|
Log-Analyse und Auswertung: Trend Micro meldet Trojaner und Wurm!!! HilfeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.12.2010, 13:45 | #1 |
| Trend Micro meldet Trojaner und Wurm!!! Hilfe Folgende Meldung kriege ich von Trend Micro: Datum/Uhrzeit,Betroffene Dateien,Bedrohung,Maßnahme 03.12.2010 11:30,H:\Autorun.inf,TROJ_AUTORUN.BNA,Neustart erforderlich 03.12.2010 12:12,H:\Autorun.inf,TROJ_AUTORUN.BNA,Neustart erforderlich 03.12.2010 12:17,H:\Autorun.inf,TROJ_AUTORUN.BNA,Neustart erforderlich 03.12.2010 12:21,H:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,WORM_DOWNAD.AD,Neustart erforderlich 03.12.2010 13:02,H:\autorun.inf,TROJ_AUTORUN.BNA,Neustart erforderlich 03.12.2010 13:16,H:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,WORM_DOWNAD.AD,Neustart erforderlich Hier das Highjack this Logfile: Bitte um Hilfe. Habe das Problem auf meinem XP Rechnergehabt und habe es jetzt auf meinen W7 Rechner: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:38:05, on 03.12.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SessionLauncher - Unknown owner - c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9689 bytes |
03.12.2010, 14:11 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trend Micro meldet Trojaner und Wurm!!! Hilfe Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
03.12.2010, 15:41 | #3 |
| Trend Micro meldet Trojaner und Wurm!!! Hilfe Danke Arne für die schnelle Antwort. Unten die Log-Files: Zur Info: H: ist meine externe Festplatte mit allen wichtigen Daten. Wenn ich sie anschliepe kommen die Warnmeldungen. Habe aber noch nichts von der Platte auf diesen Rechner kopiert. In unserem Haushalt sind noch ein xp und ein vista Rechner. Alle müssten betroffen sein:
__________________Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Datenbank Version: 5237 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 03.12.2010 15:27:28 mbam-log-2010-12-03 (15-27-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|) Durchsuchte Objekte: 287413 Laufzeit: 1 Stunde(n), 8 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.12.2010 15:30:53 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Micha\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 53,58 Gb Total Space | 32,01 Gb Free Space | 59,74% Space Free | Partition Type: NTFS Drive E: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive F: | 239,26 Gb Total Space | 239,16 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Drive G: | 11,75 Gb Total Space | 11,67 Gb Free Space | 99,27% Space Free | Partition Type: NTFS Drive H: | 232,88 Gb Total Space | 20,72 Gb Free Space | 8,90% Space Free | Partition Type: NTFS Computer Name: MICHA-PC | User Name: Micha | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Micha\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe () PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Micha\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe (IDT, Inc.) SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation) SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (RoxMediaDB10) -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (InstallFilterService) -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (RxFilter) -- C:\Windows\SysNative\DRIVERS\RxFilter.sys File not found DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.) DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.) DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.) DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Acceler.sys (ST Microelectronics) DRV:64bit: - (stdflt) -- C:\Windows\SysNative\drivers\stdflt.sys (ST Microelectronics) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC) DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (US122WdmService) -- C:\Windows\SysNative\drivers\US122Wdmx64.sys (Frontier Design Group, LLC) DRV:64bit: - (US122DL) -- C:\Windows\SysNative\drivers\US122DLx64.sys (Frontier Design Group) DRV:64bit: - (US122) -- C:\Windows\SysNative\drivers\US122x64.sys (Frontier Design Group, LLC) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.sueddeutsche.de" FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.5.0.1234 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2010.12.03 10:58:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.03 11:34:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.03 13:52:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.12.03 