| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Fund eines trojaners: TR/Spy.SpyEyes.halWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
07.05.2011, 16:35
| #1 |
| /// TB-Ausbilder   |  Fund eines trojaners: TR/Spy.SpyEyes.hal Hallo JasonVorhees, Schritt # 1: Registry Cleaner Ich sehe, dass Du sogenannte Registry Cleaner am System hast. In deinem Fall CCleaner. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle Dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Schritt # 2: Fix mit OTL
Code:
ATTFilter :OTL
:files
C:\SystemData
C:\Programme\AskBarDis
:Commands
[emptytemp]
Lösche die vorhandene ComboFix.exe von deinem Desktop und gehe anschließend wie folgt vor: Schritt # 3: ComboFix ausführen Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Lade ComboFix von einem dieser Download-Spiegel herunter: BleepingComputer - ForoSpyware * Wichtig !! Speichere ComboFix auf dem Desktop
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei. Schritt # 4: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
07.05.2011, 20:16
| #2 | |
 | Fund eines trojaners: TR/Spy.SpyEyes.halZitat:
danke für die schnellen rückmeldungen, geht ja fix  ja eigentlich ist es so das das mir hier im forum zum CCleaner geraten wurde, siehe link Beitrag 6 http://www.trojaner-board.de/94171-c...7-problem.html hier die logs All processes killed ========== OTL ========== ========== FILES ========== C:\SystemData folder moved successfully. File\Folder C:\Programme\AskBarDis not found. ========== COMMANDS ========== [EMPTYTEMP] User: Alex ->Temp folder emptied: 734434 bytes ->Temporary Internet Files folder emptied: 184978 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 6630833 bytes ->Flash cache emptied: 456 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Standard ->Temp folder emptied: 589486 bytes ->Temporary Internet Files folder emptied: 5070376 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 29457777 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 9633 bytes RecycleBin emptied: 203 bytes Total Files Cleaned = 41,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05072011_192453 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Combofix Logfile: Code:
ATTFilter ComboFix 11-05-06.05 - Standard 07.05.2011 19:41:31.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1914 [GMT 1:00]
ausgeführt von:: c:\users\Standard\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\AVSredirect.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-07 bis 2011-05-07 ))))))))))))))))))))))))))))))
.
.
2011-05-07 18:55 . 2011-05-07 18:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-05-07 18:55 . 2011-05-07 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-07 18:55 . 2011-05-07 18:55 -------- d-----w- c:\users\Alex\AppData\Local\temp
2011-05-07 18:38 . 2011-05-07 18:38 -------- d-----w- c:\users\Standard\AppData\Roaming\Acer
2011-05-07 18:24 . 2011-05-07 18:24 -------- d-----w- C:\_OTL
2011-05-07 09:49 . 2011-05-07 09:50 -------- d-----w- c:\program files\ERUNT
2011-05-06 17:39 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03E9DE4B-66F8-4CCC-9B16-6B94EF3BFDFB}\mpengine.dll
2011-05-02 17:55 . 2011-05-02 17:55 -------- d-----w- c:\users\Alex\AppData\Roaming\FreeFLVConverter
2011-05-02 17:54 . 2011-03-14 14:57 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2011-05-02 17:54 . 2009-06-19 17:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2011-05-02 17:54 . 2009-06-19 17:51 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2011-05-02 17:54 . 2009-06-19 17:51 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2011-05-02 17:54 . 2009-06-19 17:51 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2011-05-02 17:54 . 2009-06-19 17:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2011-05-02 17:54 . 2011-05-02 17:54 -------- d-----w- c:\users\Standard\AppData\Roaming\FreeFLVConverter
2011-05-02 17:54 . 2009-06-19 17:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2011-05-02 17:54 . 2009-06-19 17:51 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
2011-05-02 17:54 . 2009-06-19 17:51 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2011-05-02 17:32 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2011-05-02 17:32 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll
