| |
| |||||||
Log-Analyse und Auswertung: habe von der telekom ein brief bekommen, sind trojaner auf mein pc?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
15.08.2010, 03:49
| #1 |
 |  habe von der telekom ein brief bekommen, sind trojaner auf mein pc? Hi ihr lieben helfer von trojaner board. Gestern hab ich ein brief von der telekom erhalten das ich angeblich schadhaften code von meinem pc aus versende wovon ich aber nichts weiß o.O frage ist nun hab ich schädlichen code auf meinem pc wenn die mich anschreiben?? Die haben gesagt sie haben meine Email funktion eingeschränkt das man nur noch empfangen kann aber nix mehr raussenden kann. Die haben mir irgendsoein Northon 360 vorgeschlagen. Kam mir fast wie werbung vor, aber ich will auf nummer sicher gehen denn wenn es ernst ist können die vlt. auch mein Internet zugang schließen wegen trojaner versenden? Danke für eure antworten, ich schick am besten gleiche einen highjackthis log mit euer farthecry Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:44:51, on 15.08.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Opera\Opera.exe C:\Windows\system32\DllHost.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" O4 - HKCU\..\Run: [{427D3F2C-68EF-BD1E-D392-1BECB0DD60B1}] C:\Users\Standard\AppData\Roaming\Ivga\efik.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://stream.web.de/mail/activex/mail_upload_11213.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: CacheBoost Performance Optimizer and Tuner Service (CacheBoost Service) - Systweak Inc - C:\Program Files\Systweak\Systweak CacheBoost\cbsrv.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Unknown owner - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 6525 bytes |
|
15.08.2010, 09:49
| #2 |
  | habe von der telekom ein brief bekommen, sind trojaner auf mein pc? Hi,
__________________online bei Virustotal.com prüfen lassen: Code:
ATTFilter C:\Users\Standard\AppData\Roaming\Ivga\efik.exe
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris
__________________ |
|
15.08.2010, 21:38
| #3 |
| | habe von der telekom ein brief bekommen, sind trojaner auf mein pc? hilfe ich habe die datei efik.exe scannen lassen bei virustotal.com
__________________und habe ein erschreckendes Ergebnis erhalten?! Code:
ATTFilter File name: efik.exe
Submission date: 2010-08-15 20:35:01 (UTC)
Current status: queued (#4) queued analysing finished
Result: 20/ 42 (47.6%)
VT Community
not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2010.08.15.01 2010.08.15 Win-Trojan/Fakeav.165376.AK
AntiVir 8.2.4.34 2010.08.15 -
Antiy-AVL 2.0.3.7 2010.08.11 Trojan/Win32.Jorik.gen
Authentium 5.2.0.5 2010.08.15 -
Avast 4.8.1351.0 2010.08.15 Win32:Spyware-gen
Avast5 5.0.332.0 2010.08.15 Win32:Spyware-gen
AVG 9.0.0.851 2010.08.15 Generic18.ACRT
BitDefender 7.2 2010.08.15 Backdoor.Bot.125058
CAT-QuickHeal 11.00 2010.08.14 -
ClamAV 0.96.0.3-git 2010.08.15 -
Comodo 5750 2010.08.15 -
DrWeb 5.0.2.03300 2010.08.15 Trojan.Packed.20538
Emsisoft 5.0.0.37 2010.08.15 Trojan.Win32.Jorik.Zbot.c!A2
eSafe 7.0.17.0 2010.08.15 -
eTrust-Vet 36.1.7790 2010.08.13 -
F-Prot 4.6.1.107 2010.08.14 -
F-Secure 9.0.15370.0 2010.08.15 Backdoor.Bot.125058
Fortinet 4.1.143.0 2010.08.15 -
GData 21 2010.08.15 Backdoor.Bot.125058
Ikarus T3.1.1.88.0 2010.08.15 -
Jiangmin 13.0.900 2010.08.15 Trojan/Jorik.ho
Kaspersky 7.0.0.125 2010.08.15 Trojan.Win32.Jorik.Zbot.c
McAfee 5.400.0.1158 2010.08.15 -
McAfee-GW-Edition 2010.1 2010.08.15 -
Microsoft 1.6004 2010.08.15 PWS:Win32/Zbot
NOD32 5368 2010.08.15 Win32/Spy.Zbot.YW
Norman 6.05.11 2010.08.15 -
nProtect 2010-08-15.01 2010.08.15 Trojan/W32.Jorik.165376
Panda 10.0.2.7 2010.08.15 Trj/Downloader.MDW
PCTools 7.0.3.5 2010.08.15 -
Prevx 3.0 2010.08.15 High Risk Cloaked Malware
Rising 22.60.06.04 2010.08.15 -
Sophos 4.56.0 2010.08.15 Mal/FakeAV-CH
Sunbelt 6738 2010.08.15 -
SUPERAntiSpyware 4.40.0.1006 2010.08.15 -
Symantec 20101.1.1.7 2010.08.15 -
TheHacker 6.5.2.1.348 2010.08.15 Trojan/Jorik.Zbot.c
TrendMicro 9.120.0.1004 2010.08.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.15 -
VBA32 3.12.14.0 2010.08.13 -
ViRobot 2010.8.9.3978 2010.08.15 -
VirusBuster 5.0.27.0 2010.08.15 TrojanSpy.Zbot.AEYN
2. scan mit OTL : Code:
ATTFilter OTL logfile created on: 15.08.2010 22:39:43 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Standard\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 216,90 Gb Total Space | 71,30 Gb Free Space | 32,87% Space Free | Partition Type: NTFS Drive D: | 106,45 Gb Total Space | 105,54 Gb Free Space | 99,15% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: STANDARD-PC Current User Name: Standard Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.08.15 22:39:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Downloads\OTL.exe PRC - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe PRC - [2010.06.28 12:59:52 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010.06.15 17:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe PRC - [2010.06.15 17:49:50 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe PRC - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2010.05.17 13:14:12 | 002,345,680 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe PRC - [2010.01.27 02:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010.01.11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.02.06 19:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.10.14 15:03:48 | 000,232,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE PRC - [2008.10.14 15:03:40 | 000,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE PRC - [2008.10.14 15:03:36 | 000,404,064 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE PRC - [2008.10.14 15:03:36 | 000,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE PRC - [2008.07.26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2008.07.26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe ========== Modules (SafeList) ========== MOD - [2010.08.15 22:39:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Downloads\OTL.exe MOD - [2010.06.15 17:50:00 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2009.03.30 06:42:16 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcr80.dll MOD - [2009.03.30 06:42:16 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcp80.dll MOD - [2008.07.26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj01.dll MOD - [2008.01.18 23:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2010.08.10 22:42:12 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010.06.15 17:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.05.06 11:29:10 | 000,120,640 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.20506\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2009.05.06 11:29:10 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.20506\aspnet_state.exe -- (aspnet_state) SRV - [2009.05.06 09:08:16 | 000,104,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe -- (clr_optimization_v4.0.20506_32) SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.10.14 15:03:40 | 000,117,400 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA) SRV - [2008.07.26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008.07.26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer) SRV - [2008.03.09 13:54:58 | 000,187,120 | ---- | M] (Systweak Inc) [Auto | Stopped] -- C:\Program Files\Systweak\Systweak CacheBoost\cbsrv.exe -- (CacheBoost