12:01:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.03 12:01:12 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions [2010.12.03 12:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.12.03 12:26:26 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\rnttwbbn.default\extensions [2010.12.03 12:26:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\rnttwbbn.default\extensions\youtube2mp3@mondayx.de [2010.12.03 11:55:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.12.03 11:55:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe () O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe () O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions) O4 - Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found O4 - Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk H:\ O34 - HKLM BootExecute: (C:\Windows\DCEBoot64.exe) - C:\Windows\DCEBoot64.exe () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (Boot\Option) - File not found O34 - HKLM BootExecute: (oot\Option) - File not found O34 - HKLM BootExecute: (tions\DllNXOptions) - File not found O34 - HKLM BootExecute: (e) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.03 14:20:56 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe [2010.12.03 14:18:45 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Malwarebytes [2010.12.03 14:18:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.03 14:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.03 14:18:28 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.03 14:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.12.03 14:16:49 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Micha\Desktop\mbam-setup.exe [2010.12.03 14:09:09 | 000,555,008 | ---- | C] (Tascam) -- C:\Windows\SysNative\US122cp.cpl [2010.12.03 14:09:09 | 000,223,232 | ---- | C] (TASCAM) -- C:\Windows\SysNative\U122_A24x64.DLL [2010.12.03 14:09:08 | 000,223,232 | ---- | C] (TASCAM) -- C:\Windows\SysNative\U122_A16x64.DLL [2010.12.03 14:09:08 | 000,200,320 | ---- | C] (Frontier Design Group, LLC) -- C:\Windows\SysNative\drivers\US122x64.sys [2010.12.03 14:09:08 | 000,172,032 | ---- | C] (TASCAM) -- C:\Windows\SysWow64\U122_A24.DLL [2010.12.03 14:09:08 | 000,172,032 | ---- | C] (TASCAM) -- C:\Windows\SysWow64\U122_A16.DLL [2010.12.03 14:09:08 | 000,062,976 | ---- | C] (Frontier Design Group, LLC) -- C:\Windows\SysNative\drivers\US122Wdmx64.sys [2010.12.03 14:09:08 | 000,020,224 | ---- | C] (Frontier Design Group) -- C:\Windows\SysNative\drivers\US122DLx64.sys [2010.12.03 14:09:08 | 000,000,000 | ---D | C] -- C:\Programme\US122 [2010.12.03 14:08:52 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\US122_Win_3.40f [2010.12.03 14:05:32 | 000,409,664 | ---- | C] (TASCAM) -- C:\Windows\SysNative\drivers\tascusb2.sys [2010.12.03 14:05:32 | 000,050,240 | ---- | C] (TASCAM) -- C:\Windows\SysNative\drivers\tscusb2a.sys [2010.12.03 14:05:32 | 000,031,296 | ---- | C] (TASCAM) -- C:\Windows\SysNative\drivers\tscusb2m.sys [2010.12.03 14:05:03 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\TASCAM_USB2_X64_2.02 [2010.12.03 14:04:55 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\WinRAR [2010.12.03 14:02:52 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR [2010.12.03 14:02:09 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Macromedia [2010.12.03 14:02:09 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Adobe [2010.12.03 13:52:43 | 002,790,864 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\Micha\Desktop\install_flash_player.exe [2010.12.03 13:52:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2010.12.03 13:52:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2010.12.03 13:52:27 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Adobe [2010.12.03 13:52:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.12.03 13:33:25 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Diagnostics [2010.12.03 13:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010.12.03 13:27:58 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Micha\Desktop\HiJackThis204.exe [2010.12.03 13:03:25 | 002,457,600 | ---- | C] (Trend Micro Inc.) -- C:\Users\Micha\Desktop\RootkitBuster.exe [2010.12.03 12:01:10 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Thunderbird [2010.12.03 12:01:10 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Thunderbird [2010.12.03 12:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2010.12.03 