| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: win32/renos.MQWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.08.2010, 18:16
| #16 |
| /// Malware-holic   |  win32/renos.MQ ok dann versuchs noch mal mit combofix |
|
07.08.2010, 18:25
| #17 |
 | win32/renos.MQ combofix log die 2.
__________________Combofix Logfile: Code:
ATTFilter ComboFix 10-08-06.03 - Shargan 07.08.2010 19:18:07.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2047.1082 [GMT 2:00]
ausgeführt von:: c:\users\Shargan.Immolatus\Desktop\ComboFix.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-07 bis 2010-08-07 ))))))))))))))))))))))))))))))
.
2010-08-07 17:22 . 2010-08-07 17:22 -------- d-----w- c:\users\Shargan.Immolatus\AppData\Local\temp
2010-08-07 17:22 . 2010-08-07 17:22 -------- d-----w- c:\users\Shargan\AppData\Local\temp
2010-08-07 17:22 . 2010-08-07 17:22 -------- d-----w- c:\users\SHARGA~1~IMM\AppData\Local\temp
2010-08-07 17:22 . 2010-08-07 17:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-07 17:22 . 2010-08-07 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-07 16:03 . 2010-08-07 16:03 -------- d-----w- C:\_OTL
2010-08-06 20:49 . 2010-08-06 20:49 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-03 08:48 . 2010-08-03 08:48 -------- d-----w- c:\program files\ProtectDisc Driver Installer
2010-07-30 13:02 . 2010-08-06 20:43 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-30 13:02 . 2010-07-30 13:54 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-07-28 21:57 . 2010-07-28 21:57 1079048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-07-18 23:42 . 2010-07-18 23:42 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2010-07-18 23:35 . 2010-07-18 23:35 -------- d-----w- c:\program files\Common Files\Skype
2010-07-16 01:40 . 2010-07-16 01:42 -------- d-----w- C:\Lula 3D - Demo
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 16:26 . 2007-11-26 09:14 -------- d-----w- c:\programdata\NVIDIA
2010-08-07 00:02 . 2009-05-28 00:42 -------- d-----w- c:\users\Shargan.Immolatus\AppData\Roaming\vlc
2010-08-02 16:09 . 2009-11-18 23:06 -------- d-----w- c:\users\Shargan.Immolatus\AppData\Roaming\Skype
2010-08-02 14:01 . 2009-11-18 23:07 -------- d-----w- c:\users\Shargan.Immolatus\AppData\Roaming\skypePM
2010-07-21 00:16 . 2010-07-16 19:52 -------- d-----w- c:\users\Shargan.Immolatus\AppData\Roaming\DivX
2010-07-21 00:15 . 2009-06-01 12:31 -------- d-----w- c:\users\Shargan.Immolatus\AppData\Roaming\Winamp
2010-07-18 00:36 . 2010-02-08 02:05 -------- d-----w- c:\users\Shargan.Immolatus\AppData\Roaming\TS3Client
2010-06-26 00:24 . 2010-04-15 00:31 -------- d-----w- c:\users\Shargan.Immolatus\AppData\Roaming\EveHQ
2010-06-26 00:24 . 2010-04-15 00:30 -------- d-----w- c:\program files\EveHQ
2010-06-26 00:22 . 2010-04-17 00:34 25600 ----a-w- c:\users\Shargan.Immolatus\AppData\Roaming\EveHQ\Updater\EveHQPatcher.exe
2010-06-23 19:52 . 2009-06-04 11:25 -------- d-----w- c:\users\Shargan.Immolatus\AppData\Roaming\Ahead
2010-06-10 14:22 . 2010-02-08 02:05 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-06-06 20:18 . 2007-01-22 17:16 618204 ----a-w- c:\windows\system32\perfh007.dat
2010-06-06 20:18 . 2007-01-22 17:16 122442 ----a-w- c:\windows\system32\perfc007.dat
2010-05-21 12:14 . 2009-10-03 09:42 221568 ------w- c:\windows\system32\MpSigStub.exe
2003-12-18 09:33 . 2009-10-14 22:55 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 05:46 . 2009-10-14 22:55 10960 ----a-w- c:\program files\EULA.txt
.