Service) SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [Disabled | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010.06.15 17:49:46 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2010.05.15 16:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2010.01.12 06:03:33 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.10.19 18:03:41 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.10.19 18:03:40 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.08.23 01:16:26 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09) DRV - [2009.08.05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.07 21:06:26 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.07.26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008.01.18 23:41:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2007.10.12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.10.12 01:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928) DRV - [2007.07.18 19:32:40 | 001,841,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor) DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2007.03.26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViPrt.sys -- (ViPrt) DRV - [2007.03.26 15:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViBus.sys -- (ViBus) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.09.05 19:59:18 | 000,097,088 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se58mdm.sys -- (se58mdm) DRV - [2006.09.05 19:59:14 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se58mdfl.sys -- (se58mdfl) DRV - [2006.09.05 19:58:26 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se58bus.sys -- (se58bus) Sony Ericsson Device 088 driver (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 2B 1D 76 75 06 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.7.0088 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6 FF - prefs.js..extensions.enabledItems: {49f3fc85-dcfe-4e42-9301-226ebe658509}:0.6.6 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105 FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:2.6.0.15 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v4.0.20506\WPF\DotNetAssistantExtension\ [2009.09.11 14:23:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010.08.14 21:47:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.23 14:17:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.13 09:11:14 | 000,000,000 | ---D | M] [2009.03.28 14:03:22 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions [2009.03.28 14:03:22 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010.08.14 21:18:04 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions [2009.09.03 20:09:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.15 04:57:47 | 000,000,000 | ---D | M] (LinkChecker) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509} [2009.11.19 22:17:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.07.14 23:42:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.07.21 06:34:01 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010.08.14 21:18:06 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Toolbar) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2009.05.16 02:15:26 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\moveplayer@movenetworks.com [2009.11.23 21:44:03 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\searchrecs@veoh.com [2010.06.06 03:42:24 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\toolbar@ask.com [2010.05.17 14:32:00 | 000,002,253 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\askcom.xml [2009.04.08 23:54:53 | 000,000,440 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\daemon-search.xml [2010.08.08 00:37:48 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-1.xml [2009.11.18 05:19:16 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-2.xml [2009.12.20 05:36:08 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-3.xml [2010.01.08 06:22:30 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-4.xml [2010.02.18 21:48:52 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-5.xml [2010.04.03 02:03:14 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-6.xml [2010.05.17 14:31:54 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-7.xml [2010.07.14 23:43:00 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-8.xml [2010.07.14 23:42:52 | 000,000,168 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin.gif [2010.07.14 23:42:52 | 000,000,618 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin.src [2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin.xml [2010.08.14 21:18:58 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009.09.09 11:13:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.03.24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2010.07.23 14:17:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.23 14:17:50 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.07.23 14:17:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.23 14:17:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.23 14:17:50 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.08 01:32:24 | 000,403,666 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 13964 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [{427D3F2C-68EF-BD1E-D392-1BECB0DD60B1}] C:\Users\Standard\AppData\Roaming\Ivga\efik.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Standard\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Standard\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5fc4d1f3-23a7-11de-9f15-e4ff96c00dd0}\Shell - "" = AutoRun O33 - MountPoints2\{5fc4d1f3-23a7-11de-9f15-e4ff96c00dd0}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found O33 - MountPoints2\{5fc4d1f5-23a7-11de-9f15-e4ff96c00dd0}\Shell - "" = AutoRun O33 - MountPoints2\{5fc4d1f5-23a7-11de-9f15-e4ff96c00dd0}\Shell\AutoRun\command - "" = M:\RunGame.exe -- File not found O33 - MountPoints2\{5fc4d213-23a7-11de-9f15-e4ff96c00dd0}\Shell - "" = AutoRun O33 - MountPoints2\{5fc4d213-23a7-11de-9f15-e4ff96c00dd0}\Shell\AutoRun\command - "" = N:\Autorun.exe -- File not found O33 - MountPoints2\{82640234-24f3-11de-8d68-d15cbd9629c2}\Shell - "" = AutoRun O33 - MountPoints2\{82640234-24f3-11de-8d68-d15cbd9629c2}\Shell\AutoRun\command - "" = O:\autorun.exe -- File not found O33 - MountPoints2\{c20f525a-00dd-11de-924b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c20f525a-00dd-11de-924b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.14 21:19:05 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\ForceField Shared Files [2010.08.14 21:19:04 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\CheckPoint [2010.08.14 21:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010.08.14 21:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm-Sicherheit [2010.08.14 21:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2010.08.14 21:17:29 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\Windows\System32\vsutil_loc0407.dll [2010.08.14 21:17:25 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsregexp.dll [2010.08.14 21:16:59 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2010.08.14 21:16:26 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll [2010.08.14 21:16:26 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll [2010.08.14 21:16:19 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vswmi.dll [2010.08.14 21:16:14 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zpeng25.dll [2010.08.14 21:16:14 