11:57:47 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\OpenOffice.org [2010.12.03 11:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE [2010.12.03 11:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2010.12.03 11:54:10 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\OpenOffice.org 3.2 (de) Installation Files [2010.12.03 11:36:18 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Mozilla [2010.12.03 11:36:18 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Mozilla [2010.12.03 11:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010.12.03 11:29:29 | 037,719,448 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Micha\Desktop\AdbeRdr1000_de_DE.exe [2010.12.03 11:25:53 | 009,278,632 | ---- | C] (Mozilla) -- C:\Users\Micha\Desktop\Thunderbird_Setup_3.1.6.exe [2010.12.03 11:16:04 | 008,402,944 | ---- | C] (Mozilla) -- C:\Users\Micha\Desktop\Firefox_Setup_3.6.12.exe [2010.12.03 11:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.12.03 11:04:08 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.12.03 11:04:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.12.03 11:04:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.12.03 10:58:32 | 000,105,552 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys [2010.12.03 10:58:28 | 000,067,664 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys [2010.12.03 10:58:27 | 000,144,464 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys [2010.12.03 10:58:27 | 000,090,704 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys [2010.12.03 10:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro [2010.12.03 10:55:14 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.12.03 07:46:04 | 000,000,000 | -HSD | C] -- C:\System Recovery [2010.12.03 07:44:51 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Dell [2010.12.03 07:44:39 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Stardock_Corporation [2010.12.03 07:44:39 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Roxio [2010.12.03 07:44:37 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\ATI [2010.12.03 07:44:37 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\ATI [2010.12.03 07:44:34 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\SupportSoft [2010.12.03 07:44:17 | 000,000,000 | R--D | C] -- C:\Users\Micha\Searches [2010.12.03 07:44:07 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Identities [2010.12.03 07:44:03 | 000,000,000 | R--D | C] -- C:\Users\Micha\Contacts [2010.12.03 07:44:01 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\VirtualStore [2010.12.03 07:40:18 | 000,000,000 | --SD | C] -- C:\Users\Micha\AppData\Roaming\Microsoft [2010.12.03 07:40:18 | 000,000,000 | R--D | C] -- C:\Users\Micha\Videos [2010.12.03 07:40:18 | 000,000,000 | R--D | C] -- C:\Users\Micha\Saved Games [2010.12.03 07:40:18 | 000,000,000 | R--D | C] -- C:\Users\Micha\Pictures [2010.12.03 07:40:18 | 000,000,000 | R--D | C] -- C:\Users\Micha\Music [2010.12.03 07:40:18 | 000,000,000 | R--D | C] -- C:\Users\Micha\Links [2010.12.03 07:40:18 | 000,000,000 | R--D | C] -- C:\Users\Micha\Favorites [2010.12.03 07:40:18 | 000,000,000 | R--D | C] -- C:\Users\Micha\Downloads [2010.12.03 07:40:18 | 000,000,000 | R--D | C] -- C:\Users\Micha\Documents [2010.12.03 07:40:18 | 000,000,000 | R--D | C] -- C:\Users\Micha\Desktop [2010.12.03 07:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Vorlagen [2010.12.03 07:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Micha\AppData\Local\Verlauf [2010.12.03 07:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Micha\AppData\Local\Temporary Internet Files [2010.12.03 07:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Startmenü [2010.12.03 07:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Micha\SendTo [2010.12.03 07:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Recent [2010.12.03 07:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Netzwerkumgebung [2010.12.03 07:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Lokale Einstellungen [2010.12.03 07:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Documents\Eigene Videos [2010.12.03 07:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Documents\Eigene Musik [2010.12.03 07:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Eigene Dateien [2010.12.03 07:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Documents\Eigene