((((((((((((((((((((((((((((( SnapShot@2010-08-07_16.39.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-05-25 19:30 . 2010-08-07 16:06 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-25 19:30 . 2010-08-07 16:26 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-25 19:30 . 2010-08-07 16:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-25 19:30 . 2010-08-07 16:06 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-25 19:30 . 2010-08-07 16:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-25 19:30 . 2010-08-07 16:06 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-31 17:37 . 2010-08-07 17:12 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-05-31 17:37 . 2010-08-07 01:42 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2009-10-01 2166296]
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2009-10-01 16:29 2166296 ----a-w- c:\program files\softonic-de3\tbsoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbu08610\tbcore3.dll" [2009-01-16 2596864]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2009-10-01 2166296]
[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbu08610\tbcore3.dll" [2009-01-16 2596864]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2009-10-01 2166296]
[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"AlienFX Controller"="c:\program files\Alienware\Alienware AlienFX\AlienwareAlienFXController.exe" [2007-01-29 327680]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\spiele\left4dead\steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2805695796-2745399140-4180009984-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11-Drahtlosgerätetreiber;c:\windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 311808]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-20 721904]
S1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-13 108289]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-08-07 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2009-05-26 07:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.war-europe.com/#/myaccount/?lang=de
DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://www.fiaa.eu/OPLauncher.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-07 19:22
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2805695796-2745399140-4180009984-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f8,09,71,c1,43,db,0e,65,3d,a2,6d,3d,0c,4a,a0,00,c8,53,a5,15,6c,e2,d5,
9c,b2,73,5c,33,8a,9c,81,94,18,6f,3e,ae,e1,f9,ed,b7,f3,13,72,2e,80,9e,5f,73,\
"??"=hex:ae,86,b0,8c,99,81,cf,43,81,e5,8f,7b,aa,38,71,8b
[HKEY_USERS\S-1-5-21-2805695796-2745399140-4180009984-1000\Software\SecuROM\License information*]
"datasecu"=hex:2a,99,c2,9b,91,72,09,5c,5e,4d,d3,25,e8,91,c7,d0,88,13,ee,81,5b,
01,9d,4c,76,a9,f9,35,19,4b,d4,0b,1b,5c,be,48,46,04,92,be,87,d1,d2,ff,8e,aa,\
"rkeysecu"=hex:3c,46,92,60,16,08,a3,6e,68,da,16,97,a8,28,3c,37
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2010-08-07 19:24:17
ComboFix-quarantined-files.txt 2010-08-07 17:24
Vor Suchlauf: 16 Verzeichnis(se), 82.615.521.280 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 82.588.176.384 Bytes frei
- - End Of File - - 5CDE3E7C90662E8121B85399AEFB6684
|
|
07.08.2010, 18:28
| #18 |
| /// Malware-holic | win32/renos.MQ konntest du eigendlich die datei zu uns hochladen?
__________________ |
|
07.08.2010, 18:30
| #19 |
| | win32/renos.MQ oh. nein hab ich noch net versucht. übrigens hab ich seit dem ersten combofix keine meldungen mehr bekommen vom defender der den trojaner gefunden hatte (sonst alle 10min) |
|
07.08.2010, 18:32
| #20 |
| /// Malware-holic | win32/renos.MQ ja, bitte arbeite doch einfach alles in reihenfolge ab wie ichs gesagt hab bzw wie ichs sage. der upload geht im moment wohl nicht File-Upload.net dort hochladen und mir den download link als private nachicht senden. |
|
07.08.2010, 18:35
| #21 |
| | win32/renos.MQ bin mal wieder ein wenig zerstreut |
|
07.08.2010, 18:40
| #22 |
| /// Malware-holic | win32/renos.MQ ok, jetzt kommen erst mal windows updates. servicepack 2 und alle sonstigen wichtigen updates einspielen bitte. |
|
07.08.2010, 18:43
| #23 |
| | win32/renos.MQ das kann ein bissel dauern sind zwar nur 86 mb aber hab dsl light |
|
07.08.2010, 19:03
| #24 |
| /// Malware-holic | win32/renos.MQ keine eile. aber windows updates sind schon wichtig, der pc soll ja wohl auch malware frei bleiben :-) |
|
07.08.2010, 19:13
| #25 |
| | win32/renos.MQ sooo habe fertig was kommt nun |
|
07.08.2010, 19:20
| #26 |
| /// Malware-holic | win32/renos.MQ bitte eine neue otl.txt posten, also otl öffnen, und auf scan drücken, nur otl.txt bitte, extra.txt ist nicht nötig. |
|
07.08.2010, 19:25
| #27 |
| | win32/renos.MQ soo OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.08.2010 20:23:04 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Shargan.Immolatus\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 458,53 Gb Total Space | 74,74 Gb Free Space | 16,30% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 465,76 Gb Total Space | 192,23 Gb Free Space | 41,27% Space Free | Partition Type: NTFS Computer Name: IMMOLATUS Current User Name: Shargan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Shargan.Immolatus\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Alienware\Alienware AlienFX\AlienwareAlienFXController.exe (Alienware Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) ========== Modules (SafeList) ========== MOD - C:\Users\Shargan.Immolatus\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (DAUpdaterSvc) -- C:\spiele\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\SHARGA~1.IMM\AppData\Local\Temp\catchme.