Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Mozilla öffnet einfach Spam Seiten und will plugins runterladen (https://www.trojaner-board.de/92097-mozilla-oeffnet-einfach-spam-seiten-will-plugins-runterladen.html)

Bob003 22.10.2010 07:28
Mozilla öffnet einfach Spam Seiten und will plugins runterladen
 
Hallo,
wenn ich Firefox öffne und bei Google oder wo anders was suche und den link anklicke öffnen sich einfach andere Seiten die nicht gesucht und Mozilla will zuzätzlich nen plugin runterladen,mal geht die richtige seite auf mal nicht.Was kann ich dagegen tun?

Habe Gmer runtergeladen und es mal durchlaufen lassen hier mein Log.

Code:
GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit scan 2010-10-22 08:24:31
Windows 5.1.2600 Service Pack 3
Running: 2mvotsh8.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\kgeoykow.sys


---- User code sections - GMER 1.0.15 ----

.text  C:\WINDOWS\Explorer.EXE[1464] kernel32.dll!CreateProcessInternalW                  7C81979C 5 Bytes  JMP 009E85CB
.text  C:\Programme\Mozilla Firefox\firefox.exe[3032] ntdll.dll!LdrLoadDll                7C9263A3 5 Bytes  JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text  C:\Programme\Mozilla Firefox\firefox.exe[3032] WS2_32.dll!closesocket              71A13E2B 5 Bytes  JMP 00156367
.text  C:\Programme\Mozilla Firefox\firefox.exe[3032] WS2_32.dll!send                    71A14C27 5 Bytes  JMP 00155F60
.text  C:\Programme\Mozilla Firefox\firefox.exe[3032] WS2_32.dll!WSARecv                  71A14CB5 5 Bytes  JMP 00156138
.text  C:\Programme\Mozilla Firefox\firefox.exe[3032] WS2_32.dll!recv                    71A1676F 5 Bytes  JMP 00155FD3
.text  C:\Programme\Mozilla Firefox\firefox.exe[3032] WS2_32.dll!WSASend                  71A168FA 5 Bytes  JMP 0015609E
.text  C:\Programme\Mozilla Firefox\plugin-container.exe[3228] USER32.dll!TrackPopupMenu  7E3B531E 5 Bytes  JMP 103FDDE0 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- EOF - GMER 1.0.15 ----

Bob003 22.10.2010 08:02
und hier Hijack

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:01:29, on 22.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\Spybot - Search & Destroy\SpybotSD.exe
D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
D:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis204.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: NMSAccess - Unknown owner - D:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: Windows Media Connect-Dienst (WMConnectCDS) - Unknown owner - C:\Programme\Windows Media Connect 2\wmccds.exe (file missing)

--
End of file - 2819 bytes

Chris4You 22.10.2010 08:07
Hi,

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris

Bob003 22.10.2010 09:57
Malware


Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4907

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

22.10.2010 10:56:46
mbam-log-2010-10-22 (10-56-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 144561
Laufzeit: 48 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Bob003 22.10.2010 09:59
Code:
OTL logfile created on: 22.10.2010 10:54:42 - Run 1
OTL by OldTimer - Version 3.2.16.0    Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 500 744 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 4,87 Gb Total Space | 0,43 Gb Free Space | 8,89% Space Free | Partition Type: FAT32
Drive D: | 32,37 Gb Total Space | 30,91 Gb Free Space | 95,49% Space Free | Partition Type: NTFS
 
Computer Name: CPMW-B7CD394AA2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - D:\Programme\WinRAR.exe ()
PRC - D:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WMConnectCDS) -- C:\Programme\Windows Media Connect 2\wmccds.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (NMSAccess) -- D:\Programme\CDBurnerXP\NMSAccessU.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\WINDOWS\System32\DRIVERS\snp2sxp.sys File not found
DRV - (Cdrom) -- C:\WINDOWS\System32\DRIVERS\cdrom.sys File not found
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (VIAudio) VIA AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\viaudios.sys (VIA Technologies, Inc.)
DRV - (FA312) -- C:\WINDOWS\system32\drivers\FA312nd5.sys (NETGEAR Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.18 16:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.29 19:29:38 | 000,000,000 | ---D | M]
 