Bilder [2010.12.03 07:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Druckumgebung [2010.12.03 07:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Cookies [2010.12.03 07:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Micha\AppData\Local\Anwendungsdaten [2010.12.03 07:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Anwendungsdaten [2010.12.03 07:40:18 | 000,000,000 | -H-D | C] -- C:\Users\Micha\AppData [2010.12.03 07:40:18 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Temp [2010.12.03 07:40:18 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\SoftThinks [2010.12.03 07:40:18 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Microsoft [2010.12.03 07:40:18 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Media Center Programs [2010.12.03 07:40:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2010.12.03 07:40:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2010.12.03 07:40:10 | 000,000,000 | -HSD | C] -- C:\Programme [2010.12.03 07:40:10 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2010.12.03 07:40:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2010.12.03 07:40:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2010.12.03 07:40:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2010.12.03 07:40:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2010.12.03 07:40:10 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2010.12.03 07:40:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2010.12.03 07:40:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten ========== Files - Modified Within 30 Days ========== [2010.12.03 15:31:55 | 000,012,800 | ---- | M] () -- C:\Windows\DCEBoot64.exe [2010.12.03 15:31:55 | 000,002,388 | ---- | M] () -- C:\Windows\DCEBOOT.CFG [2010.12.03 14:20:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe [2010.12.03 14:18:31 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.03 14:16:49 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Micha\Desktop\mbam-setup.exe [2010.12.03 14:08:40 | 001,266,697 | ---- | M] () -- C:\Users\Micha\Desktop\US122_Win_3.40f.zip [2010.12.03 14:02:35 | 001,618,487 | ---- | M] () -- C:\Users\Micha\Desktop\winrar-x64-393d.exe [2010.12.03 13:53:19 | 001,444,057 | ---- | M] () -- C:\Users\Micha\Desktop\wrar393d.exe [2010.12.03 13:52:44 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Micha\Desktop\install_flash_player.exe [2010.12.03 13:52:41 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2010.12.03 13:28:45 | 000,002,975 | ---- | M] () -- C:\Users\Micha\Desktop\HiJackThis.lnk [2010.12.03 13:27:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Micha\Desktop\HiJackThis204.exe [2010.12.03 13:25:25 | 001,502,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.12.03 13:25:25 | 000,655,278 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.12.03 13:25:25 | 000,618,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.12.03 13:25:25 | 000,130,146 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.12.03 13:25:25 | 000,107,320 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.12.03 13:25:18 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.03 13:25:18 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.03 13:18:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.03 13:18:02 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys [2010.12.03 13:09:26 | 001,402,880 | ---- | M] () -- C:\Users\Micha\Desktop\HiJackThis.msi [2010.12.03 13:03:27 | 002,457,600 | ---- | M] (Trend Micro Inc.) -- C:\Users\Micha\Desktop\RootkitBuster.exe [2010.12.03 12:22:47 | 000,337,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.12.03 12:18:14 | 000,000,129 | ---- | M] () -- C:\Users\Micha\Desktop\log.CSV [2010.12.03 12:14:18 | 000,109,267 | ---- | M] () -- C:\Users\Micha\Desktop\adress.ldif [2010.12.03 11:58:08 | 000,001,237 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010.12.03 11:56:24 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2010.12.03 11:53:35 | 166,059,192 | ---- | M] () -- C:\Users\Micha\Desktop\OOo_3.2.1_Win_x86_install-wJRE_de.exe [2010.12.03 11:29:29 | 037,719,448 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Micha\Desktop\AdbeRdr1000_de_DE.exe [2010.12.03 11:25:59 | 009,278,632 | ---- | M] (Mozilla) -- C:\Users\Micha\Desktop\Thunderbird_Setup_3.1.6.exe [2010.12.03 11:16:14 | 008,402,944 | ---- | M] (Mozilla) -- C:\Users\Micha\Desktop\Firefox_Setup_3.6.12.exe [2010.12.03 10:51:20 | 000,144,464 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys [2010.12.03 10:51:20 | 000,105,552 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys [2010.12.03 10:51:20 | 000,090,704 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys [2010.12.03 10:51:20 | 000,067,664 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys [2010.12.03 10:50:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.12.03 07:44:40 | 000,001,980 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010.12.03 07:43:25 | 000,052,870 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010.12.03 07:43:25 | 000,052,870 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.11.29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2010.12.03 14:18:31 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.03 14:08:40 | 001,266,697 | ---- | C] () -- C:\Users\Micha\Desktop\US122_Win_3.40f.zip [2010.12.03 14:02:34 | 001,618,487 | ---- | C] () -- C:\Users\Micha\Desktop\winrar-x64-393d.exe [2010.12.03 13:53:18 | 001,444,057 | ---- | C] () -- C:\Users\Micha\Desktop\wrar393d.exe [2010.12.03 13:52:41 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2010.12.03 13:28:45 | 000,002,975 | ---- | C] () -- C:\Users\Micha\Desktop\HiJackThis.lnk [2010.12.03 13:09:25 | 001,402,880 | ---- | C] () -- C:\Users\Micha\Desktop\HiJackThis.msi [2010.12.03 12:18:14 | 000,000,129 | ---- | C] () -- C:\Users\Micha\Desktop\log.CSV [2010.12.03 12:14:41 | 000,109,267 | ---- | C] () -- C:\Users\Micha\Desktop\adress.ldif [2010.12.03 11:58:08 | 000,001,237 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010.12.03 11:56:24 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2010.12.03 11:52:12 | 166,059,192 | ---- | C] () -- C:\Users\Micha\Desktop\OOo_3.2.1_Win_x86_install-wJRE_de.exe [2010.12.03 11:30:44 | 000,012,800 | ---- | C] () -- C:\Windows\DCEBoot64.exe [2010.12.03 11:30:44 | 000,002,388 | ---- | C] () -- C:\Windows\DCEBOOT.CFG [2010.12.03 10:50:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.12.03 07:44:40 | 000,001,980 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.12.2010 15:30:53 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Micha\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 53,58 Gb Total Space | 32,01 Gb Free Space | 59,74% Space Free | Partition Type: NTFS Drive E: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive F: | 239,26 Gb Total Space | 239,16 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Drive G: | 11,75 Gb Total Space | 11,67 Gb Free Space | 99,27% Space Free | Partition Type: NTFS Drive H: | 232,88 Gb Total Space | 20,72 Gb Free Space | 8,90% Space Free | Partition Type: NTFS Computer Name: MICHA-PC | User Name: Micha | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64 "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security "{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™ Internet Security "{AE124EE9-EF32-69C5-60F9-FFA0FFF7F9B1}" = ccc-utility64 "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst "DW WLAN Card Utility" = DW WLAN Card Utility "SynTPDeinstKey" = Dell Touchpad "US122 Driver_is1" = US122 Driver 3.40 "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{1DC7DFF9-2180-0E7E-DB49-817280EE4E93}" = Catalyst Control Center Graphics Light "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22 "{27B94460-B1A6-BE42-D92A-4FCDCF4A719F}" = CCC Help German "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{47BC5D36-B837-B2A8-FB46-F6EC602A7F9C}" = Catalyst Control Center Graphics Previews Common "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B8C6616-F310-60D3-71FD-057C16DB3E8A}" = CCC Help Finnish "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{5FEF1894-CF67-B16C-11B6-5818358B3FC9}" = CCC Help Russian "{60E9E76A-FB31-67CB-8071-A1D38A499A86}" = CCC Help French "{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6869DEA9-8FA6-E3E0-05B6-8187FEB71D52}" = Skins "{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding "{6ED86F6F-7130-48F5-2AF7-5D693098057F}" = CCC Help Norwegian "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9B9F49A2-6791-761F-6077-22977B0FD03D}" = CCC Help Dutch "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{A697D62C-643B-5315-204B-D43055A86649}" = CCC Help Swedish "{A6B483B0-E8E8-0EE1-D678-FEEBDF27FE15}" = Catalyst Control Center Localization All "{A9316AC7-CAB2-C29B-F8B6-6239817B1B45}" = CCC