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.) DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (PStrip) -- C:\Windows\System32\drivers\pstrip.sys (EnTech Taiwan) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation) DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Warhammer Online IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 DD 29 5C 16 E2 C9 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010.08.07 18:39:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (TBSB00982 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\Antbar\Ant.com Toolbar\tbu08610\tbcore3.dll () O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Programme\Antbar\Ant.com Toolbar\tbu08610\tbcore3.dll () O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Programme\Antbar\Ant.com Toolbar\tbu08610\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Alienware AlienFX\AlienwareAlienFXController.exe (Alienware Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BrowserChoice] C:\Windows\System32\browserchoice.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} hxxp://www.fiaa.eu/OPLauncher.cab (Perparer Class) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Shargan.Immolatus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Shargan.Immolatus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.07 19:58:24 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010.08.07 19:53:50 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2010.08.07 19:52:58 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.08.07 19:52:58 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.08.07 19:52:58 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.08.07 19:49:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.07 19:49:13 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.07 19:49:13 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.07 19:49:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.07 19:49:13 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.07 19:49:13 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.07 19:49:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.07 19:49:13 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.07 19:49:13 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.07 19:49:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.07 19:49:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.07 19:49:13 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.07 19:49:13 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.07 19:49:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.07 19:49:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.07 19:47:42 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2010.08.07 19:47:42 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2010.08.07 19:47:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.08.07 19:47:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.08.07 19:47:15 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.07 19:47:14 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.07 19:47:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.08.07 19:46:37 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.08.07 19:46:37 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.08.07 19:46:37 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.08.07 19:46:34 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2010.08.07 19:46:32 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2010.08.07 19:46:31 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2010.08.07 19:45:26 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.08.07 19:43:58 | 002,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.07 19:43:56 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll [2010.08.07 19:43:56 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2010.08.07 19:43:56 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2010.08.07 19:43:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2010.08.07 19:43:45 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll [2010.08.07 19:43:45 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll [2010.08.07 19:24:18 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.08.07 19:24:18 | 000,000,000 | ---D | C] -- C:\Users\Shargan.Immolatus\AppData\Local\temp [2010.08.07 19:23:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.08.07 19:17:43 | 000,000,000 | ---D | C] -- C:\ComboFix [2010.08.07 19:17:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.08.07 18:28:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.08.07 18:28:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.08.07 18:28:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.08.07 18:28:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.07 18:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage [2010.08.07 18:18:21 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.08.07 18:03:10 | 000,000,000 | ---D | C] -- C:\_OTL [2010.08.07 16:18:30 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Shargan.Immolatus\Desktop\OTL.exe [2010.08.03 10:48:58 | 000,000,000 | ---D | C] -- C:\Programme\ProtectDisc Driver Installer [2010.07.30 23:53:21 | 705,764,427 | ---- | C] (Macrovision Corporation) -- C:\Users\Shargan.Immolatus\Desktop\setup-1.46.0.3.exe [2010.07.30 15:02:16 | 000,000,000 | ---D | C] -- C:\Users\Shargan.Immolatus\Documents\StarCraft II [2010.07.30 15:02:16 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Blizzard Entertainment [2010.07.30 15:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2010.07.19 01:42:22 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\system32CmdLineExt.dll [2010.07.19 01:35:21 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010.07.16 21:52:31 | 000,000,000 | ---D | C] -- C:\Users\Shargan.Immolatus\AppData\Roaming\DivX [2010.07.16 21:52:01 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared [2010.07.16 21:46:33 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2010.07.16 21:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.07.16 03:40:59 | 000,000,000 | ---D | C] -- C:\Lula 3D - Demo ========== Files - Modified Within 30 Days ========== [2010.08.07 20:23:15 | 002,621,440 | -HS- | M] () -- C:\Users\Shargan.Immolatus\ntuser.dat [2010.08.07 20:11:39 | 000,001,598 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2010.08.07 20:11:03 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.08.07 20:10:58 | 000,002,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.07 20:10:58 | 000,002,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.07 20:10:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.07 20:10:20 | 000,235,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.07 20:10:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.07 20:09:46 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys [2010.08.07 20:08:27 | 000,524,288 | -HS- | M] () -- C:\Users\Shargan.Immolatus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010.08.07 20:08:27 | 000,065,536 | -HS- | M] () -- C:\Users\Shargan.Immolatus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.08.07 20:06:58 | 004,755,424 | -H-- | M] () -- C:\Users\Shargan.Immolatus\AppData\Local\IconCache.db [2010.08.07 19:56:15 | 001,462,296 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.07 19:56:15 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.07 19:56:15 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.07 19:56:15 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.07 19:56:15 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.07 19:40:43 | 000,391,256 | ---- | M] () -- C:\_OTL.rar [2010.08.07 19:22:21 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.08.07 19:10:33 | 000,000,020 | ---- | M] () -- C:\Users\Shargan.Immolatus\defogger_reenable [2010.08.07 18:39:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.08.07 18:09:55 | 003,816,629 | R--- | M] () -- C:\Users\Shargan.Immolatus\Desktop\ComboFix.exe [2010.08.07 16:18:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Shargan.Immolatus\Desktop\OTL.exe [2010.08.07 15:56:14 | 000,108,032 | ---- | M] () -- C:\Users\Shargan.Immolatus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.03 11:27:13 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000E3E.LCS [2010.07.30 23:55:04 | 705,764,427 | ---- | M] (Macrovision Corporation) -- C:\Users\Shargan.Immolatus\Desktop\setup-1.46.0.3.exe [2010.07.30 18:25:43 | 000,524,288 | -HS- | M] () -- C:\Users\Shargan.Immolatus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.07.26 20:35:12 | 365,320,192 | ---- | M] () -- C:\Users\Shargan.Immolatus\Desktop\lots-s02e16.avi [2010.07.21 02:16:09 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.07.19 01:42:22 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\system32CmdLineExt.dll [2010.07.18 23:12:53 | 367,532,032 | ---- | M] () -- C:\Users\Shargan.Immolatus\Desktop\lots-s02e15.avi ========== Files Created - No Company Name ========== [2010.08.07 20:11:38 | 000,001,598 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2010.08.07 19:31:06 | 000,391,256 | ---- | C] () -- C:\_OTL.rar [2010.08.07 19:10:23 | 000,000,020 | ---- | C] () -- C:\Users\Shargan.Immolatus\defogger_reenable [2010.08.07 18:28:54 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.08.07 18:28:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.08.07 18:28:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.08.07 18:28:54 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.08.07 18:28:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.08.07 18:09:51 | 003,816,629 | R--- | C] () -- C:\Users\Shargan.Immolatus\Desktop\ComboFix.exe [2010.08.07 03:57:28 | 2147,016,704 | -HS- | C] () -- C:\hiberfil.sys [2010.07.29 13:36:13 | 365,320,192 | ---- | C] () -- C:\Users\Shargan.Immolatus\Desktop\lots-s02e16.avi [2010.07.28 22:53:23 | 367,532,032 | ---- | C] () -- C:\Users\Shargan.Immolatus\Desktop\lots-s02e15.avi [2010.07.21 02:50:18 | 047,904,532 | ---- | C] () -- C:\Users\Shargan.Immolatus\Desktop\WAR_Cinematic2_640x360.wmv [2010.07.21 02:50:11 | 038,054,556 | ---- | C] () -- C:\Users\Shargan.Immolatus\Desktop\WAR_cinematic_640x360.wmv [2010.02.09 16:58:54 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.10.15 01:58:55 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.09.24 00:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.08.06 01:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI [2009.06.28 21:38:01 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2009.06.10 21:40:29 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.06.10 21:40:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.05.29 19:27:28 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.10.28 18:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.09.12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 749 bytes -> C:\Users\Shargan.Immolatus\Documents\Bestellung vom 29_10_2009, Grundlagen des Westernreitens_Verena.eml:OECustomProperty < End of report > |
|
07.08.2010, 19:30
| #28 |
| /// Malware-holic | win32/renos.MQ du hast immernoch servicepack1. besuche die windows update seite so lange bis keine wichtigen updates mehr angeboten werden, dann neues otl.txt posten bitte |
|
07.08.2010, 19:48
| #29 |
| | win32/renos.MQ ok bin jetzt bei dem 3. durchlauf und der brauch 300 mb (sp2) wird dann heut abend wohl spät ich sag schon mal danke für deine grossartige hilfe und meld mich dann morgen nochmal ^^ |
|
07.08.2010, 20:04
| #30 |
| /// Malware-holic | win32/renos.MQ jo das sp2 ist n bissel groß, kommt auch immer drauf an wie viele updates du vorher gemacht hast. wenn das sp2 drauf ist, dann weiter so lange updaten bis nichts mehr angeboten wird. denke aber morgen werden wir fertig. sieht schon mal gut aus so weit. |
|
| Themen zu win32/renos.MQ |
| antivir, archiv, automatisch, datensicherung, defender, einträge, entferne, entfernen, externe, externe platte, gestartet, google, heute, hängen, meldung, morgen, platte, power, quarantäne, scan, sicherung, suche, versucht, win, windows, winzip |
Linear-Darstellung