[2010.10.18 16:02:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.10.18 16:02:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\frpay4z7.default\extensions
[2010.10.18 16:04:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\frpay4z7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.18 16:02:24 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.10.12 16:00:18 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.14 23:32:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 23:32:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 23:32:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.07.17 00:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Programme\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\WALLPAPER\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\WALLPAPER\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.29 19:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.22 10:05:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\tpa
[2010.10.22 09:45:30 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2010.10.22 09:38:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.10.22 09:37:44 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll
[2010.10.22 09:37:44 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2010.10.22 09:37:44 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[2010.10.22 09:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010.10.22 07:55:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.10.22 07:14:18 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2010.10.22 06:59:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\backups
[2010.10.22 06:56:55 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis204.exe
[2010.10.22 06:39:43 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe
[2010.10.19 21:08:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.10.19 20:42:42 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2010.10.19 20:42:09 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive
[2010.10.19 20:41:41 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live
[2010.10.19 11:56:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.10.18 16:02:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2010.10.18 15:46:50 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010.10.18 15:13:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AVG10
[2010.10.18 15:12:35 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2010.10.18 15:10:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10
[2010.10.18 15:00:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2010.10.18 14:35:18 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010.10.18 14:30:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Gutscheinmieze
[2010.10.18 14:16:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Server
[2010.10.15 14:57:52 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Config.Msi
[2010.10.15 14:57:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010.10.15 02:46:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Meine empfangenen Dateien
[2010.10.15 00:01:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skypePM
[2010.10.14 23:55:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype
[2010.10.14 23:55:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
[2010.10.12 18:55:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Identities
[2010.10.12 16:05:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010.10.12 16:00:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.10.12 16:00:28 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.10.12 15:59:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun
[2010.10.01 19:46:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
[2010.10.01 19:16:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canneverbe Limited
[2010.10.01 18:44:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.09.29 07:57:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
[2010.09.22 19:49:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OfficeRecovery
[2010.09.22 16:00:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\microsoft
[56 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.22 10:10:58 | 000,025,439 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\tpa.zip
[2010.10.22 09:48:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.10.22 09:48:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.10.22 09:48:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010.10.22 09:40:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.10.22 09:40:02 | 000,000,720 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Update Service.lnk
[2010.10.22 09:37:40 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll
[2010.10.22 09:37:40 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2010.10.22 09:37:40 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[2010.10.22 08:42:28 | 000,269,857 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\attachment.pdf
[2010.10.22 06:56:58 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis204.exe
[2010.10.22 06:39:54 | 000,001,440 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.10.22 06:37:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.22 06:37:36 | 000,000,330 | -HS- | M] () -- C:\WINDOWS\tasks\ECCZN.job
[2010.10.22 06:37:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.19 20:30:20 | 000,007,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.18 16:02:28 | 000,001,470 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.10.18 14:56:00 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.10.18 14:38:38 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.18 14:35:22 | 000,068,096 | ---- | M] () -- C:\WINDOWS\System32\weg48.f3d
[2010.10.18 14:35:22 | 000,036,864 | ---- | M] () -- C:\WINDOWS\System32\fwe43g347347.w6
[2010.10.18 14:35:22 | 000,021,504 | ---- | M] () -- C:\WINDOWS\System32\gs78.c3
[2010.10.18 14:35:18 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010.10.18 14:26:14 | 000,000,690 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CDBurnerXP.lnk
[2010.10.14 21:52:06 | 000,045,612 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00035.JPG
[2010.10.14 14:37:22 | 000,060,193 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00032.JPG
[2010.10.12 16:00:18 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.10.01 19:46:00 | 000,000,408 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2010.10.01 19:28:36 | 000,000,166 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\trueburner.ini
[2010.10.01 18:43:46 | 000,416,044 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.10.01 18:43:46 | 000,401,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.01 18:43:46 | 000,075,392 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.10.01 18:43:46 | 000,062,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.10.01 18:31:10 | 000,136,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.09.29 19:57:08 | 000,000,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\achhenre.rtf
[56 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.22 10:10:56 | 000,025,439 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\tpa.zip
[2010.10.22 10:07:22 | 048,413,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\W890_R1FA035_MAIN_GENERIC_AK_RED52.mbn
[2010.10.22 10:07:18 | 040,300,264 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\W890_R1FA035_FS_WESTERN-EUROPE_RED52.fbn
[2010.10.22 09:48:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.10.22 09:48:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.10.22 09:48:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010.10.22 09:40:01 | 000,000,720 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Update Service.lnk
[2010.10.22 08:42:26 | 000,269,857 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\attachment.pdf
[2010.10.22 06:39:52 | 000,001,440 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.10.18 16:02:26 | 000,001,470 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.10.18 14:55:58 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.10.18 14:38:37 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.18 14:35:21 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fwe43g347347.w6
[2010.10.18 14:35:21 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\gs78.c3
[2010.10.18 14:35:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\weg48.f3d
[2010.10.18 14:26:13 | 000,000,690 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CDBurnerXP.lnk
[2010.10.18 14:26:12 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.10.18 14:17:23 | 000,000,330 | -HS- | C] () -- C:\WINDOWS\tasks\ECCZN.job
[2010.10.14 19:39:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe
[2010.10.14 17:09:13 | 000,045,612 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00035.JPG
[2010.10.14 17:05:25 | 000,060,193 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00032.JPG
[2010.10.01 19:45:59 | 000,000,408 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2010.10.01 19:43:22 | 000,007,168 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.01 19:22:25 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\trueburner.ini
[2010.09.29 19:57:06 | 000,000,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\achhenre.rtf
[2010.08.31 20:01:53 | 000,002,516 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2010.08.31 20:01:53 | 000,000,088 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2C69BD85DE.sys
[2010.08.30 16:49:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2010.08.29 18:52:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