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsxml.dll [2010.08.14 21:16:13 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vspubapi.dll [2010.08.14 21:16:13 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsmonapi.dll [2010.08.14 21:16:12 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsdata.dll [2010.08.14 21:15:56 | 000,457,304 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys [2010.08.14 21:15:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs [2010.08.14 21:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs [2010.08.14 21:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2010.08.14 21:15:29 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsinit.dll [2010.08.14 21:15:29 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2010.08.14 21:15:28 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsutil.dll [2010.08.13 22:52:56 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\Neuer Ordner [2010.08.12 21:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2010.08.12 21:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010.08.12 21:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2010.08.11 00:42:00 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.11 00:42:00 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.11 00:42:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.11 00:42:00 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.11 00:42:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.11 00:42:00 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.11 00:41:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.11 00:41:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.11 00:41:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.11 00:41:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.11 00:41:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.11 00:41:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.11 00:41:59 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.11 00:41:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.11 00:41:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.11 00:41:56 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.11 00:41:44 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.11 00:41:40 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.11 00:41:22 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.11 00:41:22 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.10 22:49:03 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\2K Games [2010.08.10 22:48:37 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2010.08.10 22:48:37 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2010.08.10 22:48:37 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2010.08.10 22:48:37 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2010.08.10 22:48:37 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll [2010.08.10 22:48:37 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2010.08.10 22:48:36 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll [2010.08.10 22:48:36 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2010.08.10 22:48:36 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2010.08.10 22:48:36 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll [2010.08.10 22:48:36 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2010.08.10 22:48:36 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2010.08.10 22:48:36 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll [2010.08.10 22:48:36 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll [2010.08.10 22:48:36 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll [2010.08.10 22:48:36 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2010.08.10 22:48:35 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll [2010.08.10 22:48:33 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2010.08.10 22:48:31 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2010.08.10 22:48:31 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2010.08.10 22:48:31 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2010.08.10 22:39:56 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\MafiaIIDemo [2010.08.10 22:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam [2010.08.10 22:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Steam [2010.08.09 20:26:07 | 001,279,192 | ---- | C] (IObit ) -- C:\Users\Standard\Desktop\gamebooster_151.exe [2010.08.05 04:40:12 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\neuuu [2010.07.31 02:52:31 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\.purple [2010.07.31 02:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin [2010.07.25 02:47:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2010.07.24 22:55:59 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2010.07.24 22:20:00 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Rockstar Games [2010.07.22 00:47:06 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\astragon Software GmbH [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.15 22:42:56 | 008,650,752 | ---- | M] () -- C:\Users\Standard\ntuser.dat [2010.08.15 21:25:16 | 000,053,164 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.08.15 21:25:16 | 000,053,164 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.08.15 21:24:46 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job [2010.08.15 21:24:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.15 21:24:42 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.15 21:24:42 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.15 21:24:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.15 21:23:47 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys [2010.08.15 10:51:35 | 000,524,288 | -HS- | M] () -- C:\Users\Standard\ntuser.dat{dc609bfd-582a-11df-b860-dbde0ba0b6e5}.TMContainer00000000000000000001.regtrans-ms [2010.08.15 10:51:35 | 000,065,536 | -HS- | M] () -- C:\Users\Standard\ntuser.dat{dc609bfd-582a-11df-b860-dbde0ba0b6e5}.TM.blf [2010.08.15 10:51:25 | 005,148,992 | -H-- | M] () -- C:\Users\Standard\AppData\Local\IconCache.db [2010.08.14 21:19:28 | 000,421,442 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml [2010.08.14 21:17:32 | 000,000,877 | ---- | M] () -- C:\Users\Standard\Desktop\ZoneAlarm Security.lnk [2010.08.14 21:17:31 | 000,005,977 | ---- | M] () -- C:\Windows\System32\vsconfig.xml [2010.08.14 21:13:54 | 048,045,056 | ---- | M] () -- C:\Users\Standard\Desktop\zaSetup_92_058_000_de.exe [2010.08.13 22:55:20 | 001,650,452 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.13 22:55:20 | 000,705,786 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.13 22:55:20 | 000,668,804 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.13 22:55:20 | 000,152,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.13 22:55:20 | 000,127,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.12 21:22:08 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2010.08.12 21:22:08 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010.08.12 19:45:39 | 000,423,073 | ---- | M] () -- C:\Users\Standard\Desktop\mafia2.time.freez.rar [2010.08.11 21:58:49 | 002,243,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.10 22:44:26 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2010.08.10 22:27:02 | 001,598,976 | ---- | M] () -- C:\Users\Standard\Desktop\SteamInstall.msi [2010.08.10 13:58:25 | 001,037,617 | ---- | M] () -- C:\Users\Standard\Desktop\MafiaII.exe [2010.08.09 20:26:56 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2010.08.09 20:26:56 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk [2010.08.09 20:26:13 | 001,279,192 | ---- | M] (IObit ) -- C:\Users\Standard\Desktop\gamebooster_151.exe [2010.08.09 20:25:43 | 000,260,400 | ---- | M] () -- C:\Users\Standard\Desktop\SoftonicDownloader80984.exe [2010.08.08 22:29:35 | 000,053,248 | ---- | M] () -- C:\Users\Standard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.03 04:42:47 | 000,000,218 | ---- | M] () -- C:\Users\Standard\.recently-used.xbel [2010.07.24 22:55:59 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2010.07.23 20:14:42 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.14 21:17:32 | 000,000,877 | ---- | C] () -- C:\Users\Standard\Desktop\ZoneAlarm Security.lnk [2010.08.14 21:17:31 | 000,005,977 | ---- | C] () -- C:\Windows\System32\vsconfig.xml [2010.08.14 21:15:56 | 000,421,442 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml [2010.08.14 21:13:52 | 048,045,056 | ---- | C] () -- C:\Users\Standard\Desktop\zaSetup_92_058_000_de.exe [2010.08.12 21:22:08 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2010.08.12 21:22:08 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010.08.12 19:40:37 | 001,037,617 | ---- | C] () -- C:\Users\Standard\Desktop\MafiaII.exe [2010.08.12 04:47:37 | 000,423,073 | ---- | C] () -- C:\Users\Standard\Desktop\mafia2.time.freez.rar [2010.08.10 22:27:48 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2010.08.10 22:26:53 | 001,598,976 | ---- | C] () -- C:\Users\Standard\Desktop\SteamInstall.msi [2010.08.09 20:26:56 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2010.08.09 20:26:56 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk [2010.08.09 20:25:43 | 000,260,400 | ---- | C] () -- C:\Users\Standard\Desktop\SoftonicDownloader80984.exe [2010.08.03 04:42:47 | 000,000,218 | ---- | C] () -- C:\Users\Standard\.recently-used.xbel [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.10.19 18:03:40 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.10.19 18:03:39 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.09.17 02:02:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.04.07 21:06:26 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.03.18 18:42:50 | 000,077,824 | ---- | C] () -- C:\Windows\System32\HPZIDS01.dll [2009.03.17 17:31:23 | 000,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2008.07.26 08:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2007.10.18 13:56:14 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2007.10.18 13:56:14 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.10.18 13:46:46 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll [2007.10.12 01:11:58 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000096.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 72 bytes -> C:\Windows:4F9666BB02E53299 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6CC69D3C @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:18AE7C5A < End of report > Geändert von Farthecry (15.08.2010 um 21:45 Uhr) |
|
16.08.2010, 14:36
| #4 |
| | habe von der telekom ein brief bekommen, sind trojaner auf mein pc? was soll ich nun tun? Bitte helft mir, wir wissen ja nun welche datei der virus oder trojaner ist, soll ich die löschen? was soll ich machen  ich glaube wenn man länger wartet arbeitet der virus sich ins system besser rein oder?mfg farthecry Anti malware scan: Funde 5 . Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4435
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
16.08.2010 15:49:53
mbam-log-2010-08-16 (15-49-53).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 148283
Laufzeit: 6 Minute(n), 0 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{427d3f2c-68ef-bd1e-d392-1becb0dd60b1} (Trojan.ZbotR.Gen) -> Delete on reboot.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
C:\Windows\System32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\Windows\System32\homepage.txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Standard\AppData\Roaming\Ivga\efik.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
Geändert von Farthecry (16.08.2010 um 14:50 Uhr) Grund: hab was vergessen |
|
16.08.2010, 14:49
| #5 |
| /// Malware-holic | habe von der telekom ein brief bekommen, sind trojaner auf mein pc? nein, nichts löschen und auf antwort deines helfers warten. |
|
16.08.2010, 18:03
| #6 |
| | habe von der telekom ein brief bekommen, sind trojaner auf mein pc? Hi, bitte noch mal ein neues OTL-Log (nach dem MAM-Lauf). In MAM nichts löschen lassen, nur in Quarantäne verschieben! Hast du ein packprogramm wie winzip, 7zip izarc? Wir müssen das Verzeichnis von MAM unter benutzer\du\appdata\roaming\malewarebytes\quarantäne packen und hier im uploadchannel (http://www.trojaner-board.de/54791-a...ner-board.html) mal hochladen... eventuell kommt nacher noch was dazu... chris
__________________ --> habe von der telekom ein brief bekommen, sind trojaner auf mein pc? Geändert von Chris4You (16.08.2010 um 18:17 Uhr) |
|
16.08.2010, 18:27
| #7 |
| | habe von der telekom ein brief bekommen, sind trojaner auf mein pc? 2.Scan mit OTL nach dem MAM durchgeführt wurde. Code:
ATTFilter OTL logfile created on: 16.08.2010 19:23:06 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Standard\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 216,90 Gb Total Space | 70,80 Gb Free Space | 32,64% Space Free | Partition Type: NTFS Drive D: | 106,45 Gb Total Space | 105,54 Gb Free Space | 99,15% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: STANDARD-PC Current User Name: Standard Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.08.15 22:39:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Downloads\OTL.exe PRC - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe PRC - [2010.06.28 12:59:52 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010.06.15 17:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe PRC - [2010.06.15 17:49:50 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe PRC - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2010.05.17 13:14:12 | 002,345,680 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe PRC - [2010.01.27 02:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010.01.11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.02.06 19:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.10.14 15:03:48 | 000,232,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE PRC - [2008.10.14 15:03:40 | 000,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE PRC - [2008.10.14 15:03:36 | 000,404,064 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE PRC - [2008.10.14 15:03:36 | 000,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE PRC - [2008.07.26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2008.07.26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe ========== Modules (SafeList) ========== MOD - [2010.08.15 22:39:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Downloads\OTL.exe MOD - [2010.06.15 17:50:00 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2009.03.30 06:42:16 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcr80.dll MOD - [2009.03.30 06:42:16 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcp80.dll MOD - [2008.07.26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj01.dll MOD - [2008.01.18 23:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2010.08.10 