| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Java/Agent, + versch. Tr/...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.09.2010, 09:43
| #16 |
 |  Java/Agent, + versch. Tr/... Und wieder mal ein Hallo  oder besser "noch" guten Morgen.Hier habe ich nun das Logfile von CF: Code:
ATTFilter ComboFix 10-09-21.01 - Admin 22.09.2010 9:42.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.502.242 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Admin\Desktop\cofi.exe.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Admin\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\dokume~1\Admin\LOKALE~1\Temp\krdpdre.sys"
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_KRDPDRE
-------\Service_krdpdre
((((((((((((((((((((((( Dateien erstellt von 2010-08-22 bis 2010-09-22 ))))))))))))))))))))))))))))))
.
2010-09-21 20:39 . 2010-09-21 20:39 -------- d-----w- c:\programme\Characterizer
2010-09-21 20:02 . 2008-09-11 19:01 59904 ----a-w- c:\windows\system32\unpdf.exe
2010-09-21 20:02 . 2008-06-16 11:11 81920 ----a-w- c:\windows\system32\emfxp.dll
2010-09-21 20:02 . 2010-09-21 20:02 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TalkAndWrite
2010-09-21 20:02 . 2010-09-21 20:02 -------- d-----w- c:\programme\TalkAndWrite
2010-09-21 12:32 . 2010-09-21 12:32 -------- d-----w- c:\programme\CCleaner
2010-09-20 14:49 . 2010-09-20 14:49 -------- d-----w- C:\_OTL
2010-09-19 07:50 . 2010-09-19 07:50 -------- d-----w- c:\programme\PokerTH-0.8-beta3
2010-09-18 16:31 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-09-18 16:31 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-18 16:30 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-18 16:28 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-09-18 16:25 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-09-18 13:59 . 2010-09-18 13:59 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Malwarebytes
2010-09-18 13:59 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-18 13:59 . 2010-09-18 13:59 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-09-18 13:59 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-18 13:59 . 2010-09-18 13:59 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-09-17 15:32 . 2010-09-17 15:36 -------- d-----w- c:\programme\Csdf4.3
2010-09-15 04:27 . 2010-09-15 04:27 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Engelmann Media
2010-09-15 04:26 . 2010-09-15 04:26 -------- d-----w- c:\programme\S.A.D
2010-09-15 04:11 . 2010-09-15 04:19 36675 ----a-w- c:\windows\DIIUnin.dat
2010-09-15 04:11 . 2010-09-15 04:11 2829 ----a-w- c:\windows\DIIUnin.pif
2010-09-15 04:11 . 2010-09-15 04:11 102400 ----a-w- c:\windows\DIIUnin.exe
2010-09-15 04:04 . 2010-09-15 04:04 -------- d-----w- c:\programme\D2
2010-09-13 20:15 . 2010-09-13 20:15 -------- d-----w- c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\TechSmith
2010-09-13 20:13 . 2010-03-04 15:27 411480 ----a-w- c:\windows\system32\tsccvid.dll
2010-09-13 20:13 . 2010-09-13 20:13 -------- d-----w- c:\windows\system32\QuickTime
2010-09-13 20:12 . 2010-09-13 20:12 -------- d-----w- c:\programme\Gemeinsame Dateien\TechSmith Shared
2010-09-13 20:11 . 2010-09-13 20:12 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TechSmith
2010-09-13 20:11 . 2010-09-13 20:11 -------- d-----w- c:\programme\TechSmith
2010-09-13 20:03 . 2010-09-13 20:03 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Media Player Classic
2010-09-13 20:01 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-09-13 17:09 . 2008-04-14 05:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-09-13 17:09 . 2008-04-14 05:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-09-13 17:08 . 2006-06-27 06:56 31872 ----a-w- c:\windows\system32\drivers\superwebcam.sys
2010-09-12 15:02 . 2010-09-12 15:13 -------- d-----w- c:\programme\CamStudio
2010-09-12 14:27 . 2010-09-12 14:54 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\WebcamMax
2010-09-12 14:27 . 2010-09-12 14:27 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\WebcamMax
2010-09-12 14:17 . 2010-09-12 14:17 -------- d-----w- c:\programme\WebcamMax
2010-09-12 10:20 . 2010-09-12 10:23 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\GetRightToGo
2010-09-12 10:09 . 2010-09-12 10:09 -------- d-----w- c:\programme\MSN Webcam Recorder
2010-09-08 19:07 . 2010-09-08 19:07 -------- d-----w- c:\programme\WinPcap
2010-09-08 19:07 . 2010-09-08 19:15 -------- d-----w- c:\programme\Cain
2010-09-08 17:55 . 2010-09-08 17:57 -------- d-----w- c:\dokumente und einstellungen\Xander\Anwendungsdaten\Passware
2010-08-31 01:07 . 2010-08-31 01:07 -------- d-----w- c:\dokumente und einstellungen\Xander\Anwendungsdaten\Image Zone Express
2010-08-26 17:40 . 2010-09-05 01:57 -------- d-----w- c:\dokumente und einstellungen\Gastkonto\Lokale Einstellungen\Anwendungsdaten\Adobe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 07:35 . 2009-11-09 23:28 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\vlc
2010-09-22 06:04 . 2010-01-05 22:11 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\skypePM
2010-09-21 22:18 . 2010-01-05 22:10 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Skype
2010-09-21 20:02 . 2010-09-21 20:02 465 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\dropall.bat
2010-09-21 20:02 . 2010-09-21 20:02 184 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\uninst.bat
2010-09-21 20:01 . 2010-09-21 20:01 397824 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TAWLauncher.exe
2010-09-21 20:01 . 2010-09-21 20:01 3930796 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite_setup.exe
2010-09-21 19:53 . 2010-06-11 22:44 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Nettalk
2010-09-20 09:15 . 2010-06-27 17:03 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-09-19 08:32 . 2010-07-08 08:51 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-09-18 18:07 . 2009-10-27 16:40 101232 ----a-w- c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-09-18 17:51 . 2009-11-03 13:41 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-09-18 17:43 . 2004-08-04 12:00 85170 ----a-w- c:\windows\system32\perfc007.dat
2010-09-18 17:43 . 2004-08-04 12:00 461726 ----a-w- c:\windows\system32\perfh007.dat
2010-09-18 17:23 . 2009-11-03 13:47 -------- d-----w- c:\programme\Microsoft Works
2010-09-15 04:47 . 2010-03-27 04:30 -------- d-----w- c:\programme\HEditor
2010-09-15 04:47 . 2010-03-27 04:30 249856 ------w- c:\windows\Setup1.exe
2010-09-15 04:47 . 2010-03-27 04:30 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-09-15 03:33 . 2009-10-27 21:17 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\sadGAME
2010-09-11 12:44 . 2000-09-26 19:12 1722 ----a-w- c:\programme\RDMS.INI
2010-09-09 21:56 . 2010-07-30 22:44 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers
2010-09-09 21:55 . 2009-11-09 20:27 -------- d-----w- c:\programme\Gemeinsame Dateien\DVDVideoSoft
2010-08-22 20:45 . 2010-08-22 20:42 -------- d-----w- c:\programme\mbrola
2010-08-22 20:28 . 2010-08-22 20:28 -------- d-----w- c:\programme\eSpeak
2010-08-22 20:08 . 2010-08-22 20:08 -------- d-----w- c:\programme\Acapela Group
2010-08-22 20:08 . 2009-10-27 18:01 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-08-22 20:07 . 2010-08-22 20:07 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\InstallShield
2010-08-22 11:43 . 2010-08-22 11:43 -------- d-----w- c:\programme\ScanSoft
2010-08-22 11:34 . 2010-08-22 11:34 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Hunspell
2010-08-22 11:34 . 2010-08-22 11:34 -------- d-----w- c:\programme\Balabolka
2010-08-22 11:34 . 2010-08-22 11:34 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Balabolka