< End of report >

Bob003 22.10.2010 10:00
Code:
OTL Extras logfile created on: 22.10.2010 10:54:42 - Run 1
OTL by OldTimer - Version 3.2.16.0    Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 500 744 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 4,87 Gb Total Space | 0,43 Gb Free Space | 8,89% Space Free | Partition Type: FAT32
Drive D: | 32,37 Gb Total Space | 30,91 Gb Free Space | 95,49% Space Free | Partition Type: NTFS
 
Computer Name: CPMW-B7CD394AA2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"1064:TCP" = 1064:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\Programme\AVG\AVG10\avgmfapx.exe" = C:\Programme\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- File not found
"D:\Programme\Sony Ericsson\Update Service\Update Service.exe" = D:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Recuva" = Recuva
"Update Service" = Sony Ericsson Update Service
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"VLC media player" = VLC media player 1.1.4
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMCSetup" = Windows Media Connect
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.09.2010 14:21:01 | Computer Name = CPMW-B7CD394AA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Recuva.exe, Version 1.38.0.504, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 01.10.2010 12:15:11 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:12 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:12 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:13 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:15 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:16 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:17 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:18 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:22 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 1043
Description = Fehler beim Starten einer Windows Installer-Transaktion: . Beim Beenden
 der Transaktion ist Fehler 5 aufgetreten.
 
[ System Events ]
Error - 01.10.2010 13:16:51 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:16:57 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:17:04 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:17:20 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:17:26 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:18:14 | Computer Name = CPMW-B7CD394AA2 | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort1 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 01.10.2010 13:18:18 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:18:25 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:30:44 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:30:47 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
 