Help Chinese Standard "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch "{AFF254B3-ABBC-15E7-200E-FABF74314C13}" = ccc-core-static "{B27E389B-AE9B-BEB6-8FCF-BA293F884C70}" = CCC Help Japanese "{B5AB153E-59F3-AB56-F8A7-43E531368327}" = Catalyst Control Center Graphics Full New "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{BA214394-CDD8-BB3C-3FCC-8294C9A02ACA}" = CCC Help Chinese Traditional "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BF8DC895-9CC3-E284-6ADF-67077E3FBCA2}" = CCC Help Danish "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{D0016802-8E49-0DED-0B9C-F8946945998F}" = Catalyst Control Center Graphics Full Existing "{DC068C99-4AF6-C4B4-178F-790CC62B93ED}" = Catalyst Control Center Graphics Previews Vista "{DD786529-8C5E-4C64-9FA6-D47FBF17C392}" = Catalyst Control Center InstallProxy "{DDBBE693-E9E5-A743-4C11-D693F94A80D7}" = Catalyst Control Center Core Implementation "{DF6BCD20-50DC-4DE6-4798-948DF8CAC38A}" = CCC Help Korean "{DF8F8A4A-C9EB-79EC-7597-166D3042EAA8}" = CCC Help Spanish "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E19F161D-7FD0-FECB-41B1-A036862C3E47}" = CCC Help English "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E393AA7A-33AE-1F62-0C33-D107BB03E74E}" = CCC Help Portuguese "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE7BEE99-4C13-DF3E-142B-5E4BA8D10CEC}" = CCC Help Italian "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "Dell Dock" = Dell Dock "Dell Webcam Central" = Dell Webcam Central "GoToAssist" = GoToAssist 8.0.0.514 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6) "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 03.12.2010 02:48:31 | Computer Name = Micha-PC | Source = RasClient | ID = 20227 Description = Error - 03.12.2010 04:16:29 | Computer Name = Micha-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 03.12.2010 04:18:49 | Computer Name = Micha-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax. Error - 03.12.2010 05:52:52 | Computer Name = Micha-PC | Source = McLogEvent | ID = 5004 Description = Error - 03.12.2010 05:52:52 | Computer Name = Micha-PC | Source = McLogEvent | ID = 5022 Description = Error - 03.12.2010 05:52:52 | Computer Name = Micha-PC | Source = McLogEvent | ID = 5004 Description = Error - 03.12.2010 05:52:52 | Computer Name = Micha-PC | Source = McLogEvent | ID = 5022 Description = Error - 03.12.2010 05:53:51 | Computer Name = Micha-PC | Source = EventSystem | ID = 4621 Description = Error - 03.12.2010 05:55:16 | Computer Name = Micha-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Micha\Desktop\TTi_MR_Download\Vizor32\VizorUniclientLibrary.dll". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ Broadcom Wireless LAN Events ] Error - 03.12.2010 02:44:59 | Computer Name = Micha-PC | Source = WLAN-Tray | ID = 0 Description = 07:44:59, Fri, Dec 03, 10 Error - Unable to get current user admin status Error - 03.12.2010 02:46:01 | Computer Name = Micha-PC | Source = WLAN-Tray | ID = 0 Description = 07:46:01, Fri, Dec 03, 10 Error - Unable to get current user admin status Error - 03.12.2010 02:47:37 | Computer Name = Micha-PC | Source = WLAN-Tray | ID = 0 Description = 07:47:37, Fri, Dec 03, 10 Error - Unable to switch user context, authentication information not set correctly < End of report > |
03.12.2010, 21:07 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trend Micro meldet Trojaner und Wurm!!! Hilfe Hat MBAM wirklick nichts gefunden oder ist das nur das letzte Log (ohne Funde)?
__________________ Logfiles bitte immer in CODE-Tags posten |
04.12.2010, 11:33 | #5 |
| Trend Micro meldet Trojaner und Wurm!!! Hilfe Weiß nicht genau was du meinst. Ich habe einen vollständigen Systemscan gemacht und das war das Ergebnis. Gruß, Micha |
04.12.2010, 17:56 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trend Micro meldet Trojaner und Wurm!!! Hilfe Meine Frage war, ob du in der Vergangenheit schon mit MBAM gescannt hast und wenn ja, ob da Funde bei waren.
__________________ --> Trend Micro meldet Trojaner und Wurm!!! Hilfe |
Themen zu Trend Micro meldet Trojaner und Wurm!!! Hilfe |
adobe, bho, dateien, desktop, explorer, firefox, highjack this, hijack, hijackthis, internet, internet explorer, logfile, lsass.exe, microsoft, mozilla, mozilla thunderbird, neustart, notification, plug-in, problem, security, software, syswow64, temp, trojaner, windows, wlan, wmp, wurm |