2010-08-22 11:30 . 2010-08-22 11:25 -------- d-----w- c:\programme\Gemeinsame Dateien\Logox.4.0
2010-08-22 11:25 . 2010-08-22 11:25 -------- d-----w- c:\programme\Gemeinsame Dateien\WebSpeech.4.0
2010-08-22 11:25 . 2010-08-22 11:25 159744 ----a-w- c:\windows\LgxSetup.exe
2010-08-21 22:10 . 2010-08-21 22:10 -------- d-----w- c:\programme\BlablaMaker
2010-08-21 22:04 . 2010-08-21 22:00 -------- d-----w- c:\programme\Microsoft Agent
2010-08-21 20:57 . 2010-08-21 20:57 -------- d-----w- c:\programme\Gemeinsame Dateien\L&H
2010-08-21 20:56 . 2010-08-21 20:55 -------- d-----w- c:\programme\Microsoft Reader
2010-08-20 19:22 . 2010-08-20 19:22 61440 ----a-w- c:\dokumente und einstellungen\Gastkonto\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-229f1b99-n\decora-sse.dll
2010-08-20 19:22 . 2010-08-20 19:22 503808 ----a-w- c:\dokumente und einstellungen\Gastkonto\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-45290bf7-n\msvcp71.dll
2010-08-20 19:22 . 2010-08-20 19:22 499712 ----a-w- c:\dokumente und einstellungen\Gastkonto\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-45290bf7-n\jmc.dll
2010-08-20 19:22 . 2010-08-20 19:22 348160 ----a-w- c:\dokumente und einstellungen\Gastkonto\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-45290bf7-n\msvcr71.dll
2010-08-20 19:22 . 2010-08-20 19:22 12800 ----a-w- c:\dokumente und einstellungen\Gastkonto\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-229f1b99-n\decora-d3d.dll
2010-08-18 18:57 . 2010-08-18 18:56 -------- d-----w- c:\programme\PokerTH-0.8-beta2
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 06:43 . 2010-08-09 21:52 -------- d-----w- c:\programme\AutoShutdownManager
2010-08-06 02:00 . 2010-08-06 02:00 503808 ----a-w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11e8810c-n\msvcp71.dll
2010-08-06 02:00 . 2010-08-06 02:00 61440 ----a-w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a6ea140-n\decora-sse.dll
2010-08-06 02:00 . 2010-08-06 02:00 499712 ----a-w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11e8810c-n\jmc.dll
2010-08-06 02:00 . 2010-08-06 02:00 348160 ----a-w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11e8810c-n\msvcr71.dll
2010-08-06 02:00 . 2010-08-06 02:00 12800 ----a-w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a6ea140-n\decora-d3d.dll
2010-08-03 16:56 . 2010-08-03 16:56 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype
2010-07-27 01:35 . 2010-07-27 01:35 -------- d-----w- c:\programme\PokerTH-0.8-beta1
2010-07-22 15:48 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-20 13:33 . 2010-07-20 13:33 503808 ----a-w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1483a6e2-n\msvcp71.dll
2010-07-20 13:33 . 2010-07-20 13:33 499712 ----a-w- c:\dokumente und einstellungen\Adminr\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1483a6e2-n\jmc.dll
2010-07-20 13:33 . 2010-07-20 13:33 348160 ----a-w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1483a6e2-n\msvcr71.dll
2010-07-20 13:33 . 2010-07-20 13:33 61440 ----a-w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-391499c7-n\decora-sse.dll
2010-07-20 13:33 . 2010-07-20 13:33 12800 ----a-w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-391499c7-n\decora-d3d.dll
2010-06-30 12:28 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-09-29 18:47 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-04 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-05-30 11:36 . 2010-05-27 19:43 1137336 ----a-w- c:\programme\SAVE5289.SAV
2010-05-30 11:28 . 2010-05-26 19:02 1124630 ----a-w- c:\programme\autosave.sav
2010-05-30 11:11 . 2010-05-20 21:30 1128565 ----a-w- c:\programme\SAVE0043.SAV
2010-05-26 16:09 . 2010-05-20 21:17 58330 ----a-w- c:\programme\RandMap.img
2010-05-26 16:09 . 2010-05-20 21:17 304 ----a-w- c:\programme\RandMap.Sed
2010-05-26 16:09 . 2010-05-26 16:09 304 ----a-w- c:\programme\SAVE18BE.SED
2010-05-22 10:43 . 2010-05-20 21:17 284 ----a-w- c:\programme\SAVE0029.SED
2010-05-22 07:47 . 2010-05-22 07:35 1738485 ----a-w- c:\programme\SAVE4957.SAV
2010-05-22 07:12 . 2010-05-22 07:12 284 ----a-w- c:\programme\SAVE4823.SED
2010-05-20 21:13 . 2010-05-20 21:13 1553 ----a-w- c:\programme\Keyboard.ini
2010-05-20 20:47 . 2010-05-20 20:47 50 ----a-w- c:\programme\CC.dat
2010-05-20 20:47 . 2010-05-20 20:47 3838 ----a-w- c:\programme\UNINST.WSU
2010-05-20 20:47 . 2010-05-20 20:47 128 ----a-w- c:\programme\Wkey.key
2010-05-20 20:46 . 2010-05-20 20:42 281074192 ----a-w- c:\programme\rdms.mix
2010-05-20 20:42 . 2010-05-20 20:41 53105368 ----a-w- c:\programme\language.mix
2000-11-05 17:08 . 2010-05-29 17:20 11264 ----a-w- c:\programme\cm-rdmstr.exe
2000-10-25 03:11 . 2000-10-25 03:11 129024 ----a-w- c:\programme\Rdms.exe
2000-10-01 23:31 . 2000-10-01 23:31 308276 ----a-w- c:\programme\00000409.256
2000-10-01 23:31 . 2000-10-01 23:31 307320 ----a-w- c:\programme\00000409.016
2000-10-01 23:31 . 2000-10-01 23:31 18768 ----a-w- c:\programme\SECDRV.SYS
2000-10-01 21:40 . 2000-10-01 21:40 4387088 ----a-w- c:\programme\GAME.EXE
2000-09-29 15:37 . 2000-09-29 15:37 27136 ----a-w- c:\programme\README.DOC
2000-09-29 15:34 . 2000-09-29 15:34 14171 ----a-w- c:\programme\README.TXT
2000-09-28 17:02 . 2000-09-28 17:02 73728 ----a-w- c:\programme\MPH.EXE
2000-09-26 20:37 . 2000-09-26 20:37 139264 ----a-w- c:\programme\Uninst.exe
2000-09-19 18:23 . 2000-09-19 18:23 4710 ----a-w- c:\programme\Rdms.ICO
2000-08-30 20:49 . 2000-08-30 20:49 53248 ----a-w- c:\programme\UNINSTLL.EXE
2000-08-24 21:00 . 2000-08-24 21:00 90112 ----a-w- c:\programme\PATCHGET.DAT
2000-07-27 19:22 . 2000-07-27 19:22 286208 ----a-w- c:\programme\Insoft.DLL
2000-07-17 13:45 . 2000-07-17 13:45 165 ----a-w- c:\programme\Rdms.lcf
2000-07-17 13:45 . 2000-07-17 13:45 39604 ----a-w- c:\programme\LAUNCHER.BMP
2000-07-17 13:45 . 2000-07-17 13:45 171520 ----a-w- c:\programme\PATCHW32.DLL
2000-06-27 22:00 . 2000-06-27 22:00 766 ----a-w- c:\programme\NOTES.ICO
2000-03-10 17:20 . 2000-03-10 17:20 2348 ----a-w- c:\programme\InsoftR.tlb
2000-03-10 17:20 . 2000-03-10 17:20 30896 ----a-w- c:\programme\Rdms.tlb
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
--- c:\windows\DIIUnin.dat ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 36675
Created time: 2010-09-15 04:11
Modified time: 2010-09-15 04:19
MD5: 9C438B7A1C0844477CA876F9646620DD
SHA1: DAE0ACAC3A2C08EE5CAC0BA4F6A0A11D97B424BE
--- c:\windows\DIIUnin.exe ---
Company: GameProjectX © 2005-2010
File Description: DIIUnin -Deinstallationsprogramm
File Version: 1, 0, 0, 5
Product Name: DIIUnin -Deinstallationsprogramm
Copyright: Copyright © 1995-2010
Original Filename: DII Unin.exe
File size: 102400
Created time: 2010-09-15 04:11
Modified time: 2010-09-15 04:11
MD5: 9033A5D45A5C81FA3605E4C5057F4DF5
SHA1: A5D25D1AB4F32426084095473F73D2D67F5DFBED
--- c:\windows\DIIUnin.pif ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 2829
Created time: 2010-09-15 04:11
Modified time: 2010-09-15 04:11
MD5: B67B23A2B0DAB45B6232658219DA7A1B
SHA1: B0FBD63169966A0BE2461FF67D5FCA5BD098B42F
--- c:\windows\system32\dllcache\moviemk.exe ---
Company: Microsoft Corporation
File Description: Windows Movie Maker
File Version: 2, 1, 4028, 0
Product Name: Windows Movie Maker
Copyright: Copyright (C) Microsoft Corp, 2004
Original Filename: MOVIEMK2.EXE
File size: 3558912
Created time: 2010-09-18 16:25
Modified time: 2010-06-18 13:36
MD5: B66621D7360044D3645C0AC059CF60B2
SHA1: D8CDC06D4361A912E2ADBC56B2715258EFBB3EFE
--- c:\windows\system32\dllcache\vfwwdm32.dll ---
Company: Microsoft Corporation
File Description: VfW MM-Treiber für WDM-Videoaufnahmegeräte
File Version: 5.1.2600.5512 (xpsp.080413-0845)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: VfWWDM32.DLL
File size: 54272