2011-05-02 17:32 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2011-05-02 17:32 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2011-05-02 17:32 . 2011-05-02 17:32 -------- d-----w- c:\program files\AviSynth 2.5
2011-05-02 05:41 . 2011-05-02 05:41 0 ---ha-w- c:\users\Alex\AppData\Local\BITE2F3.tmp
2011-04-27 13:25 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 13:25 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 13:25 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-25 09:31 . 2011-04-25 09:32 -------- d-----w- c:\users\Alex\AppData\Roaming\WinSPS-S7
2011-04-25 09:26 . 2010-02-10 17:48 578560 ----a-w- c:\windows\system32\DLL_MHJProperties.dll
2011-04-25 09:26 . 2009-06-17 07:13 168448 ----a-w- c:\windows\system32\DLL_MHJSimaticDriver.dll
2011-04-25 09:26 . 2007-02-14 08:41 147488 ----a-w- c:\windows\system32\S5AG32.dll
2011-04-25 09:25 . 2010-09-17 14:53 782336 ----a-w- c:\windows\system32\WS7_S7AG.dll
2011-04-25 09:23 . 2011-04-25 09:26 -------- d-----w- c:\program files\MHJ-Software
2011-04-20 16:53 . 2011-04-20 16:53 -------- d-----w- c:\users\Alex\AppData\Roaming\PIXELA
2011-04-12 14:04 . 2011-04-12 14:04 -------- d-----w- c:\program files\LECTURNITY Player
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 13:42 . 2009-09-21 14:15 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-03 15:40 . 2011-04-27 13:25 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 13:25 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 13:25 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 13:25 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 09:05 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 09:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 09:05 797696 ----a-w- c:\windows\system32\FntCache.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2010-09-12 16:01 . 2009-12-21 15:58 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 10:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-06-15 200704]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-02-13 3549696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-24 870920]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-04-15 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-12 30192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-08-20 77824]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-6-15 565248]
Camera Monitor HD.lnk - c:\program files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe [2010-9-11 541976]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-12 30192]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 135664]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2009-02-13 42608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-15 703008]
S2 FPSensor;EgisTech-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2008-12-24 26928]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-02-13 3440640]
S2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
S2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
S2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-11-27 237568]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2008-10-08 5632]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
S3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\system32\DRIVERS\nuvotonhidgeneric.sys [2008-10-08 22528]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-01-22 52768]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 11:31]
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 11:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738
IE: Alles mit NetXfer herunterladen - p:\netxfer\NXAddList.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Herunterladen mit NetXfer - p:\netxfer\NXAddLink.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\m20gn6nn.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Free FLV Converter_is1 - g:\free flv converter\unins000.exe
AddRemove-{78D2B9D0-E680-4295-9830-6B23397B4743}_is1 - p:\netxfer\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-07 19:55
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(724)
c:\program files\Acer Bio Protection\PwdFilter.dll
.
Zeit der Fertigstellung: 2011-05-07 19:59:45
ComboFix-quarantined-files.txt 2011-05-07 18:59
ComboFix2.txt 2010-12-29 23:21
.
Vor Suchlauf: 16 Verzeichnis(se), 370.579.365.888 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 370.530.504.704 Bytes frei
.