22:42:12 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010.06.15 17:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.05.06 11:29:10 | 000,120,640 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.20506\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2009.05.06 11:29:10 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.20506\aspnet_state.exe -- (aspnet_state) SRV - [2009.05.06 09:08:16 | 000,104,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe -- (clr_optimization_v4.0.20506_32) SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.10.14 15:03:40 | 000,117,400 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA) SRV - [2008.07.26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008.07.26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer) SRV - [2008.03.09 13:54:58 | 000,187,120 | ---- | M] (Systweak Inc) [Auto | Stopped] -- C:\Program Files\Systweak\Systweak CacheBoost\cbsrv.exe -- (CacheBoost Service) SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [Disabled | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010.06.15 17:49:46 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2010.05.15 16:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2010.01.12 06:03:33 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.10.19 18:03:41 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.10.19 18:03:40 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.08.23 01:16:26 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09) DRV - [2009.08.05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.07 21:06:26 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.07.26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008.01.18 23:41:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2007.10.12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.10.12 01:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928) DRV - [2007.07.18 19:32:40 | 001,841,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor) DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2007.03.26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViPrt.sys -- (ViPrt) DRV - [2007.03.26 15:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViBus.sys -- (ViBus) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.09.05 19:59:18 | 000,097,088 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se58mdm.sys -- (se58mdm) DRV - [2006.09.05 19:59:14 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se58mdfl.sys -- (se58mdfl) DRV - [2006.09.05 19:58:26 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se58bus.sys -- (se58bus) Sony Ericsson Device 088 driver (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 2B 1D 76 75 06 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.7.0088 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6 FF - prefs.js..extensions.enabledItems: {49f3fc85-dcfe-4e42-9301-226ebe658509}:0.6.6 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105 FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v4.0.20506\WPF\DotNetAssistantExtension\ [2009.09.11 14:23:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010.08.14 21:47:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.23 14:17:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.13 09:11:14 | 000,000,000 | ---D | M] [2009.03.28 14:03:22 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions [2009.03.28 14:03:22 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010.08.15 22:41:40 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions [2009.09.03 20:09:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.15 04:57:47 | 000,000,000 | ---D | M] (LinkChecker) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509} [2009.11.19 22:17:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.07.14 23:42:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.07.21 06:34:01 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010.08.14 21:18:06 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Toolbar) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2009.05.16 02:15:26 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\moveplayer@movenetworks.com [2009.11.23 21:44:03 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\searchrecs@veoh.com [2010.06.06 03:42:24 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\toolbar@ask.com [2010.05.17 14:32:00 | 000,002,253 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\askcom.xml [2010.06.15 00:31:50 | 000,000,943 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\conduit.xml [2009.04.08 23:54:53 | 000,000,440 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\daemon-search.xml [2010.08.15 22:51:28 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-1.xml [2009.11.18 05:19:16 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-2.xml [2009.12.20 05:36:08 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-3.xml [2010.01.08 06:22:30 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-4.xml [2010.02.18 21:48:52 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-5.xml [2010.04.03 02:03:14 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-6.xml [2010.05.17 14:31:54 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-7.xml [2010.07.14 23:43:00 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-8.xml [2010.07.14 23:42:52 | 000,000,168 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin.gif [2010.07.14 23:42:52 | 000,000,618 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin.src [2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin.xml [2010.08.14 21:18:58 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009.09.09 11:13:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.03.24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2010.07.23 14:17:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.23 14:17:50 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.07.23 14:17:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.23 14:17:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.23 14:17:50 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.08 01:32:24 | 000,403,666 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 13964 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [{427D3F2C-68EF-BD1E-D392-1BECB0DD60B1}] C:\Users\Standard\AppData\Roaming\Ivga\efik.exe File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Standard\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Standard\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - F:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.11 19:03:48 | 000,000,054 | R--- | M] () - F:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{5fc4d1f3-23a7-11de-9f15-e4ff96c00dd0}\Shell - "" = AutoRun O33 - MountPoints2\{5fc4d1f3-23a7-11de-9f15-e4ff96c00dd0}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found O33 - MountPoints2\{5fc4d1f5-23a7-11de-9f15-e4ff96c00dd0}\Shell - "" = AutoRun O33 - MountPoints2\{5fc4d1f5-23a7-11de-9f15-e4ff96c00dd0}\Shell\AutoRun\command - "" = M:\RunGame.exe -- File not found O33 - MountPoints2\{5fc4d213-23a7-11de-9f15-e4ff96c00dd0}\Shell - "" = AutoRun O33 - MountPoints2\{5fc4d213-23a7-11de-9f15-e4ff96c00dd0}\Shell\AutoRun\command - "" = N:\Autorun.exe -- File not found O33 - MountPoints2\{82640234-24f3-11de-8d68-d15cbd9629c2}\Shell - "" = AutoRun O33 - MountPoints2\{82640234-24f3-11de-8d68-d15cbd9629c2}\Shell\AutoRun\command - "" = O:\autorun.exe -- File not found O33 - MountPoints2\{c20f525a-00dd-11de-924b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c20f525a-00dd-11de-924b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.14 21:19:05 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\ForceField Shared Files [2010.08.14 21:19:04 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\CheckPoint [2010.08.14 21:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010.08.14 21:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm-Sicherheit [2010.08.14 21:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2010.08.14 21:17:29 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\Windows\System32\vsutil_loc0407.dll [2010.08.14 21:17:25 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsregexp.dll [2010.08.14 21:16:59 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2010.08.14 21:16:26 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll [2010.08.14 21:16:26 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll [2010.08.14 21:16:19 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vswmi.dll [2010.08.14 21:16:14 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zpeng25.dll [2010.08.14 21:16:14 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsxml.dll [2010.08.14 21:16:13 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vspubapi.dll [2010.08.14 21:16:13 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsmonapi.dll [2010.08.14 21:16:12 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsdata.dll [2010.08.14 21:15:56 | 000,457,304 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys [2010.08.14 21:15:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs [2010.08.14 21:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs [2010.08.14 21:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2010.08.14 21:15:29 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsinit.dll [2010.08.14 21:15:29 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2010.08.14 21:15:28 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsutil.dll [2010.08.13 22:52:56 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\Neuer Ordner [2010.08.12 21:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2010.08.12 21:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010.08.12 21:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2010.08.11 00:42:00 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.11 00:42:00 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.11 00:42:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.11 00:42:00 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.11 00:42:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.11 00:42:00 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.11 00:41:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.11 00:41:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.11 00:41:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.11 00:41:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.11 00:41:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.11 00:41:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.11 00:41:59 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.11 00:41:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.11 00:41:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.11 00:41:56 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.11 00:41:44 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.11 00:41:40 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.11 00:41:22 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.11 00:41:22 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.10 22:49:03 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\2K Games [2010.08.10 22:48:37 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2010.08.10 22:48:37 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2010.08.10 22:48:37 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2010.08.10 22:48:37 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2010.08.10 22:48:37 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll [2010.08.10 22:48:37 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2010.08.10 22:48:36 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll [2010.08.10 22:48:36 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2010.08.10 22:48:36 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2010.08.10 22:48:36 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll [2010.08.10 22:48:36 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2010.08.10 22:48:36 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2010.08.10 22:48:36 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll [2010.08.10 22:48:36 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll [2010.08.10 22:48:36 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll [2010.08.10 22:48:36 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2010.08.10 22:48:35 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll [2010.08.10 22:48:33 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2010.08.10 22:48:31 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2010.08.10 22:48:31 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2010.08.10 22:48:31 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2010.08.10 22:39:56 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\MafiaIIDemo [2010.08.10 22:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam [2010.08.10 22:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Steam [2010.08.09 20:26:07 | 001,279,192 | ---- | C] (IObit ) -- C:\Users\Standard\Desktop\gamebooster_151.exe [2010.08.05 04:40:12 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\neuuu [2010.07.31 02:52:31 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\.purple [2010.07.31 02:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin [2010.07.25 02:47:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2010.07.24 22:55:59 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2010.07.24 22:20:00 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Rockstar Games [2010.07.22 00:47:06 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\astragon Software GmbH [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.16 19:25:22 | 008,650,752 | ---- | M] () -- C:\Users\Standard\ntuser.dat [2010.08.16 18:43:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.16 18:43:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.16 16:44:34 | 000,053,164 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.08.16 16:44:34 | 000,053,164 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.08.16 16:44:05 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job [2010.08.16 16:44:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.16 16:43:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.16 16:43:50 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys [2010.08.16 16:42:52 | 000,524,288 | -HS- | M] () -- C:\Users\Standard\ntuser.dat{dc609bfd-582a-11df-b860-dbde0ba0b6e5}.TMContainer00000000000000000001.regtrans-ms [2010.08.16 16:42:52 | 000,065,536 | -HS- | M] () -- C:\Users\Standard\ntuser.dat{dc609bfd-582a-11df-b860-dbde0ba0b6e5}.TM.blf [2010.08.16 16:42:51 | 005,057,272 | -H-- | M] () -- C:\Users\Standard\AppData\Local\IconCache.db [2010.08.16 15:42:00 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.14 21:19:28 | 000,421,442 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml [2010.08.14 21:17:32 | 000,000,877 | ---- | M] () -- C:\Users\Standard\Desktop\ZoneAlarm Security.lnk [2010.08.14 21:17:31 | 000,005,977 | ---- | M] () -- C:\Windows\System32\vsconfig.xml [2010.08.14 21:13:54 | 048,045,056 | ---- | M] () -- C:\Users\Standard\Desktop\zaSetup_92_058_000_de.exe [2010.08.13 22:55:20 | 001,650,452 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.13 22:55:20 | 000,705,786 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.13 22:55:20 | 000,668,804 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.13 22:55:20 | 000,152,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.13 22:55:20 | 000,127,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.12 21:22:08 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2010.08.12 21:22:08 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010.08.12 19:45:39 | 000,423,073 | ---- | M] () -- C:\Users\Standard\Desktop\mafia2.time.freez.rar [2010.08.11 21:58:49 | 002,243,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.10 22:44:26 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2010.08.10 22:27:02 | 001,598,976 | ---- | M] () -- C:\Users\Standard\Desktop\SteamInstall.msi [2010.08.10 13:58:25 | 001,037,617 | ---- | M] () -- C:\Users\Standard\Desktop\MafiaII.exe [2010.08.09 20:26:56 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2010.08.09 20:26:56 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk [2010.08.09 20:26:13 | 001,279,192 | ---- | M] (IObit ) -- C:\Users\Standard\Desktop\gamebooster_151.exe [2010.08.09 20:25:43 | 000,260,400 | ---- | M] () -- C:\Users\Standard\Desktop\SoftonicDownloader80984.exe [2010.08.08 22:29:35 | 000,053,248 | ---- | M] () -- C:\Users\Standard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.03 04:42:47 | 000,000,218 | ---- | M] () -- C:\Users\Standard\.recently-used.xbel [2010.07.24 22:55:59 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2010.07.23 20:14:42 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.16 15:42:00 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.14 21:17:32 | 000,000,877 | ---- | C] () -- C:\Users\Standard\Desktop\ZoneAlarm Security.lnk [2010.08.14 21:17:31 | 000,005,977 | ---- | C] () -- C:\Windows\System32\vsconfig.xml [2010.08.14 21:15:56 | 000,421,442 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml [2010.08.14 21:13:52 | 048,045,056 | ---- | C] () -- C:\Users\Standard\Desktop\zaSetup_92_058_000_de.exe [2010.08.12 21:22:08 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2010.08.12 21:22:08 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010.08.12 19:40:37 | 001,037,617 | ---- | C] () -- C:\Users\Standard\Desktop\MafiaII.exe [2010.08.12 04:47:37 | 000,423,073 | ---- | C] () -- C:\Users\Standard\Desktop\mafia2.time.freez.rar [2010.08.10 22:27:48 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2010.08.10 22:26:53 | 001,598,976 | ---- | C] () -- C:\Users\Standard\Desktop\SteamInstall.msi [2010.08.09 20:26:56 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2010.08.09 20:26:56 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk [2010.08.09 20:25:43 | 000,260,400 | ---- | C] () -- C:\Users\Standard\Desktop\SoftonicDownloader80984.exe [2010.08.03 04:42:47 | 000,000,218 | ---- | C] () -- C:\Users\Standard\.recently-used.xbel [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.10.19 18:03:40 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.10.19 18:03:39 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.09.17 02:02:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.04.07 21:06:26 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.03.18 18:42:50 | 000,077,824 | ---- | C] () -- C:\Windows\System32\HPZIDS01.dll [2009.03.17 17:31:23 | 000,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2008.07.26 08:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2007.10.18 13:56:14 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2007.10.18 13:56:14 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.10.18 13:46:46 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll [2007.10.12 01:11:58 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000096.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 72 bytes -> C:\Windows:4F9666BB02E53299 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6CC69D3C @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:18AE7C5A < End of report > Dazu muss ich noch sagen das ich vorhin bei MAM auf Quarantäne und delete gegangen bin. Ist das nun in quarantäne und gelöscht? Soll ich den ganzen system32 ordner in euer forum schicken weil ich finde das hier nicht mehr C:\Windows\System32\lowsec <----- sondern nur C:\Windows\System32\ <-- das ? Geändert von Farthecry (16.08.2010 um 18:34 Uhr) Grund: was muss ich nun tun? |
|
16.08.2010, 22:35
| #8 |
| | habe von der telekom ein brief bekommen, sind trojaner auf mein pc? Hi, das war fast gut. Du hättet die Quarantäne nicht löschen sollen, da wir die Files noch gebraucht hätten (zur Untersuchung).... Nunja, habe ich mich wohl nicht klar genug ausgedrückt... Auf dem Rechner war aber schon mal einiges los, oder? Lass mal die folgenden Files untersuchen, wenn Du sie findest... Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter
C:\Windows\System32\DRIVERS\ipinip.sys
C:\Windows\System32\drivers\blbdrive.sys
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [{427D3F2C-68EF-BD1E-D392-1BECB0DD60B1}] C:\Users\Standard\AppData\Roaming\Ivga\efik.exe File not found
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
[2010.05.17 14:32:00 | 000,002,253 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\askcom.xml
:Commands
[emptytemp]
[Reboot]
Superantispyware: Anleitung&Download hier: http://www.trojaner-board.de/51871-a...tispyware.html chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
17.08.2010, 02:33
| #9 |
| | habe von der telekom ein brief bekommen, sind trojaner auf mein pc? hi chris4you. Habe die zwei dateien nicht gefunden, sind nicht mehr in diesem verzeichniss ich vermute MAM hat sie in quarantäne geschoben oder gelöscht? Jedenfalls habe ich nun den code mit OTL gemacht und hier der log, nach dem fix hat mein pc sich neugestartet. Code:
ATTFilter All processes killed
Error: Unable to interpret <Code:Alles auswählenLarusso Modus > in the current context!
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{427D3F2C-68EF-BD1E-D392-1BECB0DD60B1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{427D3F2C-68EF-BD1E-D392-1BECB0DD60B1}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: toolbar@ask.com:3.6.6.117 removed from extensions.enabledItems
C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\askcom.xml moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
User: Gast
->Temp folder emptied: 5320370 bytes
->Temporary Internet Files folder emptied: 5391768 bytes
->Java cache emptied: 162323 bytes
->Flash cache emptied: 627 bytes
User: Public
User: Standard
->Temp folder emptied: 18759104 bytes
->Temporary Internet Files folder emptied: 61081989 bytes
->Java cache emptied: 31828961 bytes
->FireFox cache emptied: 40333342 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 124801 bytes
->Flash cache emptied: 4257 bytes
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3104386 bytes
RecycleBin emptied: 5308 bytes
Total Files Cleaned = 159,00 mb
OTL by OldTimer - Version 3.2.9.1 log created on 08172010_005354
Files\Folders moved on Reboot...