Created time: 2010-09-13 17:09
Modified time: 2008-04-14 05:52
MD5: 5B8DD211BBEA1410CE4D7B57BD6BB872
SHA1: CFF472AE5DA838FEEEFF7E03AA212CF5D7216934
--- c:\windows\system32\vfwwdm32.dll ---
Company: Microsoft Corporation
File Description: VfW MM-Treiber für WDM-Videoaufnahmegeräte
File Version: 5.1.2600.5512 (xpsp.080413-0845)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: VfWWDM32.DLL
File size: 54272
Created time: 2010-09-13 17:09
Modified time: 2008-04-14 05:52
MD5: 5B8DD211BBEA1410CE4D7B57BD6BB872
SHA1: CFF472AE5DA838FEEEFF7E03AA212CF5D7216934
---- Directory of C:\Ftr ----
---- Directory of C:\Infovox2.lic ----
2010-08-22 20:08 . 2010-08-22 20:08 510 ----a-w- c:\infovox2.lic\demo512-4.lic
2010-08-22 20:08 . 2010-08-22 20:08 510 ----a-w- c:\infovox2.lic\demo512-1.lic
2010-08-22 20:08 . 2010-08-22 20:08 36 --sha-w- c:\infovox2.lic\agmm2.db.512
2010-08-22 20:08 . 2010-08-22 20:08 6464 --sha-w- c:\infovox2.lic\agmm1.db.512
2010-08-22 20:08 . 2010-08-22 20:08 1745 ----a-w- c:\infovox2.lic\license.prl
---- Directory of c:\programme\CCS ----
---- Directory of c:\programme\D2 ----
2010-09-19 08:31 . 2010-09-19 08:32 2532 ----a-w- c:\programme\D2\DII II\D2100919.txt
2010-09-15 22:09 . 2010-09-19 09:15 35928 ----a-w- c:\programme\D2\DII II\save\Stealth.ma0
2010-09-15 22:09 . 2010-09-15 22:09 24 ----a-w- c:\programme\D2\DII II\save\Stealth.map
2010-09-15 22:09 . 2010-09-15 22:09 1142 ----a-w- c:\programme\D2\DII II\save\Stealth.key
2010-09-15 22:09 . 2010-09-19 09:16 1527 ----a-w- c:\programme\D2\DII II\save\Stealth.d2s
2010-09-15 22:09 . 2010-09-15 22:10 980 ----a-w- c:\programme\D2\DII II\save\Stealth160011.bak
2010-09-15 22:09 . 2010-09-15 22:11 985 ----a-w- c:\programme\D2\DII II\save\Stealth160012.bak
2010-09-15 22:09 . 2010-09-15 22:12 985 ----a-w- c:\programme\D2\DII II\save\Stealth160014.bak
2010-09-15 22:09 . 2010-09-15 22:14 985 ----a-w- c:\programme\D2\DII II\save\Stealth160017.bak
2010-09-15 22:09 . 2010-09-15 22:17 1021 ----a-w- c:\programme\D2\DII II\save\Stealth160021.bak
2010-09-15 22:09 . 2010-09-15 22:21 1074 ----a-w- c:\programme\D2\DII II\save\Stealth160024.bak
2010-09-15 22:09 . 2010-09-15 22:24 1165 ----a-w- c:\programme\D2\DII II\save\Stealth160031.bak
2010-09-15 22:09 . 2010-09-15 22:31 1320 ----a-w- c:\programme\D2\DII II\save\Stealth160034.bak
2010-09-15 22:09 . 2010-09-15 22:34 1372 ----a-w- c:\programme\D2\DII II\save\Stealth160036.bak
2010-09-15 22:09 . 2010-09-15 22:36 1419 ----a-w- c:\programme\D2\DII II\save\Stealth160038.bak
2010-09-15 22:09 . 2010-09-15 22:38 1471 ----a-w- c:\programme\D2\DII II\save\Stealth160040.bak
2010-09-15 22:09 . 2010-09-15 22:40 1502 ----a-w- c:\programme\D2\DII II\save\Stealth160041.bak
2010-09-15 22:09 . 2010-09-15 22:43 1593 ----a-w- c:\programme\D2\DII II\save\Stealth160043.bak
2010-09-15 22:09 . 2010-09-15 22:43 1616 ----a-w- c:\programme\D2\DII II\save\Stealth160044.bak
2010-09-15 22:09 . 2010-09-15 23:03 1548 ----a-w- c:\programme\D2\DII II\save\Stealth191030.bak
2010-09-15 07:04 . 2010-09-15 23:05 35148 ----a-w- c:\programme\D2\DII II\save\Elizz.ma1
2010-09-15 04:36 . 2010-09-15 06:37 19598 ----a-w- c:\programme\D2\DII II\save\Elizz.ma0
2010-09-15 04:36 . 2010-09-15 07:04 24 ----a-w- c:\programme\D2\DII II\save\Elizz.map
2010-09-15 04:36 . 2010-09-15 22:09 1146 ----a-w- c:\programme\D2\DII II\default.key
2010-09-15 04:36 . 2010-09-15 04:36 1142 ----a-w- c:\programme\D2\DII II\save\Elizz.key
2010-09-15 04:36 . 2010-09-15 23:05 1644 ----a-w- c:\programme\D2\DII II\save\Elizz.d2s
2010-09-15 04:36 . 2010-09-15 04:46 958 ----a-w- c:\programme\D2\DII II\save\Elizz150650.bak
2010-09-15 04:36 . 2010-09-15 04:50 963 ----a-w- c:\programme\D2\DII II\save\Elizz150654.bak
2010-09-15 04:36 . 2010-09-15 04:58 999 ----a-w- c:\programme\D2\DII II\save\Elizz150659.bak
2010-09-15 04:36 . 2010-09-15 04:59 999 ----a-w- c:\programme\D2\DII II\save\Elizz150708.bak
2010-09-15 04:36 . 2010-09-15 05:08 1077 ----a-w- c:\programme\D2\DII II\save\Elizz150711.bak
2010-09-15 04:36 . 2010-09-15 05:31 1242 ----a-w- c:\programme\D2\DII II\save\Elizz150755.bak
2010-09-15 04:36 . 2010-09-15 05:55 1308 ----a-w- c:\programme\D2\DII II\save\Elizz150757.bak
2010-09-15 04:36 . 2010-09-15 05:57 1308 ----a-w- c:\programme\D2\DII II\save\Elizz150800.bak
2010-09-15 04:36 . 2010-09-15 06:00 1338 ----a-w- c:\programme\D2\DII II\save\Elizz150802.bak
2010-09-15 04:36 . 2010-09-15 06:04 1336 ----a-w- c:\programme\D2\DII II\save\Elizz150804.bak
2010-09-15 04:36 . 2010-09-15 06:04 1336 ----a-w- c:\programme\D2\DII II\save\Elizz150814.bak
2010-09-15 04:36 . 2010-09-15 06:39 1371 ----a-w- c:\programme\D2\DII II\save\Elizz150839.bak
2010-09-15 04:36 . 2010-09-15 06:39 1371 ----a-w- c:\programme\D2\DII II\save\Elizz150844.bak
2010-09-15 04:36 . 2010-09-15 06:46 1371 ----a-w- c:\programme\D2\DII II\save\Elizz150846.bak
2010-09-15 04:36 . 2010-09-15 06:46 1371 ----a-w- c:\programme\D2\DII II\save\Elizz150857.bak
2010-09-15 04:36 . 2010-09-15 06:57 1442 ----a-w- c:\programme\D2\DII II\save\Elizz150900.bak
2010-09-15 04:36 . 2010-09-15 07:02 1483 ----a-w- c:\programme\D2\DII II\save\Elizz150902.bak
2010-09-15 04:36 . 2010-09-15 07:02 1483 ----a-w- c:\programme\D2\DII II\save\Elizz150903.bak
2010-09-15 04:36 . 2010-09-15 07:06 1483 ----a-w- c:\programme\D2\DII II\save\Elizz150906.bak
2010-09-15 04:36 . 2010-09-15 07:07 1483 ----a-w- c:\programme\D2\DII II\save\Elizz150907.bak
2010-09-15 04:36 . 2010-09-15 07:08 1483 ----a-w- c:\programme\D2\DII II\save\Elizz150910.bak
2010-09-15 04:36 . 2010-09-15 07:18 1480 ----a-w- c:\programme\D2\DII II\save\Elizz150918.bak
2010-09-15 04:36 . 2010-09-15 07:18 1480 ----a-w- c:\programme\D2\DII II\save\Elizz150923.bak
2010-09-15 04:36 . 2010-09-15 07:26 1498 ----a-w- c:\programme\D2\DII II\save\Elizz150926.bak
2010-09-15 04:36 . 2010-09-15 07:26 1498 ----a-w- c:\programme\D2\DII II\save\Elizz150928.bak
2010-09-15 04:36 . 2010-09-15 07:28 1498 ----a-w- c:\programme\D2\DII II\save\Elizz150929.bak
2010-09-15 04:36 . 2010-09-15 07:35 1484 ----a-w- c:\programme\D2\DII II\save\Elizz151301.bak
2010-09-15 04:36 . 2010-09-15 11:01 1484 ----a-w- c:\programme\D2\DII II\save\Elizz151303.bak
2010-09-15 04:36 . 2010-09-15 11:03 1484 ----a-w- c:\programme\D2\DII II\save\Elizz151312.bak
2010-09-15 04:36 . 2010-09-15 11:12 1508 ----a-w- c:\programme\D2\DII II\save\Elizz151315.bak
2010-09-15 04:36 . 2010-09-15 11:15 1557 ----a-w- c:\programme\D2\DII II\save\Elizz151316.bak
2010-09-15 04:36 . 2010-09-15 12:24 1834 ----a-w- c:\programme\D2\DII II\save\Elizz151425.bak
2010-09-15 04:36 . 2010-09-15 12:25 1818 ----a-w- c:\programme\D2\DII II\save\Elizz152251.bak
2010-09-15 04:36 . 2010-09-15 20:51 1620 ----a-w- c:\programme\D2\DII II\save\Elizz152300.bak
2010-09-15 04:36 . 2010-09-15 21:00 1734 ----a-w- c:\programme\D2\DII II\save\Elizz152308.bak
2010-09-15 04:36 . 2010-09-15 21:08 1752 ----a-w- c:\programme\D2\DII II\save\Elizz152314.bak
2010-09-15 04:36 . 2010-09-15 21:15 1752 ----a-w- c:\programme\D2\DII II\save\Elizz152315.bak
2010-09-15 04:36 . 2010-09-15 21:37 1744 ----a-w- c:\programme\D2\DII II\save\Elizz152337.bak
2010-09-15 04:36 . 2010-09-15 22:07 1644 ----a-w- c:\programme\D2\DII II\save\Elizz160008.bak
2010-09-15 04:36 . 2010-09-15 22:08 1644 ----a-w- c:\programme\D2\DII II\save\Elizz160104.bak
2010-09-15 04:34 . 2010-09-19 09:17 192 ----a-w- c:\programme\D2\DII II\DSnetLog.txt
2010-09-15 04:19 . 2010-09-15 04:23 286 ----a-w- c:\programme\D2\DII II\DSupdate.log
2010-09-15 04:19 . 2010-09-15 04:19 2104101 ----a-w- c:\programme\D2\DII II\Patch_D2.mpq
2010-09-15 04:19 . 2010-09-15 04:23 80457 ----a-w- c:\programme\D2\DII II\Patch.txt
2010-09-15 04:19 . 2010-09-15 04:23 237568 ----a-w- c:\programme\D2\DII II\BNUpdate.exe