- - End Of File - - 0B4F4CC782EB66CCFEF97F35D77B09FF
|
|
08.05.2011, 09:29
| #3 | |
| /// TB-Ausbilder | Fund eines trojaners: TR/Spy.SpyEyes.hal Hallo JasonVorhees,
__________________Schritt # 1: Beantwortung von Fragen Zitat:
Das Löschen von Temporären Dateien mit dem CCleaner ist in Ordnung. Wie läuft dein Rechner derzeit? Gibt es irgendwelche Probleme? Schritt # 2: Java in Firefox deaktivieren/deinstallieren
Schritt # 3: Java deinstallieren/neu installieren
Schritt # 4: Wichtige Updates
Schritt # 5: ESET Online Scanner Bitte während des Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Schritt # 6: Benutzerdefinierter Scan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
Schritt # 7: Durchführung einer Sicherheitskontrolle Downloade Dir bitte SecurityCheck
Schritt # 8: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
09.05.2011, 16:22
| #4 | |
| | Fund eines trojaners: TR/Spy.SpyEyes.halZitat:
hier die logs ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=6800d41a305981448bb6bde252e20f63 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-05-08 07:09:07 # local_time=2011-05-08 08:09:07 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1797 16775165 100 100 116975 79758331 70229 0 # compatibility_mode=5892 16776573 100 100 165373 142398095 0 0 # compatibility_mode=8192 67108863 100 0 145 145 0 0 # scanned=170764 # found=2 # cleaned=0 # scan_time=12780 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.05.2011 20:36:35 - Run 4 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Standard\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8080.16413) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 452,99 Gb Total Space | 344,90 Gb Free Space | 76,14% Space Free | Partition Type: NTFS Drive F: | 149,10 Gb Total Space | 68,76 Gb Free Space | 46,11% Space Free | Partition Type: NTFS Drive G: | 16,99 Gb Total Space | 8,88 Gb Free Space | 52,27% Space Free | Partition Type: NTFS Drive H: | 3,75 Gb Total Space | 2,68 Gb Free Space | 71,35% Space Free | Partition Type: FAT32 Drive P: | 131,99 Gb Total Space | 5,28 Gb Free Space | 4,00% Space Free | Partition Type: NTFS Computer Name: ALEX-PC | User Name: Standard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Standard\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Users\Standard\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (PIXELA CORPORATION) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - c:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) PRC - C:\Programme\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) PRC - c:\Programme\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Standard\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (IGBASVC) -- c:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (AlfaFF) -- C:\Windows\system32\drivers\AlfaFF.sys (Alfa Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (FPSensor) EgisTech-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\System32\drivers\FPSensor.sys (Egis) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.) DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 18:03:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.31 18:41:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.01.09 13:12:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions [2011.05.08 16:28:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\m20gn6nn.default\extensions [2011.01.09 14:21:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\m20gn6nn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.05.08 16:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.08 16:15:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011.05.08 16:15:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011.05.08 16:15:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.13 18:03:48 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010.10.28 19:39:07 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.28 19:39:07 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.28 19:39:07 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.28 19:39:07 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.28 19:39:07 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.05.07 19:55:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - File not found O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - File not found O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [VitaKeyPdtWzd] c:\Programme\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) O4 - HKCU..