C:\Users\Standard\AppData\Local\Temp\~DF6C6B.tmp moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5ZTXB1L\01[1].htm moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5ZTXB1L\df949936-2850-4e26-af65-c14d91c5c48b[1].htm moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7ZMACK5\adsCAJIBH6G.htm moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7ZMACK5\adsCAQXHDR3.htm moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7ZMACK5\de_msn_com[1].htm moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E8ES44KZ\adsCAYAW9HN.htm moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BFLXWSC0\89508-habe-von-der-telekom-ein-brief-bekommen-sind-trojaner-auf-mein-pc[1].html moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BFLXWSC0\blank[1].htm moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File\Folder C:\Windows\temp\ZLT07fd1.TMP not found!
Registry entries deleted on Reboot...
|
|
17.08.2010, 05:50
| #10 |
| | habe von der telekom ein brief bekommen, sind trojaner auf mein pc?
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
18.08.2010, 00:59
| #11 |
| | habe von der telekom ein brief bekommen, sind trojaner auf mein pc? hi Chris4you, habe nun zwei mal den kompletten scan ausgeführt mit SUPERAntiSpyware und er hat beim ersten 22.Adware infektionen gefunden und ein troj.win32. Und dann beim zweiten hat er nochmal 15Gefunden. Und dann hab ich schnell scan nochmal gemacht, und er hat 1 Adware gefunden. Soll ich nun noch etwas machen? |
|
18.08.2010, 17:32
| #12 |
| | habe von der telekom ein brief bekommen, sind trojaner auf mein pc? Hi, poste das Log von Superantspyware und ein neues OTL-Log.... Da waren jede Menge Spuren von alten Infektionen... Customscan mit OTL: * Starte bitte die OTL.exe. Vista/Win7-User mit Rechtsklick "als Administrator starten" * Kopiere nun den Inhalt in die Textbox. Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
mv61xx.sys
/md5stop
c:\windows\system32\drivers\*.sys /lockedfiles
c:\windows\system32\*.dll /lockedfiles
%systemroot%\*. /mp /s
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
* Klicke nun bitte auf den Quick Scan Button. * Klick auf OK . * Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread Gmer: http://www.trojaner-board.de/74908-a...t-scanner.html Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
18.08.2010, 20:40
| #13 |
| | habe von der telekom ein brief bekommen, sind trojaner auf mein pc? Hö   ich kann den OTL log nicht hier rein posten da kommt immer diese fehlermeldung hier: Fatal error: Maximum execution time of 30 seconds exceeded in /www/htdocs/tbcom/includes/functions.php on line 1838 was soll das heißen??? ich mach nun GMER ok |
|
18.08.2010, 21:34
| #14 |
| | habe von der telekom ein brief bekommen, sind trojaner auf mein pc? Ok hab nun GMER gemacht, aber da kam kein Log? Chris4you hast du noch ein tipp was ich machen kann? Denkst du das mein Pc virenfrei irgendwann wird?? du hattest ja gesagt das auf mein pc viel los ist oder war. Ich hab den verdacht das auf mein Pc noch viren sind  wir müssen die viren verbrennen   Mfg far the cry |
|
20.08.2010, 00:17
| #15 |
| | habe von der telekom ein brief bekommen, sind trojaner auf mein pc? hi schicke hier die SUPERAntiSpyware scan log. Einmal vom 18.08 und dann nochmal vom 19.08 Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/18/2010 at 09:02 AM
Application Version : 4.41.1000
Core Rules Database Version : 5370
Trace Rules Database Version: 3182
Scan type : Complete Scan
Total Scan Time : 01:35:00
Memory items scanned : 602
Memory threats detected : 0
Registry items scanned : 9260
Registry threats detected : 0
File items scanned : 153509
File threats detected : 16
Adware.Tracking Cookie
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@ad.yieldmanager[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@adfarm1.adition[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@webmasterplan[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@tradedoubler[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@ad.zanox[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@msnportal.112.2o7[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@content.yieldmanager[3].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@zanox-affiliate[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@adtech[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@content.yieldmanager[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@atdmt[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@eas.apm.emediate[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@zanox[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@mediaplex[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@adxpose[1].txt
imagesrv.adition.com [ C:\Users\Standard\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\D4W7NWXK ]
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/19/2010 at 05:19 AM
Application Version : 4.41.1000
Core Rules Database Version : 5370
Trace Rules Database Version: 3182
Scan type : Complete Scan
Total Scan Time : 00:09:39
Memory items scanned : 565
Memory threats detected : 0
Registry items scanned : 9260
Registry threats detected : 0
File items scanned : 6109
File threats detected : 28
Adware.Tracking Cookie
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@ad.yieldmanager[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@rts.pgmediaserve[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@partypoker[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@adfarm1.adition[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@webmasterplan[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@tradedoubler[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@ads.whaleads[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@adultfriendfinder[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@ad.zanox[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@msnportal.112.2o7[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@content.yieldmanager[3].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@ad.ad-srv[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@zanox-affiliate[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@adxpansion[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@adtech[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@alphaporno[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@content.yieldmanager[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@ad3.adfarm1.adition[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@atdmt[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@adserver.hardsextube[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@eas.apm.emediate[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@zanox[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@www.zanox-affiliate[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@hardsextube[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@www.alphaporno[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@adweb2.hornymatches[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@atwola[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@tracking.mlsat02[1].txt
|
|
| Themen zu habe von der telekom ein brief bekommen, sind trojaner auf mein pc? |
| antivir, antivir guard, ask toolbar, ask.com, avg, avira, bho, brief, checkpoint, desktop, email, frage, highjackthis, hijack, hijackthis, internet, internet explorer, limewire, logfile, magix, monitor, performance, plug-in, safer networking, security, security scan, server, software, system, systweak, trojaner, vista, werbung, windows |
Linear-Darstellung