2010-09-15 04:18 . 2010-09-15 04:18 74 ----a-w- c:\programme\D2\DII II\Install.log
2010-09-15 04:18 . 2010-09-15 04:18 4639 ----a-w- c:\programme\D2\DII II\support\images\char\War2Bne.jpg
2010-09-15 04:18 . 2010-09-15 04:18 3681 ----a-w- c:\programme\D2\DII II\support\images\char\SysOp.jpg
2010-09-15 04:18 . 2010-09-15 04:18 3377 ----a-w- c:\programme\D2\DII II\support\images\char\Speaker.jpg
2010-09-15 04:18 . 2010-09-15 04:18 3843 ----a-w- c:\programme\D2\DII II\support\images\char\SC.jpg
2010-09-15 04:18 . 2010-09-15 04:18 3592 ----a-w- c:\programme\D2\DII II\support\images\char\Referee.jpg
2010-09-15 04:18 . 2010-09-15 04:18 4293 ----a-w- c:\programme\D2\DII II\support\images\char\mod.jpg
2010-09-15 04:18 . 2010-09-15 04:18 4027 ----a-w- c:\programme\D2\DII II\support\images\char\Medic.jpg
2010-09-15 04:18 . 2010-09-15 04:18 3203 ----a-w- c:\programme\D2\DII II\support\images\char\GHood.jpg
2010-09-15 04:18 . 2010-09-15 04:18 3587 ----a-w- c:\programme\D2\DII II\support\images\char\DS.jpg
2010-09-15 04:18 . 2010-09-15 04:18 3380 ----a-w- c:\programme\D2\DII II\support\images\char\Chat.jpg
2010-09-15 04:18 . 2010-09-15 04:18 3683 ----a-w- c:\programme\D2\DII II\support\images\char\BlizRep.jpg
2010-09-15 04:18 . 2010-09-15 04:18 3161 ----a-w- c:\programme\D2\DII II\support\images\char\BHood.jpg
2010-09-15 04:18 . 2010-09-15 04:18 2989 ----a-w- c:\programme\D2\DII II\support\images\readme.jpg
2010-09-15 04:18 . 2010-09-15 04:18 3133 ----a-w- c:\programme\D2\DII II\support\images\proxy.jpg
2010-09-15 04:18 . 2010-09-15 04:18 2827 ----a-w- c:\programme\D2\DII II\support\images\lat.jpg
2010-09-15 04:18 . 2010-09-15 04:18 4362 ----a-w- c:\programme\D2\DII II\support\images\d2.jpg
2010-09-15 04:18 . 2010-09-15 04:18 7456 ----a-w- c:\programme\D2\DII II\support\images\common.jpg
2010-09-15 04:18 . 2010-09-15 04:18 2675 ----a-w- c:\programme\D2\DII II\support\images\cd.jpg
2010-09-15 04:18 . 2010-09-15 04:18 3894 ----a-w- c:\programme\D2\DII II\support\images\dsnet.jpg
2010-09-15 04:18 . 2010-09-15 04:18 1999 ----a-w- c:\programme\D2\DII II\support\d2\sprite.htm
2010-09-15 04:18 . 2010-09-15 04:18 1955 ----a-w- c:\programme\D2\DII II\support\d2\realm.htm
2010-09-15 04:18 . 2010-09-15 04:18 1725 ----a-w- c:\programme\D2\DII II\support\d2\d2music.htm
2010-09-15 04:18 . 2010-09-15 04:18 2344 ----a-w- c:\programme\D2\DII II\support\d2\corpse.htm
2010-09-15 04:18 . 2010-09-15 04:18 15421 ----a-w- c:\programme\D2\DII II\support\d2\choppy.htm
2010-09-15 04:18 . 2010-09-15 04:18 1615 ----a-w- c:\programme\D2\DII II\support\d2\blckedge.htm
2010-09-15 04:18 . 2010-09-15 04:18 8082 ----a-w- c:\programme\D2\DII II\support\d2\accessv.htm
2010-09-15 04:18 . 2010-09-15 04:18 1654 ----a-w- c:\programme\D2\DII II\support\DSnet\general\symbols.htm
2010-09-15 04:18 . 2010-09-15 04:18 2264 ----a-w- c:\programme\D2\DII II\support\DSnet\errors\inuse.htm
2010-09-15 04:18 . 2010-09-15 04:18 120820 ----a-w- c:\programme\D2\DII II\xreadme.htm
2010-09-15 04:17 . 2010-09-15 04:18 62003804 ----a-w- c:\programme\D2\DII II\d2xtalk.mpq
2010-09-15 04:17 . 2010-09-15 04:17 250634963 ----a-w- c:\programme\D2\DII II\d2exp.mpq
2010-09-15 04:15 . 2010-09-15 04:16 348433635 ----a-w- c:\programme\D2\DII II\d2music.mpq
2010-09-15 04:11 . 2010-09-15 21:17 5865 ----a-w- c:\programme\D2\DII II\D2100915.txt
2010-09-15 04:11 . 2010-09-15 04:18 15304 ----a-w- c:\programme\D2\DII II\License.txt
2010-09-15 04:11 . 2005-08-17 01:12 2129920 ----a-w- c:\programme\D2\DII II\Game.exe
2010-09-15 04:11 . 2010-09-15 04:18 180224 ----a-w- c:\programme\D2\DII II\ijl11.dll
2010-09-15 04:11 . 2005-08-17 00:59 1138688 ----a-w- c:\programme\D2\DII II\D2Game.dll
2010-09-15 04:11 . 2005-08-17 01:02 180224 ----a-w- c:\programme\D2\DII II\D2VidTst.exe
2010-09-15 04:11 . 2005-08-17 00:55 98304 ----a-w- c:\programme\D2\DII II\D2sound.dll
2010-09-15 04:10 . 2010-09-15 04:18 95232 ----a-w- c:\programme\D2\DII II\SmackW32.dll
2010-09-15 04:10 . 2005-08-17 00:56 167936 ----a-w- c:\programme\D2\DII II\D2Launch.dll
2010-09-15 04:10 . 2005-08-17 00:54 372736 ----a-w- c:\programme\D2\DII II\Storm.dll
2010-09-15 04:10 . 2005-08-17 00:55 212992 ----a-w- c:\programme\D2\DII II\Fog.dll
2010-09-15 04:10 . 2010-09-15 04:18 45056 ----a-w- c:\programme\D2\DII II\DII.exe
2010-09-15 04:10 . 2005-08-17 00:56 143360 ----a-w- c:\programme\D2\DII II\D2Win.dll
2010-09-15 04:10 . 2005-08-17 00:55 49152 ----a-w- c:\programme\D2\DII II\D2Net.dll
2010-09-15 04:10 . 2005-08-17 00:56 126976 ----a-w- c:\programme\D2\DII II\D2Multi.dll
2010-09-15 04:10 . 2005-08-17 00:55 49152 ----a-w- c:\programme\D2\DII II\D2MCPClient.dll
2010-09-15 04:10 . 2005-08-17 00:55 77824 ----a-w- c:\programme\D2\DII II\D2Lang.dll
2010-09-15 04:10 . 2005-08-17 00:56 98304 ----a-w- c:\programme\D2\DII II\D2Glide.dll
2010-09-15 04:10 . 2005-08-17 00:55 77824 ----a-w- c:\programme\D2\DII II\D2gfx.dll
2010-09-15 04:10 . 2005-08-17 00:56 53248 ----a-w- c:\programme\D2\DII II\D2Gdi.dll
2010-09-15 04:10 . 2005-08-17 00:56 110592 ----a-w- c:\programme\D2\DII II\D2Direct3D.dll
2010-09-15 04:10 . 2005-08-17 00:56 69632 ----a-w- c:\programme\D2\DII II\D2DDraw.dll
2010-09-15 04:10 . 2005-08-17 00:58 679936 ----a-w- c:\programme\D2\DII II\D2Common.dll
2010-09-15 04:10 . 2005-08-17 00:55 159744 ----a-w- c:\programme\D2\DII II\D2CMP.dll
2010-09-15 04:10 . 2005-08-17 01:02 1093632 ----a-w- c:\programme\D2\DII II\D2Client.dll
2010-09-15 04:10 . 2010-09-15 04:10 1536 ----a-w- c:\programme\D2\DII II\D2.LNG
2010-09-15 04:10 . 2005-08-17 00:55 131072 ----a-w- c:\programme\D2\DII II\Bnclient.dll
2010-09-15 04:10 . 2010-09-15 04:18 200704 ----a-w- c:\programme\D2\DII II\binkw32.dll
2010-09-15 04:10 . 2010-09-15 04:10 176697998 ----a-w- c:\programme\D2\DII II\d2speech.mpq
2010-09-15 04:10 . 2010-09-15 04:11 51955649 ----a-w- c:\programme\D2\DII II\d2sfx.mpq
2010-09-15 04:09 . 2010-09-15 04:10 258361096 ----a-w- c:\programme\D2\DII II\d2data.mpq
2010-09-15 04:09 . 2010-09-15 04:18 2763 ----a-w- c:\programme\D2\DII II\support\include\support.css
2010-09-15 04:09 . 2010-09-15 04:09 5760 ----a-w- c:\programme\D2\DII II\support\images\winproxy\winproxy.gif
2010-09-15 04:09 . 2010-09-15 04:09 9639 ----a-w- c:\programme\D2\DII II\support\images\winproxy\wp3.gif
2010-09-15 04:09 . 2010-09-15 04:09 4317 ----a-w- c:\programme\D2\DII II\support\images\winproxy\wp2.gif
2010-09-15 04:09 . 2010-09-15 04:09 4326 ----a-w- c:\programme\D2\DII II\support\images\winproxy\wp1.gif
2010-09-15 04:09 . 2010-09-15 04:09 2895 ----a-w- c:\programme\D2\DII II\support\images\winproxy\sc3.gif
2010-09-15 04:09 . 2010-09-15 04:09 3632 ----a-w- c:\programme\D2\DII II\support\images\winproxy\sc2.gif
2010-09-15 04:09 . 2010-09-15 04:09 7582 ----a-w- c:\programme\D2\DII II\support\images\winproxy\sc1.gif
2010-09-15 04:09 . 2010-09-15 04:09 3824 ----a-w- c:\programme\D2\DII II\support\images\winproxy\sc.gif
2010-09-15 04:09 . 2010-09-15 04:09 5626 ----a-w- c:\programme\D2\DII II\support\images\wingate\wingate.gif
2010-09-15 04:09 . 2010-09-15 04:09 4408 ----a-w- c:\programme\D2\DII II\support\images\wingate\wg5.gif
2010-09-15 04:09 . 2010-09-15 04:09 4447 ----a-w- c:\programme\D2\DII II\support\images\wingate\wg4.gif
2010-09-15 04:09 . 2010-09-15 04:09 3998 ----a-w- c:\programme\D2\DII II\support\images\wingate\wg3.gif
2010-09-15 04:09 . 2010-09-15 04:09 5537 ----a-w- c:\programme\D2\DII II\support\images\wingate\wg2.gif
2010-09-15 04:09 . 2010-09-15 04:09 9609 ----a-w- c:\programme\D2\DII II\support\images\wingate\wg1.gif
2010-09-15 04:09 . 2010-09-15 04:09 2895 ----a-w- c:\programme\D2\DII II\support\images\wingate\sc3.gif
2010-09-15 04:09 . 2010-09-15 04:09 3632 ----a-w- c:\programme\D2\DII II\support\images\wingate\sc2.gif
