 0xB8 0xE6 0x81 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDD 0x56 0x97 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\001e4cd61bea (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1F 0xBB 0x3F 0xDA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCB 0xB8 0xE6 0x81 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDD 0x56 0x97 0xC2 ...
---- EOF - GMER 1.0.15 ----
[/CODE] Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 14:48:41 on 26.06.2010 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.4 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "IconPackager" - ? - C:\Program Files\Stardock\Object Desktop\IconPackager\ipcpl.cpl (File not found) "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AlfaFF File System mini-filter" (AlfaFF) - "Alfa Corporation" - C:\Windows\System32\Drivers\AlfaFF.sys "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "ay3itgn9" (ay3itgn9) - "Microsoft Corporation" - C:\Windows\system32\drivers\ay3itgn9.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "catchme" (catchme) - ? - C:\Users\UseR\AppData\Local\Temp\catchme.sys (File not found) "Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\DPortIO.sys "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "msahci" (msahci) - "Microsoft Corporation" - C:\Windows\System32\drivers\msahci.sys "NTIPPKernel" (NTIPPKernel) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys "PSDFilter" (PSDFilter) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\psdfilter.sys "PSDNServ" (PSDNServ) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDNServ.sys "PSDVdisk" (psdvdisk) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDVdisk.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\Windows\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\Windows\System32\drivers\sfhlp02.sys "StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\Windows\System32\drivers\sfsync02.sys "StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\Windows\System32\drivers\sfvfs02.sys "Symantec Network Security Intermediate Filter Service" (SymIM) - ? - C:\Windows\System32\DRIVERS\SymIM.sys (File not found) "SymIMMP" (SymIMMP) - ? - C:\Windows\System32\DRIVERS\SymIM.sys (File not found) "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys "Wippien Network Adapter 2.4" (wip0204) - "Wippien Software" - C:\Windows\System32\DRIVERS\wip0204.sys "zlportio" (zlportio) - ? - C:\Users\UseR\Saved Games\UltraStar Deluxe\zlportio.sys (File not found) "{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {41E300E0-78B6-11ce-849B-444553540000} "Display Effects CPL Extension" - "Microsoft Corporation" - C:\Windows\system32\themeui.dll {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll (File not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll {2CF9036B-F720-425F-918C-03A336A65FC4} "IconPackager Context Menu" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {1799460C-0BC8-4865-B9DF-4A36CD703FF0} "IconPackager Repair" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "Winamp Toolbar" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll "ICQ7" - "ICQ, LLC." - C:\Program Files\ICQ7.0\ICQ.exe "Quick-Launching Area" - ? - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Acer eDataSecurity Management" - "Egis Incorporated." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll <binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll {855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "NCO Toolbar 2.0" - ? - (File not found | COM-object registry key not found) {D0943516-5076-4020-A3B5-AEFAF26AB263} "Veoh Browser Plug-in" - "Veoh Networks Inc" - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} "Winamp Toolbar" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "Egis" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} "Winamp Toolbar Loader" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\UseR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "eAudio" - "Acer Incorporated" - "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" "eDataSecurity Loader" - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe "PLFSetI" - ? - C:\Windows\PLFSetI.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "ZPdtWzdVitaKey MC3000" - "Arachnoid Biometrics Identification Group Corp." - "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\shsvcs.dll,-12288" (ShellHWDetection) - "Microsoft Corporation" - C:\Windows\System32\shsvcs.dll "@%SystemRoot%\System32\shsvcs.dll,-8192" (Themes) - "Microsoft Corporation" - C:\Windows\system32\shsvcs.dll "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe "eDataSecurity Service" (eDataSecurity Service) - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe "Empowering Technology Service" (ETService) - ? - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe "NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "NTI Backup Now 5 Agent Service" (BUNAgentSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe "NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - ? - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (File found, but it contains no detailed information) "Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\RS_Service.exe "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "Validity Fingerprint Service" (vfsFPService) - "Validity Sensors, Inc." - C:\Windows\system32\vfsFPService.exe "Winstep Xtreme Service" (Winstep Xtreme Service) - "Winstep Software Technologies" - C:\Program Files\Winstep\WsxService.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "AWinNotifyVitaKey MC3000" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
26.06.2010, 14:03
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.06.2010, 00:38
| #15 |
| | wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständigCode:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4243
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
26.06.2010 18:09:33
mbam-log-2010-06-26 (18-09-33).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 355090
Laufzeit: 2 Stunde(n), 58 Minute(n), 9 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
| Themen zu wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig |
| .dll, appdata, ccleaner, dateien, explorer, firewall, gen, handle, icq, internet, internet explorer, local\temp, malware, microsoft, panik, rsit, selbständig, software, suche, temp, trojan.agent, trojan.fakealert, version, windows firewall, öffnet |
Linear-Darstellung
