| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: system tools auf meinem RechnerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.03.2011, 23:03
| #1 |
 |  system tools auf meinem Rechner Hallo Board! Habe mir gestern die Malware "system tool" eingefangen. Habe schon 2x vergeblich versucht den Kaspersky rüberlaufen zu lassen (Pc ist jedesmal nach einiger Zeit abgestürzt). Nach einigem einlesen hier im Board habe ich nun Malwarebytes und OTL laufen lassen. Das alles im abgesicherten Modus, da ich hier keine Symptome des Programms habe. Anbei die Logs der Programme, ich hoffe ihr könnt mir helfen diesen Wiederling loszuwerden. Gruß, gobis Extras.txt Code:
ATTFilter OTL Extras logfile created on: 01.03.2011 22:41:53 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\XXX\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
7,00 Gb Paging File | 7,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 295,37 Gb Total Space | 7,10 Gb Free Space | 2,40% Space Free | Partition Type: NTFS
Computer Name: JHOME | User Name: XXX | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "C:\Program Files\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00106F6E-29AA-4F6A-B5F2-04A13DFEF6A5}" = RSDLite
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2BC21CD2-8053-406A-80F6-9AB61717B49D}" = ODF Add-In für Microsoft Office
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{4D530942-9B89-4186-98B7-F51000000100}" = Project S
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6FBB206A-202A-4BCB-8692-9B4F4FD4F7EC}" = WinRar3.70
"{77A1AE2C-C17A-405C-91C0-8FB90144D7C3}" = MotoConnect
"{7DD78AA2-282E-46ED-B1CC-3F76E27EB72A}" = Mediapiraten
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B0DC2DA9-2AF9-422A-88E0-1B84E0F65DB5}" = Speed-Link SL-6535 USB Pad
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6AF23DB-4FFA-4760-B003-00C505F39F98}" = Markstrat Team
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}" = Intel(R) PROSet/Wireless WiFi Software
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F1D93912-492C-4DB1-B050-425E8DC0220A}" = Motorola Driver Installation 4.4.0
"{FA200000-0001-0000-0000-074957833700}" = ABBYY PDF Transformer 2.0
"ACE LoL Client" = League of Legends - ACE Client by Matricus
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AMP WinOFF" = AMP WinOFF
"Anki" = Anki
"Ashampoo ClipFinder HD_is1" = Ashampoo ClipFinder HD 2.06
"Assassin's Creed 2_is1" = Black_Box v1
"Avidemux 2.5" = Avidemux 2.5
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Darksiders_is1" = Darksiders
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DivX Setup.divx.com" = DivX-Setup
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"Game Booster_is1" = Game Booster
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GFWL_{4D530942-9B89-4186-98B7-F51000000100}" = Project S
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"JDownloader" = JDownloader
"Kyocera Product Library" = Kyocera Product Library
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Center 14" = Media Center 14
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Mp3tag" = Mp3tag v2.42
"MPE" = MyPhoneExplorer
"Nehrim - Am Rande des Schicksals_is1" = NehrimUninstaller
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"Opera 11.01.1190" = Opera 11.01
"Partisan_is1" = Partisan
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RocketDock_is1" = RocketDock 1.3.5
"RouterControl" = RouterControl 1.91
"R-Studio 5.1NSIS" = R-Studio 5.1
"Runic Games Torchlight" = Torchlight
"SopCast" = SopCast 3.2.9
"Soulseek2" = SoulSeek 157 NS 13d
"Steam App 10" = Counter-Strike
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trillian" = Trillian
"TVUPlayer" = TVUPlayer 2.5.3.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.5
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.9
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
OTL.txt Code:
ATTFilter OTL logfile created on: 01.03.2011 22:41:53 - Run 1 OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\XXX\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free 7,00 Gb Paging File | 7,00 Gb Available in Paging File | 93,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 295,37 Gb Total Space | 7,10 Gb Free Space | 2,40% Space Free | Partition Type: NTFS Computer Name: XXXX | User Name: XXX | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\XXX\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\XXX\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe () SRV - (VC10SecS) -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH) SRV - (Media Center 14 Service) -- C:\Program Files\J River\Media Center 14\JRService.exe (J. River, Inc.) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\AEstSrv.exe (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV - (NETwLv32) Intel(R) -- C:\Windows\System32\drivers\NETwLv32.sys (Intel Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt () DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola) DRV - (vdrv1000) -- C:\Windows\System32\drivers\vdrv1000.sys (H+H Software GmbH) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (androidusb) -- C:\Windows\System32\drivers\motoandroid.sys (Motorola) DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola) DRV - (MotDev) -- C:\Windows\System32\drivers\motodrv.sys (Motorola Inc) DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola) DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc) DRV - (HH10Help.sys) -- C:\Windows\System32\drivers\HH10Help.sys (H+H Software GmbH) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (sfng32) -- C:\Windows\System32\drivers\sfng32.sys (Sonic Focus, Inc) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15446&l=dis IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F E1 44 00 4E DA CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.grepolis.com/" FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {4b0a905d-b508-4574-8d12-b8fe120ace09}:0.5 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {c151d79e-e61b-4a90-a887-5a46d38fba99}:2.6.