2010-09-15 04:09 . 2010-09-15 04:09 7582 ----a-w- c:\programme\D2\DII II\support\images\wingate\sc1.gif
2010-09-15 04:09 . 2010-09-15 04:09 3824 ----a-w- c:\programme\D2\DII II\support\images\wingate\sc.gif
2010-09-15 04:09 . 2010-09-15 04:09 5865 ----a-w- c:\programme\D2\DII II\support\images\msproxy\msproxy.gif
2010-09-15 04:09 . 2010-09-15 04:09 6897 ----a-w- c:\programme\D2\DII II\support\images\msproxy\msp10.gif
2010-09-15 04:09 . 2010-09-15 04:09 8209 ----a-w- c:\programme\D2\DII II\support\images\msproxy\msp9.gif
2010-09-15 04:09 . 2010-09-15 04:09 6182 ----a-w- c:\programme\D2\DII II\support\images\msproxy\msp8.gif
2010-09-15 04:09 . 2010-09-15 04:09 2691 ----a-w- c:\programme\D2\DII II\support\images\msproxy\msp7.gif
2010-09-15 04:09 . 2010-09-15 04:09 2705 ----a-w- c:\programme\D2\DII II\support\images\msproxy\msp6.gif
2010-09-15 04:09 . 2010-09-15 04:09 2724 ----a-w- c:\programme\D2\DII II\support\images\msproxy\msp5.gif
2010-09-15 04:09 . 2010-09-15 04:09 2705 ----a-w- c:\programme\D2\DII II\support\images\msproxy\msp4.gif
2010-09-15 04:09 . 2010-09-15 04:09 5480 ----a-w- c:\programme\D2\DII II\support\images\msproxy\msp3.gif
2010-09-15 04:09 . 2010-09-15 04:09 8180 ----a-w- c:\programme\D2\DII II\support\images\msproxy\msp2.gif
2010-09-15 04:09 . 2010-09-15 04:09 7002 ----a-w- c:\programme\D2\DII II\support\images\msproxy\msp1.gif
2010-09-15 04:09 . 2010-09-15 04:09 3564 ----a-w- c:\programme\D2\DII II\support\images\msproxy\clnt4.gif
2010-09-15 04:09 . 2010-09-15 04:09 5385 ----a-w- c:\programme\D2\DII II\support\images\msproxy\clnt3.gif
2010-09-15 04:09 . 2010-09-15 04:09 6896 ----a-w- c:\programme\D2\DII II\support\images\msproxy\clnt2.gif
2010-09-15 04:09 . 2010-09-15 04:09 4106 ----a-w- c:\programme\D2\DII II\support\images\msproxy\clnt1.gif
2010-09-15 04:09 . 2010-09-15 04:09 3425 ----a-w- c:\programme\D2\DII II\support\images\char\war2bne.gif
2010-09-15 04:09 . 2010-09-15 04:09 1832 ----a-w- c:\programme\D2\DII II\support\images\char\sysop.gif
2010-09-15 04:09 . 2010-09-15 04:09 1539 ----a-w- c:\programme\D2\DII II\support\images\char\speaker.gif
2010-09-15 04:09 . 2010-09-15 04:09 2283 ----a-w- c:\programme\D2\DII II\support\images\char\sc.gif
2010-09-15 04:09 . 2010-09-15 04:09 1788 ----a-w- c:\programme\D2\DII II\support\images\char\referee.gif
2010-09-15 04:09 . 2010-09-15 04:09 2484 ----a-w- c:\programme\D2\DII II\support\images\char\mod.gif
2010-09-15 04:09 . 2010-09-15 04:09 2281 ----a-w- c:\programme\D2\DII II\support\images\char\medic.gif
2010-09-15 04:09 . 2010-09-15 04:09 1322 ----a-w- c:\programme\D2\DII II\support\images\char\ghood.gif
2010-09-15 04:09 . 2010-09-15 04:09 1783 ----a-w- c:\programme\D2\DII II\support\images\char\ds.gif
2010-09-15 04:09 . 2010-09-15 04:09 1510 ----a-w- c:\programme\D2\DII II\support\images\char\chat.gif
2010-09-15 04:09 . 2010-09-15 04:09 1938 ----a-w- c:\programme\D2\DII II\support\images\char\blizrep.gif
2010-09-15 04:09 . 2010-09-15 04:09 1534 ----a-w- c:\programme\D2\DII II\support\images\char\bhood.gif
2010-09-15 04:09 . 2010-09-15 04:09 586 ----a-w- c:\programme\D2\DII II\support\images\arrows\right.gif
2010-09-15 04:09 . 2010-09-15 04:09 587 ----a-w- c:\programme\D2\DII II\support\images\arrows\left.gif
2010-09-15 04:09 . 2010-09-15 04:09 283 ----a-w- c:\programme\D2\DII II\support\images\readme.gif
2010-09-15 04:09 . 2010-09-15 04:09 267 ----a-w- c:\programme\D2\DII II\support\images\proxy.gif
2010-09-15 04:09 . 2010-09-15 04:09 323 ----a-w- c:\programme\D2\DII II\support\images\lat.gif
2010-09-15 04:09 . 2010-09-15 04:09 2512 ----a-w- c:\programme\D2\DII II\support\images\d2.gif
2010-09-15 04:09 . 2010-09-15 04:18 85737 ----a-w- c:\programme\D2\DII II\support\images\d2logo.jpg
2010-09-15 04:09 . 2010-09-15 04:09 13612 ----a-w- c:\programme\D2\DII II\support\images\common.gif
2010-09-15 04:09 . 2010-09-15 04:09 1530 ----a-w- c:\programme\D2\DII II\support\images\cd.gif
2010-09-15 04:09 . 2010-09-15 04:09 1924 ----a-w- c:\programme\D2\DII II\support\images\bnet.gif
2010-09-15 04:09 . 2010-09-15 04:18 3769 ----a-w- c:\programme\D2\DII II\support\d2\windows.htm
2010-09-15 04:09 . 2010-09-15 04:18 2091 ----a-w- c:\programme\D2\DII II\support\d2\vid_mode.htm
2010-09-15 04:09 . 2010-09-15 04:18 30760 ----a-w- c:\programme\D2\DII II\support\d2\vendors.htm
2010-09-15 04:09 . 2010-09-15 04:18 1364 ----a-w- c:\programme\D2\DII II\support\d2\unique.htm
2010-09-15 04:09 . 2010-09-15 04:18 5051 ----a-w- c:\programme\D2\DII II\support\d2\terms.htm
2010-09-15 04:09 . 2010-09-15 04:18 3315 ----a-w- c:\programme\D2\DII II\support\d2\tech.htm
2010-09-15 04:09 . 2010-09-15 04:18 3971 ----a-w- c:\programme\D2\DII II\support\d2\msinfo.htm
2010-09-15 04:09 . 2010-09-15 04:18 4692 ----a-w- c:\programme\D2\DII II\support\d2\minreq.htm
2010-09-15 04:09 . 2010-09-15 04:18 13673 ----a-w- c:\programme\D2\DII II\support\d2\legalfaq.htm
2010-09-15 04:09 . 2010-09-15 04:18 3098 ----a-w- c:\programme\D2\DII II\support\d2\index.htm
2010-09-15 04:09 . 2010-09-15 04:18 12272 ----a-w- c:\programme\D2\DII II\support\d2\icontact.htm
2010-09-15 04:09 . 2010-09-15 04:18 2095 ----a-w- c:\programme\D2\DII II\support\d2\hardcore.htm
2010-09-15 04:09 . 2010-09-15 04:18 2570 ----a-w- c:\programme\D2\DII II\support\d2\errors.htm
2010-09-15 04:09 . 2010-09-15 04:18 3438 ----a-w- c:\programme\D2\DII II\support\d2\drivers.htm
2010-09-15 04:09 . 2010-09-15 04:18 2353 ----a-w- c:\programme\D2\DII II\support\d2\death.htm
2010-09-15 04:09 . 2010-09-15 04:18 4192 ----a-w- c:\programme\D2\DII II\support\d2\cr.htm
2010-09-15 04:09 . 2010-09-15 04:18 2160 ----a-w- c:\programme\D2\DII II\support\d2\contact.htm
2010-09-15 04:09 . 2010-09-15 04:18 34971 ----a-w- c:\programme\D2\DII II\support\d2\cd.htm
2010-09-15 04:09 . 2010-09-15 04:18 2554 ----a-w- c:\programme\D2\DII II\support\d2\alt_tab.htm
2010-09-15 04:09 . 2010-09-15 04:18 2691 ----a-w- c:\programme\D2\DII II\support\d2\altav.htm
2010-09-15 04:09 . 2010-09-15 04:09 1579 ----a-w- c:\programme\D2\DII II\support\bnet\general\symobls.htm
2010-09-15 04:09 . 2010-09-15 04:18 1399 ----a-w- c:\programme\D2\DII II\support\bnet\general\index.htm
2010-09-15 04:09 . 2010-09-15 04:18 2993 ----a-w- c:\programme\D2\DII II\support\bnet\general\harass.htm
2010-09-15 04:09 . 2010-09-15 04:18 1900 ----a-w- c:\programme\D2\DII II\support\bnet\general\chatboot.htm
2010-09-15 04:09 . 2010-09-15 04:18 2526 ----a-w- c:\programme\D2\DII II\support\bnet\errors\password.htm
2010-09-15 04:09 . 2010-09-15 04:18 2062 ----a-w- c:\programme\D2\DII II\support\bnet\errors\noname.htm
2010-09-15 04:09 . 2010-09-15 04:18 2517 ----a-w- c:\programme\D2\DII II\support\bnet\errors\manually.htm
2010-09-15 04:09 . 2010-09-15 04:18 2845 ----a-w- c:\programme\D2\DII II\support\bnet\errors\index.htm
2010-09-15 04:09 . 2010-09-15 04:18 1766 ----a-w- c:\programme\D2\DII II\support\bnet\errors\cdkey.htm
2010-09-15 04:09 . 2010-09-15 04:18 2717 ----a-w- c:\programme\D2\DII II\support\bnet\errors\appver.htm
2010-09-15 04:09 . 2010-09-15 04:18 1612 ----a-w- c:\programme\D2\DII II\support\bnet\errors\account.htm
2010-09-15 04:09 . 2010-09-15 04:18 1528 ----a-w- c:\programme\D2\DII II\support\bnet\errors\16bit.htm
2010-09-15 04:09 . 2010-09-15 04:18 3182 ----a-w- c:\programme\D2\DII II\support\bnet\latency.htm
2010-09-15 04:09 . 2010-09-15 04:18 1938 ----a-w- c:\programme\D2\DII II\support\bnet\index.htm
2010-09-15 04:09 . 2010-09-15 04:18 8354 ----a-w- c:\programme\D2\DII II\support\bnet\commands.htm
2010-09-15 04:09 . 2010-09-15 04:18 3379 ----a-w- c:\programme\D2\DII II\support\bnet\char.htm
2010-09-15 04:09 . 2010-09-15 04:18 5109 ----a-w- c:\programme\D2\DII II\support\bnet\channels.htm