\Run: [ProductReg] C:\Programme\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.08 16:33:42 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2011.05.08 16:17:10 | 000,000,000 | ---D | C] -- C:\Programme\Feedback Tool [2011.05.08 16:15:50 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2011.05.08 16:15:08 | 000,000,000 | ---D | C] -- C:\Programme\Java [2011.05.07 19:59:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.05.07 19:59:48 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.05.07 19:39:18 | 000,000,000 | ---D | C] -- C:\ComboFix [2011.05.07 19:38:19 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Acer [2011.05.07 19:38:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.05.07 19:24:53 | 000,000,000 | ---D | C] -- C:\_OTL [2011.05.07 10:49:44 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.05.07 10:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.05.07 10:30:06 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Standard\Desktop\Erunt-setup.exe [2011.05.07 10:30:06 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe [2011.05.07 10:30:06 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Standard\Desktop\TFC.exe [2011.05.02 18:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter [2011.05.02 18:54:14 | 000,307,200 | ---- | C] (FLV.com) -- C:\Windows\System32\TubeFinder.exe [2011.05.02 18:54:10 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\FreeFLVConverter [2011.05.02 18:32:07 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll [2011.05.02 18:32:07 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll [2011.05.02 18:32:05 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2011.05.02 18:32:05 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll [2011.05.02 18:32:03 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5 [2011.04.30 16:58:36 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2011.04.30 16:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft [2011.04.30 16:58:35 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll [2011.04.30 16:58:35 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax [2011.04.30 16:58:35 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll [2011.04.30 16:58:35 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax [2011.04.30 16:58:35 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax [2011.04.30 16:58:35 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax [2011.04.30 16:58:35 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax [2011.04.30 16:58:35 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll [2011.04.30 16:58:34 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax [2011.04.30 16:58:34 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax [2011.04.30 16:58:34 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax [2011.04.30 16:58:34 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax [2011.04.30 16:57:53 | 000,000,000 | ---D | C] -- C:\Programme\eRightSoft [2011.04.25 10:26:55 | 000,168,448 | ---- | C] (MHJ-Software) -- C:\Windows\System32\DLL_MHJSimaticDriver.dll [2011.04.25 10:25:48 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MHJ-Software [2011.04.25 10:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MHJ-Software [2011.04.25 10:23:19 | 000,000,000 | ---D | C] -- C:\Programme\MHJ-Software [2011.04.12 15:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LECTURNITY Player [2011.04.12 15:04:07 | 000,000,000 | ---D | C] -- C:\Programme\LECTURNITY Player [2009.06.15 15:38:56 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2011.05.08 20:35:01 | 000,124,340 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.05.08 20:34:24 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.08 20:23:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.08 20:23:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.08 19:56:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.08 16:29:50 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.08 16:29:50 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.08 16:29:50 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.08 16:29:50 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.08 16:23:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.08 16:22:35 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys [2011.05.08 16:19:03 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.05.08 16:19:03 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.05.08 16:18:48 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.05.08 16:02:58 | 000,124,340 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.05.07 19:55:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.05.07 19:33:26 | 004,343,158 | R--- | M] () -- C:\Users\Standard\Desktop\ComboFix.exe [2011.05.07 10:49:45 | 000,000,737 | ---- | M] () -- C:\Users\Standard\Desktop\NTREGOPT.lnk [2011.05.07 10:49:45 | 000,000,718 | ---- | M] () -- C:\Users\Standard\Desktop\ERUNT.lnk [2011.05.07 10:30:11 | 000,302,080 | ---- | M] () -- C:\Users\Standard\Desktop\g2m3e4r.exe [2011.05.07 10:30:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe [2011.05.07 10:30:09 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Standard\Desktop\Erunt-setup.exe [2011.05.07 10:30:08 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Desktop\TFC.exe [2011.04.30 16:58:36 | 000,000,905 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk [2011.04.25 10:26:55 | 000,000,903 | ---- | M] () -- C:\Users\Standard\Desktop\SPS-VISU V4.7x.lnk [2011.04.25 10:25:48 | 000,000,886 | ---- | M] () -- C:\Users\Standard\Desktop\WinSPS-S7 V4.lnk [2011.04.16 14:43:41 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll [2011.04.16 10:37:32 | 000,448,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.12 15:04:31 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\LECTURNITY Player.lnk ========== Files Created - No Company Name ========== [2011.05.08 16:18:48 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.05.07 19:33:26 | 004,343,158 | R--- | C] () -- C:\Users\Standard\Desktop\ComboFix.exe [2011.05.07 10:49:45 | 000,000,737 | ---- | C] () -- C:\Users\Standard\Desktop\NTREGOPT.lnk [2011.05.07 10:49:45 | 000,000,718 | ---- | C] () -- C:\Users\Standard\Desktop\ERUNT.lnk [2011.05.07 10:30:06 | 000,302,080 | ---- | C] () -- C:\Users\Standard\Desktop\g2m3e4r.exe [2011.05.02 18:54:11 | 000,364,544 | ---- | C] () -- C:\Windows\System32\PropertyGrid.ocx [2011.05.02 18:54:11 | 000,208,500 | ---- | C] () -- C:\Windows\System32\ReyXpBasics.tlb [2011.05.02 18:54:10 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ControlSubX.ocx [2011.04.30 16:58:36 | 000,000,905 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk [2011.04.30 16:58:35 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax [2011.04.30 16:58:35 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax [2011.04.30 16:58:35 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax [2011.04.30 16:58:34 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax [2011.04.30 16:58:34 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax [2011.04.30 16:58:34 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax [2011.04.30 16:58:34 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax [2011.04.30 16:58:34 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax [2011.04.25 10:26:55 | 000,578,560 | ---- | C] () -- C:\Windows\System32\DLL_MHJProperties.dll [2011.04.25 10:26:55 | 000,000,903 | ---- | C] () -- C:\Users\Standard\Desktop\SPS-VISU V4.7x.lnk [2011.04.25 10:26:48 | 000,147,488 | ---- | C] () -- C:\Windows\System32\S5AG32.dll [2011.04.25 10:25:48 | 000,782,336 | ---- | C] () -- C:\Windows\System32\WS7_S7AG.dll [2011.04.25 10:25:48 | 000,000,886 | ---- | C] () -- C:\Users\Standard\Desktop\WinSPS-S7 V4.lnk [2011.04.12 15:04:31 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\LECTURNITY Player.lnk [2011.01.09 13:09:47 | 000,000,680 | ---- | C] () -- C:\Users\Standard\AppData\Local\d3d9caps.dat [2010.12.29 23:59:35 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.12.29 23:59:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.12.29 23:59:35 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2010.12.29 23:59:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.12.29 23:59:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.02.18 16:54:41 | 000,146,249 | ---- | C] () -- C:\Windows\hpoins18.dat [2009.08.18 23:23:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.18 23:23:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.06.15 07:20:40 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.06.15 06:59:45 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2009.06.15 06:59:45 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini [2009.06.15 06:59:44 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe [2009.06.15 06:56:58 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2009.06.15 06:56:58 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2009.06.15 06:56:58 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2009.06.15 06:56:58 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2009.06.15 06:56:58 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2009.06.15 06:56:58 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2009.06.15 06:52:53 | 000,124,340 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.06.15 06:52:24 | 000,124,340 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.03.12 11:47:51 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.03.12 11:47:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.03.12 11:47:51 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.03.12 11:47:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.03.12 11:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.03.12 03:09:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.02.13 01:50:52 | 000,097,792 | ---- | C] () -- C:\Windows\System32\INT15_64.dll [2009.02.13 01:50:52 | 000,081,920 | ---- | C] () -- C:\Windows\System32\INT15.dll [2009.02.13 01:50:52 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2009.02.13 01:50:52 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2009.02.13 01:50:04 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2009.02.11 21:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.02.11 21:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.02.11 21:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2007.03.01 00:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,448,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2011.05.07 19:38:19 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Acer [2011.03.13 18:03:56 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Foxit [2011.05.02 18:54:10 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\FreeFLVConverter [2011.03.14 21:31:27 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\GrabPro [2011.03.15 19:43:00 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Orbit [2011.01.09 13:09:49 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\PowerCinema [2011.03.15 16:17:32 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\ProgSense [2011.01.09 13:29:38 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Unigraphics Solutions [2011.05.08 16:21:44 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.05.08 08:21:16 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.08.04 19:36:21 | 000,000,000 | ---D | M] -- C:\Acer [2009.06.15 15:39:01 | 000,000,000 | ---D | M] -- C:\Book [2009.08.19 16:37:37 | 000,000,000 | ---D | M] -- C:\Boot [2009.06.15 06:56:46 | 000,000,000 | ---D | M] -- C:\CLSetup [2011.05.07 19:59:50 | 000,000,000 | ---D | M] -- C:\ComboFix [2011.05.08 16:17:13 | 000,000,000 | ---D | M] -- C:\Config.Msi [2009.08.04 18:25:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.03.15 19:08:57 | 000,000,000 | ---D | M] -- C:\downloads [2009.08.04 18:28:49 | 000,000,000 | ---D | M] -- C:\Elements [2009.02.11 21:12:45 | 000,000,000 | ---D | M] -- C:\Intel [2009.03.12 04:11:16 | 000,000,000 | R--D | M] -- C:\MSOCache [2009.08.04 18:31:10 | 000,000,000 | ---D | M] -- C:\MyWinLockerData [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.05.08 16:33:42 | 000,000,000 | R--D | M] -- C:\Programme [2011.01.02 16:05:17 | 000,000,000 | ---D | M] -- C:\ProgramData [2009.08.04 18:25:34 | 000,000,000 | -HSD | M] -- C:\Programme [2011.05.07 19:59:49 | 000,000,000 | ---D | M] -- C:\Qoobox [2011.05.08 20:38:28 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.01.09 13:09:14 | 000,000,000 | R--D | M] -- C:\Users [2011.05.08 16:20:25 | 000,000,000 | ---D | M] -- C:\Windows [2011.05.07 19:24:53 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %PROGRAMFILES%\*. > [2009.08.04 18:26:49 | 000,000,000 | ---D | M] -- C:\Programme\Acer [2009.06.15 07:20:03 | 000,000,000 | ---D | M] -- C:\Programme\Acer Arcade Deluxe [2009.06.15 07:00:33 | 000,000,000 | ---D | M] -- C:\Programme\Acer Bio Protection [2010.01.17 14:15:59 | 000,000,000 | ---D | M] -- C:\Programme\Acer GameZone [2009.06.15 07:20:31 | 000,000,000 | ---D | M] -- C:\Programme\Acer Inc [2011.03.13 13:52:50 | 000,000,000 | ---D | M] -- C:\Programme\Adobe [2009.06.15 06:53:31 | 000,000,000 | ---D | M] -- C:\Programme\AmIcoSingLun [2009.09.21 15:15:12 | 000,000,000 | ---D | M] -- C:\Programme\Avira [2011.05.02 18:32:03 | 000,000,000 | ---D | M] -- C:\Programme\AviSynth 2.5 [2009.02.11 21:16:56 | 000,000,000 | ---D | M] -- C:\Programme\Broadcom [2011.05.08 16:15:50 | 000,000,000 | ---D | M] -- C:\Programme\Common Files [2009.06.15 06:53:02 | 000,000,000 | ---D | M] -- C:\Programme\Convesoft [2009.03.12 04:28:29 | 000,000,000 | ---D | M] -- C:\Programme\Cyberlink [2010.09.11 10:18:40 | 000,000,000 | ---D | M] -- C:\Programme\Digital Photo Navigator 1.5 [2010.01.26 13:03:54 | 000,000,000 | ---D | M] -- C:\Programme\DivX [2009.06.15 07:17:55 | 000,000,000 | ---D | M] -- C:\Programme\EgisTec [2009.06.15 07:18:00 | 000,000,000 | ---D | M] -- C:\Programme\EgisTec Egis Software Update [2011.04.30 16:58:17 | 000,000,000 | ---D | M] -- C:\Programme\eRightSoft [2011.05.07 10:50:01 | 000,000,000 | ---D | M] -- C:\Programme\ERUNT [2011.05.08 16:33:42 | 000,000,000 | ---D | M] -- C:\Programme\ESET [2009.08.04 20:07:09 | 000,000,000 | ---D | M] -- C:\Programme\eSobi [2011.05.08 16:17:11 | 000,000,000 | ---D | M] -- C:\Programme\Feedback Tool [2011.03.13 18:03:56 | 000,000,000 | ---D | M] -- C:\Programme\Foxit Software [2009.08.04 18:25:34 | 000,000,000 | -HSD | M] -- C:\Programme\Gemeinsame Dateien [2010.03.28 12:31:03 | 000,000,000 | ---D | M] -- C:\Programme\Google [2010.02.18 17:05:15 | 000,000,000 | ---D | M] -- C:\Programme\Hewlett-Packard [2010.02.18 17:06:43 | 000,000,000 | ---D | M] -- C:\Programme\HP [2011.05.02 18:52:16 | 000,000,000 | -H-D | M] -- C:\Programme\InstallShield Installation Information [2009.02.11 21:12:53 | 000,000,000 | ---D | M] -- C:\Programme\Intel [2011.05.08 16:21:11 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer [2011.05.08 16:15:08 | 000,000,000 | ---D | M] -- C:\Programme\Java [2010.03.26 15:47:48 | 000,000,000 | ---D | M] -- C:\Programme\JRE [2009.06.15 07:03:32 | 000,000,000 | ---D | M] -- C:\Programme\Launch Manager [2011.04.12 15:04:29 | 000,000,000 | ---D | M] -- C:\Programme\LECTURNITY Player [2010.12.28 11:38:44 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.25 10:26:32 | 000,000,000 | ---D | M] -- C:\Programme\MHJ-Software [2009.03.12 04:38:05 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft [2011.02.26 11:58:37 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Analysis Services [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games [2011.02.26 11:59:45 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Office [2011.04.23 10:21:19 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Silverlight [2009.03.12 04:41:21 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft SQL Server Compact Edition [2009.08.06 20:02:29 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Sync Framework [2010.05.17 16:18:09 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Visual Studio [2010.05.17 16:14:15 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Visual Studio 8 [2010.12.19 20:48:17 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Works [2010.06.27 19:32:14 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft.NET [2010.09.11 17:28:46 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker [2011.05.08 16:38:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox [2010.05.17 16:18:49 | 000,000,000 | ---D | M] -- C:\Programme\MSBuild [2009.03.12 03:26:42 | 000,000,000 | ---D | M] -- C:\Programme\MSXML 4.0 [2009.06.15 07:10:46 | 000,000,000 | ---D | M] -- C:\Programme\NewTech Infosystems [2009.06.15 06:58:26 | 000,000,000 | ---D | M] -- C:\Programme\Nuvoton Technology Corporation [2010.03.26 15:52:12 | 000,000,000 | ---D | M] -- C:\Programme\OpenOffice.org 3 [2010.09.11 10:19:46 | 000,000,000 | ---D | M] -- C:\Programme\PIXELA [2009.08.20 20:25:40 | 000,000,000 | ---D | M] -- C:\Programme\QuickTime [2009.06.15 06:56:54 | 000,000,000 | ---D | M] -- C:\Programme\Realtek [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Programme\Reference Assemblies [2011.02.26 11:25:58 | 000,000,000 | ---D | M] -- C:\Programme\Solid Edge ST2 [2010.10.11 13:11:30 | 000,000,000 | ---D | M] -- C:\Programme\Solid Edge V20 [2010.10.17 17:09:54 | 000,000,000 | ---D | M] -- C:\Programme\Spybot - Search & Destroy [2011.03.16 21:40:48 | 000,000,000 | ---D | M] -- C:\Programme\StreamTransport [2011.01.02 