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.10 23:49:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.10 23:49:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 18:18:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.11.23 11:48:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.05.27 21:54:28 | 000,000,000 | ---D | M] [2010.04.23 16:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2010.03.20 13:17:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.02.25 13:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\katibnpb.default\extensions [2010.04.23 16:33:59 | 000,000,000 | ---D | M] (Faark's Grepolis Bericht 2 Image - Exporter) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\katibnpb.default\extensions\{4b0a905d-b508-4574-8d12-b8fe120ace09} [2011.01.02 14:57:29 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\katibnpb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.17 19:22:08 | 000,000,000 | ---D | M] (Pearl Crescent Page Saver Basic) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\katibnpb.default\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99} [2010.04.23 16:30:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\katibnpb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.01.26 19:27:21 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\katibnpb.default\extensions\firefox@tvunetworks.com [2010.09.14 20:01:48 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\katibnpb.default\extensions\vshare@toolbar [2010.05.01 23:46:42 | 000,002,252 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\katibnpb.default\searchplugins\askcom.xml [2011.02.25 13:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.05.27 21:55:03 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.04.01 17:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 17:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 17:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 17:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 17:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.03.08 16:23:09 | 000,000,924 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 72.8.143.154 www.boerse.bz boerse.bz O1 - Hosts: 127.0.0.1 hh-software.com O1 - Hosts: 127.0.0.1 www.hh-software.com O2 - BHO: (Mediaplayer) - {1536BA74-8625-4240-99B0-BE65883689C8} - C:\Program Files\Mediapiraten\Mediapiraten\IEButtonMPInterface.dll () O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1ceda127-2a74-11df-bda9-001fe2da55c8}\Shell - "" = AutoRun O33 - MountPoints2\{1ceda127-2a74-11df-bda9-001fe2da55c8}\Shell\AutoRun\command - "" = E:\StartUp.exe O33 - MountPoints2\{3d42c281-f89e-11de-ab85-001fe2da55c8}\Shell - "" = AutoRun O33 - MountPoints2\{3d42c281-f89e-11de-ab85-001fe2da55c8}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{639d70aa-d13e-11df-9c23-001fe2da55c8}\Shell - "" = AutoRun O33 - MountPoints2\{639d70aa-d13e-11df-9c23-001fe2da55c8}\Shell\AutoRun\command - "" = H:\setup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.01 22:27:34 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe [2011.03.01 20:06:12 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes [2011.03.01 20:06:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.01 20:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.01 20:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.01 20:06:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.01 20:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.03.01 00:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\nLkAhOp06504 [2011.03.01 00:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\pHpKjEn06504 [2011.03.01 00:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\hDeCdGi06504 [2011.02.24 10:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager [2011.02.14 00:58:53 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\2DBoy [2011.02.14 00:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy [2011.02.14 00:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Goo [2011.02.03 22:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodline Champions [2011.02.03 22:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA [2011.02.03 10:11:39 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Spartan [2011.02.03 09:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2011.02.02 14:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.03.01 22:27:34 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe [2011.03.01 22:25:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.01 22:25:12 | 2817,048,576 | -HS- | M] () -- C:\hiberfil.sys [2011.03.01 21:24:25 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.01 21:24:25 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.01 21:24:25 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.01 21:24:25 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.01 20:06:07 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.01 19:51:08 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.02.28 20:15:31 | 000,013,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.28 20:15:31 | 000,013,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.24 11:44:57 | 000,271,035 | ---- | M] () -- C:\Users\XXX\Documents\Backup 24.02.2011.mpb [2011.02.24 11:31:28 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini [2011.02.15 01:17:23 | 000,007,646 | ---- | M] () -- C:\Users\XXX\AppData\Local\Resmon.ResmonCfg [2011.02.14 00:58:48 | 000,001,605 | ---- | M] () -- C:\Users\Public\Desktop\World of Goo.lnk [2011.02.13 21:41:21 | 000,001,494 | ---- | M] () -- C:\Users\XXX\.recently-used.xbel [2011.02.07 17:19:57 | 000,207,880 | ---- | M] () -- C:\Users\XXX\Documents\Backup XXXs Milestone 07.02.2011.mpb [2011.02.03 11:31:58 | 000,001,775 | ---- | M] () -- C:\Users\XXX\Desktop\GFWLClient.lnk [2011.02.02 20:22:35 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2011.02.02 20:18:37 | 000,000,873 | ---- | M] () -- C:\Users\XXX\Desktop\Anki.lnk [2011.02.02 14:44:36 | 000,001,550 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.01 20:06:07 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.24 11:44:42 | 000,271,035 | ---- | C] () -- C:\Users\XXX\Documents\Backup 24.02.2011.mpb [2011.02.14 00:58:48 | 000,001,605 | ---- | C] () -- C:\Users\Public\Desktop\World of Goo.lnk [2011.02.13 21:41:21 | 000,001,494 | ---- | C] () -- C:\Users\XXX\.recently-used.xbel [2011.02.07 17:42:36 | 000,002,597 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSD Lite.lnk [2011.02.07 17:16:56 | 000,207,880 | ---- | C] () -- C:\Users\XXX\Documents\Backup XXXs Milestone 07.02.2011.mpb [2011.02.03 11:31:58 | 000,001,775 | ---- | C] () -- C:\Users\XXX\Desktop\GFWLClient.lnk [2011.02.03 09:04:57 | 