2010-09-15 04:09 . 2010-09-15 04:18 2523 ----a-w- c:\programme\D2\DII II\support\index.htm
2010-09-15 04:09 . 2010-09-15 04:09 108411 ----a-w- c:\programme\D2\DII II\d2readme.htm
2010-09-15 04:07 . 2010-09-15 04:08 460922267 ----a-w- c:\programme\D2\DII\d2video.mpq
2010-09-15 04:05 . 2010-09-15 04:18 266912357 ----a-w- c:\programme\D2\DII\d2char.mpq
---- Directory of c:\programme\mbrola ----
2010-08-22 20:45 . 2004-08-11 07:33 9920 ----a-w- c:\programme\mbrola\de8\test\traum.pho
2010-08-22 20:45 . 2004-08-11 15:09 25 ----a-w- c:\programme\mbrola\de8\test\mbroli.ini
2010-08-22 20:45 . 2004-08-11 15:01 2955 ----a-w- c:\programme\mbrola\de8\de8.txt
2010-08-22 20:45 . 2004-08-11 15:12 1685 ----a-w- c:\programme\mbrola\de8\license.txt
2010-08-22 20:45 . 2004-08-11 15:05 10412936 ----a-w- c:\programme\mbrola\de8\de8
2010-08-22 20:45 . 2003-03-28 10:13 6312 ----a-w- c:\programme\mbrola\de7.txt
2010-08-22 20:45 . 2003-04-04 12:17 56593182 ----a-w- c:\programme\mbrola\de7
2010-08-22 20:45 . 2003-03-28 10:26 361 ----a-w- c:\programme\mbrola\test\spanish.pho
2010-08-22 20:44 . 2003-03-28 10:25 273 ----a-w- c:\programme\mbrola\test\kennen.pho
2010-08-22 20:44 . 2003-03-20 15:37 4354 ----a-w- c:\programme\mbrola\test\gale_loud.pho
2010-08-22 20:44 . 2003-03-20 15:37 2784 ----a-w- c:\programme\mbrola\test\gale_modal.pho
2010-08-22 20:44 . 2003-03-20 15:37 4354 ----a-w- c:\programme\mbrola\test\gale_soft.pho
2010-08-22 20:44 . 2003-04-04 16:59 676 ----a-w- c:\programme\mbrola\test\hallo.pho
2010-08-22 20:44 . 2003-03-28 10:24 338 ----a-w- c:\programme\mbrola\test\hoerzu.pho
2010-08-22 20:44 . 2003-03-28 10:18 528 ----a-w- c:\programme\mbrola\test\english.pho
2010-08-22 20:44 . 2003-03-28 10:20 363 ----a-w- c:\programme\mbrola\test\erzaehl.pho
2010-08-22 20:44 . 2003-03-28 10:23 450 ----a-w- c:\programme\mbrola\test\french.pho
2010-08-22 20:44 . 2002-11-05 17:17 351 ----a-w- c:\programme\mbrola\de6\TEST\spanish.pho
2010-08-22 20:44 . 2002-11-08 09:45 23 ----a-w- c:\programme\mbrola\de6\TEST\mbroli.ini
2010-08-22 20:44 . 2002-11-05 16:38 522 ----a-w- c:\programme\mbrola\de6\TEST\english.pho
2010-08-22 20:44 . 2002-11-05 16:22 358 ----a-w- c:\programme\mbrola\de6\TEST\erzaehl.pho
2010-08-22 20:44 . 2002-11-05 16:52 445 ----a-w- c:\programme\mbrola\de6\TEST\french.pho
2010-08-22 20:44 . 2002-11-05 16:18 335 ----a-w- c:\programme\mbrola\de6\TEST\hoerzu.pho
2010-08-22 20:44 . 2002-11-05 16:24 270 ----a-w- c:\programme\mbrola\de6\TEST\kennen.pho
2010-08-22 20:44 . 2002-11-25 13:13 1772 ----a-w- c:\programme\mbrola\de6\license.txt
2010-08-22 20:44 . 2002-11-25 13:13 6340 ----a-w- c:\programme\mbrola\de6\de6.txt
2010-08-22 20:44 . 2002-11-25 12:15 56671331 ----a-w- c:\programme\mbrola\de6\de6
2010-08-22 20:44 . 2002-11-05 09:26 4822 ----a-w- c:\programme\mbrola\de5\test\de5test.pho
2010-08-22 20:44 . 2002-11-07 09:47 23 ----a-w- c:\programme\mbrola\de5\test\mbroli.ini
2010-08-22 20:44 . 2002-11-05 09:41 5452 ----a-w- c:\programme\mbrola\de5\de5.txt
2010-08-22 20:44 . 2002-11-05 08:55 1729 ----a-w- c:\programme\mbrola\de5\license.txt
2010-08-22 20:44 . 2002-11-07 09:42 14243825 ----a-w- c:\programme\mbrola\de5\de5
2010-08-22 20:44 . 2002-08-12 08:51 4931 ----a-w- c:\programme\mbrola\de4.txt
2010-08-22 20:44 . 2002-10-17 10:12 1863 ----a-w- c:\programme\mbrola\license.txt
2010-08-22 20:44 . 2002-08-12 08:51 22267458 ----a-w- c:\programme\mbrola\de4
2010-08-22 20:44 . 2002-08-12 09:01 23 ----a-w- c:\programme\mbrola\test\mbroli.ini
2010-08-22 20:44 . 2002-08-12 08:53 2930 ----a-w- c:\programme\mbrola\test\de4.movies.pho
2010-08-22 20:44 . 2002-08-12 08:53 4538 ----a-w- c:\programme\mbrola\test\de4.tourdefrance.pho
2010-08-22 20:44 . 2000-03-07 10:31 6446 ----a-w- c:\programme\mbrola\de3\de3.txt
2010-08-22 20:44 . 2000-03-01 09:26 1740 ----a-w- c:\programme\mbrola\de3\license.txt
2010-08-22 20:44 . 2000-03-06 18:53 12588 ----a-w- c:\programme\mbrola\de3\TEST\de3tts.pho
2010-08-22 20:44 . 2000-03-07 10:46 5366 ----a-w- c:\programme\mbrola\de3\TEST\wetter.pho
2010-08-22 20:44 . 2000-03-06 17:52 4102 ----a-w- c:\programme\mbrola\de3\TEST\de3test.pho
2010-08-22 20:44 . 2000-03-07 10:45 877 ----a-w- c:\programme\mbrola\de3\TEST\demo.pho
2010-08-22 20:44 . 2000-03-01 09:24 23 ----a-w- c:\programme\mbrola\de3\TEST\mbroli.ini
2010-08-22 20:44 . 2000-03-01 08:48 11470107 ----a-w- c:\programme\mbrola\de3\de3
2010-08-22 20:44 . 1999-01-06 14:08 10447243 ----a-w- c:\programme\mbrola\de2\de2
2010-08-22 20:44 . 1999-01-06 14:41 7541 ----a-w- c:\programme\mbrola\de2\de2.txt
2010-08-22 20:44 . 1997-09-17 11:33 1740 ----a-w- c:\programme\mbrola\de2\license.txt
2010-08-22 20:44 . 1997-09-17 10:53 2355 ----a-w- c:\programme\mbrola\de2\TEST\lautern.pho
2010-08-22 20:44 . 1997-09-17 10:53 2695 ----a-w- c:\programme\mbrola\de2\TEST\tts.pho
2010-08-22 20:44 . 1997-10-16 08:12 24 ----a-w- c:\programme\mbrola\de2\TEST\mbroli.ini
2010-08-22 20:44 . 1997-08-18 12:26 8810 ----a-w- c:\programme\mbrola\de2\TEST\wetter.pho
2010-08-22 20:44 . 1997-10-16 07:12 24 ----a-w- c:\programme\mbrola\de1\TEST\mbroli.ini
2010-08-22 20:44 . 1996-09-27 07:47 5549 ----a-w- c:\programme\mbrola\de1\TEST\weather.pho
2010-08-22 20:44 . 1997-05-28 16:04 14489 ----a-w- c:\programme\mbrola\de1\TEST\wetter2.pho
2010-08-22 20:44 . 1997-05-27 15:44 14426 ----a-w- c:\programme\mbrola\de1\TEST\wetter2a.pho
2010-08-22 20:44 . 1996-09-27 07:42 1594 ----a-w- c:\programme\mbrola\de1\TEST\w1.pho
2010-08-22 20:44 . 1996-09-27 07:43 956 ----a-w- c:\programme\mbrola\de1\TEST\w5.pho
2010-08-22 20:44 . 1996-09-27 07:44 827 ----a-w- c:\programme\mbrola\de1\TEST\w6.pho
2010-08-22 20:44 . 1996-09-27 07:44 424 ----a-w- c:\programme\mbrola\de1\TEST\w7.pho
2010-08-22 20:44 . 1996-09-27 07:45 717 ----a-w- c:\programme\mbrola\de1\TEST\w8.pho
2010-08-22 20:44 . 1996-09-27 07:47 1031 ----a-w- c:\programme\mbrola\de1\TEST\w9.pho
2010-08-22 20:44 . 2002-03-19 12:42 5143 ----a-w- c:\programme\mbrola\de1\de1.txt
2010-08-22 20:44 . 2002-03-19 12:42 1677 ----a-w- c:\programme\mbrola\de1\license.txt
2010-08-22 20:44 . 1997-10-15 12:00 868 ----a-w- c:\programme\mbrola\de1\TEST\demo.pho
2010-08-22 20:44 . 2002-03-19 12:52 11456451 ----a-w- c:\programme\mbrola\de1\de1
2010-08-22 20:38 . 2010-08-22 20:38 9693603 ----a-w- c:\programme\mbrola\de8.zip
2010-08-22 20:33 . 2010-08-22 20:34 47642004 ----a-w- c:\programme\mbrola\de7.zip
2010-08-22 20:32 . 2010-08-22 20:33 48479957 ----a-w- c:\programme\mbrola\de6.zip
2010-08-22 20:31 . 2010-08-22 20:32 13134662 ----a-w- c:\programme\mbrola\de5.zip
2010-08-22 20:31 . 2010-08-22 20:31 19520969 ----a-w- c:\programme\mbrola\de4.zip
2010-08-22 20:30 . 2010-08-22 20:31 10486554 ----a-w- c:\programme\mbrola\de3-000307.zip
2010-08-22 20:30 . 2010-08-22 20:30 9463658 ----a-w- c:\programme\mbrola\de2-990106.zip
2010-08-22 20:30 . 2010-08-22 20:30 9946342 ----a-w- c:\programme\mbrola\de1-980227.zip
---- Directory of c:\programme\S.A.D ----
2006-10-23 12:54 . 2006-10-23 12:54 450560 ----a-w- c:\programme\S.A.D\Gamejack 6\HHActiveX.dll
2006-10-09 07:32 . 2006-10-09 07:32 2072962 ----a-w- c:\programme\S.A.D\Gamejack 6\GameJack 6.pdf
2006-10-09 07:28 . 2006-10-09 07:28 2117322 ----a-w- c:\programme\S.A.D\Gamejack 6\GameJack 6.chm
2006-10-06 10:46 . 2006-10-06 10:46 1490944 ----a-w- c:\programme\S.A.D\Gamejack 6\DVDArchive\gjarchiv.exe
2006-09-21 13:51 . 2006-09-21 13:51 2768896 ----a-w- c:\programme\S.A.D\Gamejack 6\Gamejack6.exe
2006-09-20 09:31 . 2006-09-20 09:31 1310720 ----a-w- c:\programme\S.A.D\Gamejack 6\BCGCB650.dll
2006-09-14 09:16 . 2006-09-14 09:16 122880 ----a-w- c:\programme\S.A.D\Gamejack 6\BugReport.exe
2006-09-01 15:50 . 2006-09-01 15:50 540672 ----a-w- c:\programme\S.A.D\Gamejack 6\RecDev.dll