16:05:17 | 000,000,000 | ---D | M] -- C:\Programme\SUPERAntiSpyware [2009.06.15 07:01:12 | 000,000,000 | ---D | M] -- C:\Programme\Synaptics [2009.06.15 06:57:37 | 000,000,000 | -H-D | M] -- C:\Programme\Temp [2006.11.02 14:01:55 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information [2009.08.15 23:50:45 | 000,000,000 | ---D | M] -- C:\Programme\Winamp [2009.08.15 23:50:38 | 000,000,000 | ---D | M] -- C:\Programme\Winamp Toolbar [2009.08.19 16:31:04 | 000,000,000 | ---D | M] -- C:\Programme\Windows Calendar [2009.08.19 16:31:03 | 000,000,000 | ---D | M] -- C:\Programme\Windows Collaboration [2009.08.19 16:31:00 | 000,000,000 | ---D | M] -- C:\Programme\Windows Defender [2009.08.19 16:31:03 | 000,000,000 | ---D | M] -- C:\Programme\Windows Journal [2009.10.15 22:03:44 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live [2009.03.12 04:37:35 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live SkyDrive [2011.04.15 14:29:02 | 000,000,000 | ---D | M] -- C:\Programme\Windows Mail [2010.10.17 08:43:43 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player [2009.08.20 20:25:58 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media-Komponenten [2009.08.04 18:25:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT [2009.08.19 16:31:02 | 000,000,000 | ---D | M] -- C:\Programme\Windows Photo Gallery [2009.11.17 20:50:23 | 000,000,000 | ---D | M] -- C:\Programme\Windows Portable Devices [2009.08.19 16:31:03 | 000,000,000 | ---D | M] -- C:\Programme\Windows Sidebar [2009.08.31 15:19:26 | 000,000,000 | ---D | M] -- C:\Programme\WinRAR < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.06.15 15:33:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2009.06.15 15:33:27 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2009.06.15 15:33:27 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.06.15 15:33:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\ERDNT\cache\regedit.exe [2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-07 11:09:05 < > < End of report > secruity check Results of screen317's Security Check version 0.99.10 Windows Vista Service Pack 2 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Avira AntiVir Personal - Free Antivirus ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java(TM) 6 Update 25 Out of date Java installed! Adobe Flash Player 10.2.159.1 Adobe Reader X (10.0.1) - Deutsch Mozilla Firefox (3.6.13) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Spybot Teatimer.exe is disabled! Avira Antivir avgnt.exe Avira Antivir avguard.exe ``````````End of Log```````````` |
|
09.05.2011, 20:40
| #5 | |
| /// TB-Ausbilder | Fund eines trojaners: TR/Spy.SpyEyes.hal Hallo JasonVorhees, Zitat:
Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Dein Rechner ist sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt # 1: ComboFix deinstallieren Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücken. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt # 2: Systembereinigung mit OTL Als nächstes müssen wir alle Programme, die zur Malwarebeseitigung notwendig waren, entfernen:
Schritt # 3: Programme deinstallieren/löschen
Schritt # 4: ESET Online Scanner
Schritt # 5: TeaTimer aktivieren
Schritt # 6: Systemwiederherstellungspunkte löschen Es ist nicht auszuschließen, dass durch die Malware auch Wiederherstellungspunkte infiziert sind. Dieses Problem behebst du wie folgt:
Schritt # 7: Windows Update aktivieren Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.
Schritt # 8: Schutz vor weiteren Infektionen Damit du in Zukunft vor ähnlichen Infektionen geschützt bist, empfehle ich dir noch ein paar nützliche Programme inklusive ein paar Tipps.
Schritt # 9: Passwörter ändern
Schritt # 10: Deine Rückmeldung Bitte gib mir kurz Bescheid, wenn alles erledigt ist und du keine Fragen mehr hast, damit ich das Thema aus meinen Abos löschen kann. |
|
10.05.2011, 21:01
| #6 |
| /// TB-Ausbilder | Fund eines trojaners: TR/Spy.SpyEyes.hal Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Fund eines trojaners: TR/Spy.SpyEyes.hal |
| anti-malware, antivir, antivir guard, datei, detected, entdeck, entdeckt, explorer, folge, folgende, fund, guard, infected, kleines, laufen, malewarebytes, malicious, minute, problem, quarantäne, service, troja, trojaners, verschoben, version |
Textbox.
Button.
+ R Taste und kopiere folgenden Text in das Ausführen Fenster.
Hybrid-Darstellung