000,001,298 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2011.02.02 20:22:35 | 000,001,751 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2011.02.02 20:22:35 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2011.02.02 14:44:36 | 000,001,550 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.09.26 10:26:05 | 000,007,646 | ---- | C] () -- C:\Users\XXX\AppData\Local\Resmon.ResmonCfg [2010.09.18 09:41:49 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini [2010.06.07 16:47:34 | 000,408,168 | ---- | C] () -- C:\Windows\System32\easyUpdatusAPIU.dll [2010.06.07 16:47:34 | 000,258,142 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2010.05.27 21:54:52 | 000,114,243 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2010.05.27 21:54:52 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2010.04.21 15:36:47 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.04.21 15:36:46 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.04.11 00:16:31 | 000,006,144 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.20 13:17:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.03.16 21:01:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.03.14 12:19:53 | 000,000,275 | ---- | C] () -- C:\Windows\game.ini [2010.03.06 20:03:59 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin [2010.03.01 00:15:41 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010.01.13 23:20:20 | 000,006,457 | ---- | C] () -- C:\Windows\HCWPNP.INI [2009.12.25 02:22:25 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.12.23 22:50:08 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.12.23 08:01:16 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.12.23 07:53:03 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.12.22 19:06:49 | 000,000,076 | ---- | C] () -- C:\Windows\System32\dtirc.dll [2009.12.22 18:04:43 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2009.09.09 18:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2009.07.14 09:47:43 | 000,643,628 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,126,188 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,412,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,606,992 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,103,370 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.07.14 00:16:43 | 000,020,519 | ---- | C] () -- C:\Windows\System32\w3thm.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll ========== LOP Check ========== [2011.02.08 15:52:24 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\.anki [2010.12.09 23:41:46 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\.matplotlib [2010.01.02 20:39:13 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ashampoo [2010.08.21 13:52:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\avidemux [2009.12.30 12:26:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DAEMON Tools Lite [2011.01.07 21:17:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Dropbox [2011.01.02 14:57:29 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.13 21:48:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\gtk-2.0 [2010.10.07 10:59:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\IObit [2009.12.22 19:06:07 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\J River [2010.07.13 16:18:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\LolClient [2010.10.06 18:39:47 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\motorola [2009.12.25 22:30:43 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mp3tag [2011.02.24 11:41:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\MyPhoneExplorer [2010.04.01 16:05:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Opera [2010.06.25 18:21:47 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Partisan [2010.06.25 18:06:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ProtectDISC [2010.11.01 13:23:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\rockbox.org [2010.01.01 17:10:06 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\RouterControl [2010.02.19 13:21:11 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\runic games [2010.11.02 23:11:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\SanDisk [2010.12.24 16:12:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Softpark [2009.12.31 02:55:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Sports Interactive [2010.03.20 13:17:18 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Thunderbird [2010.03.06 20:13:55 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\tmp [2010.08.20 16:12:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Trillian [2010.05.14 10:36:13 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ubisoft [2010.03.08 16:17:51 | 000,000,000 | --SD | M] -- C:\Users\XXX\AppData\Roaming\Virtual CD v10 [2010.01.03 21:07:08 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Vodafone [2011.01.16 01:31:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2011.01.22 17:37:09 | 000,020,563 | ---- | M] ()(C:\Users\XXX\Desktop\Dialog Gespr?che.odt) -- C:\Users\XXX\Desktop\Dialog Gespr�che.odt [2011.01.22 17:37:09 | 000,020,563 | ---- | C] ()(C:\Users\XXX\Desktop\Dialog Gespr?che.odt) -- C:\Users\XXX\Desktop\Dialog Gespr�che.odt < End of report > mbam-log Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5920
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
01.03.2011 22:24:02
mbam-log-2011-03-01 (22-24-02).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 383126
Laufzeit: 1 Stunde(n), 1 Minute(n), 7 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nLkAhOp06504 (Trojan.FakeAlert) -> Value: nLkAhOp06504 -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\programdata\nlkahop06504\nlkahop06504.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
|
| Themen zu system tools auf meinem Rechner |
| avp, avp.exe, bho, black, call of duty, converter, dropbox, error, excel, firefox, flash player, focus, format, google, install.exe, installation, jdownloader, kaspersky, langs, location, logfile, malware, media center, microsoft office word, mozilla, mozilla thunderbird, mp3, nvlddmkm.sys, oldtimer, otl.exe, picasa, plug-in, programdata, recycle.bin, registry, rundll, saver, scan, searchplugins, security, shell32.dll, software, sptd.sys, start menu, sttray.exe, system, tastatur, teamspeak, trojan.spyeyes, usb, webcheck, windows, world at war |
Baum-Darstellung