2006-08-22 21:00 . 2006-08-22 21:00 122880 ----a-w- c:\programme\S.A.D\Gamejack 6\dvdchk.dll
2006-02-16 22:00 . 2006-02-16 22:00 608768 ----a-w- c:\programme\S.A.D\Gamejack 6\unidrv.msi
2006-01-24 12:29 . 2006-01-24 12:29 200704 ----a-w- c:\programme\S.A.D\Gamejack 6\wnaspi32.dll
2006-01-20 14:25 . 2006-01-20 14:25 217088 ----a-w- c:\programme\S.A.D\Gamejack 6\SoftCore.dll
2005-05-24 05:37 . 2005-05-24 05:37 1038848 ----a-w- c:\programme\S.A.D\Gamejack 6\dbghelp.dll
2005-05-11 13:44 . 2005-05-11 13:44 1466368 ----a-w- c:\programme\S.A.D\GameTuner\GameTuner.exe
2005-02-06 21:00 . 2005-02-06 21:00 212992 ----a-w- c:\programme\S.A.D\Gamejack 6\MXParser.dll
2004-07-02 16:07 . 2004-07-02 16:07 612236 ----a-w- c:\programme\S.A.D\GameTuner\GameTuner.pdf
2002-08-31 21:00 . 2002-08-31 21:00 51 ----a-w- c:\programme\S.A.D\Gamejack 6\DVDArchive\AUTORUN.INF
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-06 18750976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Admin^Startmenü^Programme^Autostart^ICQ-Tools.de Launcher.lnk]
path=c:\dokumente und einstellungen\Admin\Startmenü\Programme\Autostart\ICQ-Tools.de Launcher.lnk
backup=c:\windows\pss\ICQ-Tools.de Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Admin^Startmenü^Programme^Autostart^MagicDisc.lnk]
path=c:\dokumente und einstellungen\Admin\Startmenü\Programme\Autostart\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 -c--a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2010-03-08 12:16 319574 ----a-w- c:\programme\IVT Corporation\BlueSoleil\BtTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2009-01-21 15:34 16712 ----a-r- c:\programme\Corel\Corel Paint Shop\DEMO\CorelIOMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2009-01-21 15:34 532808 ----a-r- c:\programme\Gemeinsame Dateien\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Draw Suite]
2009-04-23 13:51 691656 ----a-w- c:\programme\Draw Suite Lite\dst.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-06 16:18 136176 ----atw- c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\programme\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 -c--a-w- c:\programme\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\programme\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883840 ----a-w- c:\programme\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-07-27 02:37 180224 ----a-w- c:\programme\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09 413696 ----a-w- c:\programme\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 15:57 26192168 ----a-r- c:\programme\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-20 08:17 434176 ----a-w- c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-09-18 06:25 1242448 ----a-w- c:\programme\Valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\programme\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VB]
2009-10-27 21:17 288560 ----a-w- c:\programme\VB\VBStudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun]
2009-12-30 21:50 1561232 ----a-w- c:\programme\WebcamMax\WebcamMax.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServiceLayer"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"wuauserv"=2 (0x2)
"OMSI download service"=2 (0x2)
"BsMobileCS"=2 (0x2)
"BsHelpCS"=3 (0x3)
"BlueSoleilCS"=2 (0x2)
"PSI_SVC_2"=2 (0x2)
"PCAutoShutdown_Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\VB\\VBStudio.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\Hector\\counter-strike beta\\hl.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\Hector\\condition zero\\hl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\Hector\\day of defeat\\hl.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\Hector\\deathmatch classic\\hl.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\Hector\\ricochet\\hl.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\EA GAMES\\Need for Speed Underground 2\\Demo\\speed2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\Hector\\counter-strike source\\hl2.exe"=
"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Programme\\mIRC\\mirc.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\Hector\\dedicated server\\hlds.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\LFS\\LFS.exe"=
"c:\\Programme\\Counter Strike\\Counter-Strike 1.6\\hl.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\Hector\\counter-strike\\hl.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [17.06.2009 15:01 19592]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [25.04.2010 01:05 135336]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 20:19 50704]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [17.06.2009 15:02 29192]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17.06.2009 15:01 25480]
R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [13.09.2010 19:08 31872]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27.10.2009 20:01 1684736]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [05.11.2009 08:01 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [05.11.2009 08:01 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [05.11.2009 08:01 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [05.11.2009 08:01 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [05.11.2009 08:01 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [05.11.2009 08:01 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [05.11.2009 08:01 109864]
S4 BsMobileCS;BsMobileCS;c:\programme\IVT Corporation\BlueSoleil\BsMobileCS.exe [09.03.2010 16:57 143467]
S4 OMSI download service;Sony Ericsson OMSI download service;c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [16.04.2010 01:19 90112]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.10.2009 00:50 721904]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.facebook.de/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\dokumente und einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\ido3j2y7.default\
FF - prefs.js: browser.search.selectedEngine - heise Netze: Whois
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - plugin: c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\ido3j2y7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-22 09:53
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'explorer.exe'(2052)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\HPZipm12.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-22 09:59:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-09-22 07:59
ComboFix2.txt 2010-09-21 12:58
Vor Suchlauf: 22 Verzeichnis(se), 49.868.935.168 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 49.772.617.728 Bytes frei
- - End Of File - - DE8417C1782FE9E07204F0475DCC114F
|
|
22.09.2010, 12:19
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Java/Agent, + versch. Tr/... Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus
__________________Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ |
|
22.09.2010, 19:23
| #18 |
| | Java/Agent, + versch. Tr/... Hallo cosinus,
__________________hier wie von dir beschrieben die gewählten Logs: GMER-Log: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-22 19:20:10
Windows 5.1.2600 Service Pack 3
Running: kb1jt3hq.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\ufldipob.sys
---- System - GMER 1.0.15 ----
SSDT F8DD6CDE ZwCreateKey
SSDT F8DD6CD4 ZwCreateThread
SSDT F8DD6CE3 ZwDeleteKey
SSDT F8DD6CED ZwDeleteValueKey
SSDT F8DD6CF2 ZwLoadKey
SSDT F8DD6CC0 ZwOpenProcess
SSDT F8DD6CC5 ZwOpenThread
SSDT F8DD6CFC ZwReplaceKey
SSDT F8DD6CF7 ZwRestoreKey
SSDT F8DD6CE8 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 428 804E2A94 4 Bytes CALL 90470805
? Combo-Fix.sys Das System kann die angegebene Datei nicht finden. !
? C:\DOKUME~1\Admin\LOKALE~1\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
? C:\cofi.exe\catchme.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DTS
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE8 0x5F 0x37 0xD3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0x46 0xD6 0xBD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1C 0x5D 0xFA 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x5C 0x82 0xB7 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DTS\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE8 0x5F 0x37 0xD3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0x46 0xD6 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4D 0x9E 0x03 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x0C 0x51 0x4A 0x79 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DTS\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE8 0x5F 0x37 0xD3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0x46 0xD6 0xBD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1C 0x5D 0xFA 0x84 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x5C 0x82 0xB7 0x1E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
---- EOF - GMER 1.0.15 ----
OSAM-Log: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:57:47 on 22.09.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.5.13 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Oracle" - C:\WINDOWS\system32\javacpl.cpl "mbrola.cpl" - "Multitel ASBL" - C:\WINDOWS\system32\mbrola.cpl "PhysX.cpl" - ? - C:\WINDOWS\system32\PhysX.cpl "speech.cpl" - "Microsoft" - C:\WINDOWS\system32\speech.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "WebSpeech" - "G DATA Software AG" - C:\PROGRA~1\GEMEIN~1\WEBSPE~1.0\LgxIEControl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "Bluetooth HID Enumerator" (BTHidEnum) - ? - C:\WINDOWS\System32\Drivers\vbtenum.sys (File not found) "Bluetooth HID Manager Service" (BTHidMgr) - ? - C:\WINDOWS\System32\Drivers\BTHidMgr.sys (File not found) "Bluetooth PAN Bus Service" (btnetBUs) - ? - C:\WINDOWS\System32\Drivers\btnetBus.sys (File signed by Microsoft | File found, but it contains no detailed information) "catchme" (catchme) - ? - C:\cofi.exe\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Driver for MagicISO SCSI Host Controller" (mcdbus) - "MagicISO, Inc." - C:\WINDOWS\System32\DRIVERS\mcdbus.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "mbr" (mbr) - ? - C:\DOKUME~1\Xander\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "NetGroup Packet Filter Driver" (NPF) - "CACE Technologies, Inc." - C:\WINDOWS\System32\drivers\npf.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "SCDEmu" (SCDEmu) - "PowerISO Computing, Inc." - C:\WINDOWS\system32\drivers\SCDEmu.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys "SuperWebcam, WDM Virtual Video Capture Device" (SUPERWEBCAM) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\superwebcam.sys "ufldipob" (ufldipob) - ? - C:\DOKUME~1\Xander\LOKALE~1\Temp\ufldipob.sys (Hidden registry entry, rootkit activity | File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {8AAA7E68-62C0-47D2-A290-FEA30B9F66A4} "VTFColExt Class" - "Neil 'Jed' Jedrzejewski" - C:\WINDOWS\system32\vtfcolumnext.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Programme\Pinnacle\VideoSpin\Programs\BlueShellExt.dll (File found, but it contains no detailed information) {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {E81FFB23-40E2-431C-A041-76AEA0E4B04C} "Enterprise Projects" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\NAMEEXT.DLL {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "PowerISO" - "PowerISO Computing, Inc." - C:\Programme\PowerISO\PWRISOSH.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Programme\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle" - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Oracle" - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Xander\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "BlueSoleil Print Port" - "IVT Corporation" - C:\WINDOWS\system32\BsMonSvr.dll "HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\HpTcpMon.dll "PrintPort" - ? - C:\WINDOWS\system32\emfxp.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "HID Input Service" (HidServ) - ? - C:\WINDOWS\System32\hidserv.dll (File not found) "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies, Inc." - C:\Programme\WinPcap\rpcapd.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Bootkit Remover/SCREENSHOT: 
__________________ |
|
22.09.2010, 20:43
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java/Agent, + versch. Tr/... Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.09.2010, 21:32
| #20 |
| | Java/Agent, + versch. Tr/...Hier bitte, die Log-Datei von MBRCheck Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fd
Kernel Drivers (total 136):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8C3E000 \WINDOWS\system32\KDCOM.DLL
0xF8B4E000 \WINDOWS\system32\BOOTVID.dll
0xF86EE000 ACPI.sys
0xF8C40000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF86DD000 pci.sys
0xF873E000 ohci1394.sys
0xF874E000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF875E000 isapnp.sys
0xF8D06000 PCIIde.sys
0xF89BE000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF8C42000 intelide.sys
0xF876E000 MountMgr.sys
0xF86BE000 ftdisk.sys
0xF89C6000 PartMgr.sys
0xF877E000 VolSnap.sys
0xF86A6000 atapi.sys
0xF878E000 disk.sys
0xF879E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8686000 fltmgr.sys
0xF8674000 sr.sys
0xF865D000 KSecDD.sys
0xF864A000 WudfPf.sys
0xF85BD000 Ntfs.sys
0xF8590000 NDIS.sys
0xF87AE000 Combo-Fix.sys
0xF857C000 sfvfs02.sys
0xF89CE000 sfhlp02.sys
0xF856A000 sfdrv01.sys
0xF8550000 Mup.sys
0xF8B52000 BtHidBus.sys
0xF87EE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7F42000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF7F2E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7F06000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF8ACE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7EE2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8AD6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF87FE000 \SystemRoot\system32\DRIVERS\AN983.sys
0xF880E000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF8ADE000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF881E000 \SystemRoot\system32\DRIVERS\serial.sys
0xF84E6000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF882E000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF883E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF884E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7EBF000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8AE6000 \SystemRoot\System32\Drivers\btnetBus.sys
0xF8AEE000 \SystemRoot\System32\Drivers\VcommMgr.sys
0xF8AF6000 \SystemRoot\System32\Drivers\IvtBtBus.sys
0xF8AFE000 \SystemRoot\system32\DRIVERS\superwebcam.sys
0xF885E000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF8E47000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF886E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF84DE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7EA8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF887E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF888E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8B0E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7E97000 \SystemRoot\system32\DRIVERS\psched.sys
0xF889E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8B16000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8B1E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF88AE000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8B26000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8B2E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7E6F000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xF7E03000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xF8C7C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7DA5000 \SystemRoot\system32\DRIVERS\update.sys
0xF84CE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF88CE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8B3E000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xAA1D1000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA1AD000 \SystemRoot\system32\drivers\portcls.sys
0xF88FE000 \SystemRoot\system32\drivers\drmk.sys
0xF891E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8C88000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8C8A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D81000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C8C000 \SystemRoot\System32\Drivers\Beep.SYS
0xF89FE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8A06000 \SystemRoot\System32\drivers\vga.sys
0xF8C8E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8C90000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8A0E000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8A16000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8C06000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA9678000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA961F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA95F7000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA95D5000 \SystemRoot\System32\drivers\afd.sys
0xF893E000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF8A1E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF894E000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xA94BA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA944A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF895E000 \SystemRoot\System32\Drivers\Fips.SYS
0xA93FC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF896E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF897E000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA93C1000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF8C96000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF8A36000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA96BB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF899E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8A3E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA96B3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA96AB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF812C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA933A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8C9C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA9505000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8A5E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8DA8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04D000 \SystemRoot\System32\igxpdv32.DLL
0xBF1AE000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA91E5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA91DD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8F60000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA8F23000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9292000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8FF5000 \SystemRoot\system32\drivers\npf.sys
0xA8BD4000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9382000 \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\mbr.sys
0xA8913000 \SystemRoot\System32\Drivers\HTTP.sys
0xA938A000 \??\C:\cofi.exe\catchme.sys
0xF8CCA000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xA8533000 \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\ufldipob.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 34):
0 System Idle Process
4 System
596 C:\WINDOWS\system32\smss.exe
644 csrss.exe
668 C:\WINDOWS\system32\winlogon.exe
716 C:\WINDOWS\system32\services.exe
728 C:\WINDOWS\system32\lsass.exe
896 C:\WINDOWS\system32\svchost.exe
952 svchost.exe
1020 C:\WINDOWS\system32\svchost.exe
1056 C:\WINDOWS\system32\svchost.exe
1192 svchost.exe
1248 svchost.exe
1352 C:\WINDOWS\system32\spoolsv.exe
1400 C:\Programme\Avira\AntiVir Desktop\sched.exe
1468 svchost.exe
1748 C:\Programme\Avira\AntiVir Desktop\avguard.exe
1876 C:\WINDOWS\system32\svchost.exe
552 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
1232 alg.exe
2420 C:\WINDOWS\RTHDCPL.EXE
2520 C:\WINDOWS\system32\igfxtray.exe
2588 C:\WINDOWS\system32\hkcmd.exe
2648 C:\WINDOWS\system32\igfxpers.exe
2672 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
2712 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
2052 C:\WINDOWS\explorer.exe
2704 C:\WINDOWS\system32\svchost.exe
3376 C:\WINDOWS\system32\ctfmon.exe
1160 C:\WINDOWS\system32\taskmgr.exe
2784 C:\Programme\Mozilla Firefox\firefox.exe
2492 C:\WINDOWS\system32\charmap.exe
2036 C:\WINDOWS\system32\notepad.exe
3616 C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ST3160023AS, Rev: 3.00
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
Done!
__________________ LG, ©onsultant _______________________________________________ Anleitungen, FAQs & Links | Anleitung: Neuaufsetzen des Systems + Absicherung |
|
22.09.2010, 21:36
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java/Agent, + versch. Tr/...Code:
ATTFilter Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
Denk dran beide Tools zu updaten vor dem Scan!!
__________________ --> Java/Agent, + versch. Tr/... |
|
22.09.2010, 21:51
| #22 |
| | Java/Agent, + versch. Tr/... Gut, werde ich machen, werde morgen die Logs posten da die Scans eine Weile dauern, danke 
__________________ LG, ©onsultant _______________________________________________ Anleitungen, FAQs & Links | Anleitung: Neuaufsetzen des Systems + Absicherung |
|
23.09.2010, 16:38
| #23 |
| | Java/Agent, + versch. Tr/... Hallo cosinus, nun habe ich ja noch einmal die Control-Scans mit Malwarebytes und SUPERAntiSpyware durchgeführt; (leider muß ich dich enttäuschen da anscheinend ein RootKit gefunden wurde) und es wurden beiderseits Funde angezeigt. Ich poste nachfolgend die Logs mit Screenshot: Malwarebytes-Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4645
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
23.09.2010 15:16:15
LOG12345678.txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 254306
Laufzeit: 1 Stunde(n), 23 Minute(n), 40 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
SCREENSHOT:  SUPERAntiSpyware-Log: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/23/2010 at 05:18 PM
Application Version : 4.43.1000
Core Rules Database Version : 5563
Trace Rules Database Version: 3375
Scan type : Complete Scan
Total Scan Time : 01:54:16
Memory items scanned : 498
Memory threats detected : 0
Registry items scanned : 7758
Registry threats detected : 1
File items scanned : 115116
File threats detected : 2
Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY
Adware.Tracking Cookie
cdn.eyewonder.com [ C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\ZP82H4ZU ]
www.adservercentral.info [ C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\ZP82H4ZU ]
SCREENSHOT:  P.S.: Ich habe bei beiden Scannern die Funde noch NICHT gelöscht, danke schon im Voraus für deinen Lösungsvorschlag.
__________________ LG, ©onsultant _______________________________________________ Anleitungen, FAQs & Links | Anleitung: Neuaufsetzen des Systems + Absicherung |
|
23.09.2010, 19:01
| #24 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java/Agent, + versch. Tr/...Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.09.2010, 18:09
| #25 |
| | Java/Agent, + versch. Tr/... Abend, gut, danke für den Hinweis  Nein keine weiteren Funde - das AV-Programm gibt nun auch wieder Ruhe. THX für den guten Support!
__________________ LG, ©onsultant _______________________________________________ Anleitungen, FAQs & Links | Anleitung: Neuaufsetzen des Systems + Absicherung |
|
25.09.2010, 13:49
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java/Agent, + versch. Tr/... Dann wären wir durch!  Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.09.2010, 13:53
| #27 | |
| | Java/Agent, + versch. Tr/...Zitat:
Gut, Ist alles auf dem aktuellsten Stand - danke für die Tipps!
__________________ LG, ©onsultant _______________________________________________ Anleitungen, FAQs & Links | Anleitung: Neuaufsetzen des Systems + Absicherung |
|
| Themen zu Java/Agent, + versch. Tr/... |
| 0 bytes, antivir, antivir guard, avira, bho, converter, dllhost.exe, einstellungen, eudora, excel, firefox, frage, helper, hijack, hijackthis, hkus\s-1-5-18, internet explorer, java-virus, jusched.exe, mp3, msiexec.exe, notepad.exe, nt.dll, plug-in, problem, programm, prozess, prozesse, registry, scan, services.exe, shortcut, software, svchost.exe, versteckte objekte, verweise, virus gefunden, warnung, windows |
Linear-Darstellung