< End of report >

Bob003 22.10.2010 10:10
Code:
2010/10/22 11:09:19.0109        TDSS rootkit removing tool 2.4.4.0 Oct  4 2010 09:06:59
2010/10/22 11:09:19.0109        ================================================================================
2010/10/22 11:09:19.0109        SystemInfo:
2010/10/22 11:09:19.0109       
2010/10/22 11:09:19.0109        OS Version: 5.1.2600 ServicePack: 3.0
2010/10/22 11:09:19.0109        Product type: Workstation
2010/10/22 11:09:19.0109        ComputerName: CPMW-B7CD394AA2
2010/10/22 11:09:19.0109        UserName: Administrator
2010/10/22 11:09:19.0109        Windows directory: C:\WINDOWS
2010/10/22 11:09:19.0109        System windows directory: C:\WINDOWS
2010/10/22 11:09:19.0109        Processor architecture: Intel x86
2010/10/22 11:09:19.0109        Number of processors: 1
2010/10/22 11:09:19.0109        Page size: 0x1000
2010/10/22 11:09:19.0109        Boot type: Normal boot
2010/10/22 11:09:19.0109        ================================================================================
2010/10/22 11:09:19.0343        Initialize success
2010/10/22 11:09:22.0796        ================================================================================
2010/10/22 11:09:22.0796        Scan started
2010/10/22 11:09:22.0796        Mode: Manual;
2010/10/22 11:09:22.0796        ================================================================================
2010/10/22 11:09:24.0906        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/22 11:09:25.0000        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/10/22 11:09:25.0265        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/22 11:09:25.0390        AFD            (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2010/10/22 11:09:26.0187        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/22 11:09:26.0812        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/22 11:09:26.0921        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/22 11:09:27.0218        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/22 11:09:27.0375        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/22 11:09:27.0546        AVGIDSEH        (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/10/22 11:09:27.0609        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/22 11:09:27.0687        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/22 11:09:27.0781        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/22 11:09:28.0031        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/22 11:09:28.0093        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/22 11:09:28.0546        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/22 11:09:28.0843        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/22 11:09:29.0453        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/22 11:09:29.0609        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/22 11:09:29.0812        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/22 11:09:29.0875        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/22 11:09:30.0031        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/22 11:09:30.0359        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/22 11:09:30.0531        FA312          (aa855fb8a866281aacb393c1feab91ae) C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
2010/10/22 11:09:30.0656        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/22 11:09:30.0734        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/22 11:09:30.0859        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/22 11:09:31.0031        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/22 11:09:31.0187        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/22 11:09:31.0296        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/22 11:09:31.0343        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/22 11:09:31.0421        ggflt          (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
2010/10/22 11:09:31.0515        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
2010/10/22 11:09:31.0640        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/22 11:09:31.0953        HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/22 11:09:32.0453        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/22 11:09:32.0593        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/22 11:09:32.0875        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/22 11:09:32.0953        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/22 11:09:33.0109        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/22 11:09:33.0203        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/22 11:09:33.0296        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/22 11:09:33.0390        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/22 11:09:33.0546        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/22 11:09:33.0656        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/22 11:09:33.0781        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/22 11:09:33.0921        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/22 11:09:34.0078        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/22 11:09:34.0218        KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/22 11:09:34.0671        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/22 11:09:34.0812        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/22 11:09:34.0921        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/22 11:09:34.0984        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/22 11:09:35.0375        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/22 11:09:35.0531        MRxSmb          (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/22 11:09:35.0750        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/22 11:09:35.0875        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/22 11:09:36.0000        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/22 11:09:36.0093        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/22 11:09:36.0265        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/22 11:09:36.0359        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/22 11:09:36.0500        Mup            (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/22 11:09:36.0687        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/22 11:09:36.0765        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/22 11:09:36.0921        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/22 11:09:37.0109        NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/22 11:09:37.0203        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/22 11:09:37.0250        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/22 11:09:37.0328        NDProxy        (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/22 11:09:37.0421        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/22 11:09:37.0640        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/22 11:09:37.0796        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/22 11:09:37.0937        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/22 11:09:38.0062        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/22 11:09:38.0281        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/22 11:09:38.0328        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/22 11:09:38.0375        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/22 11:09:38.0453        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/22 11:09:38.0500        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/22 11:09:38.0640        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/22 11:09:38.0718        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/22 11:09:38.0796        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/22 11:09:39.0031        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/10/22 11:09:39.0171        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/10/22 11:09:40.0031        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/22 11:09:40.0093        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/22 11:09:40.0125        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/22 11:09:40.0843        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/22 11:09:40.0937        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/22 11:09:41.0046        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/22 11:09:41.0078        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/22 11:09:41.0250        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/22 11:09:41.0343        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/22 11:09:41.0500        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/22 11:09:41.0671        RDPWD          (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/22 11:09:41.0859        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/22 11:09:42.0015        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/22 11:09:42.0156        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2010/10/22 11:09:42.0296        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/22 11:09:42.0656        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/22 11:09:43.0281        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/22 11:09:43.0406        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/22 11:09:43.0562        Srv            (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/22 11:09:43.0734        StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2010/10/22 11:09:43.0890        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/22 11:09:44.0140        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/22 11:09:44.0312        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/22 11:09:45.0203        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/22 11:09:45.0453        Tcpip          (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/22 11:09:45.0656        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/22 11:09:45.0812        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/22 11:09:45.0968        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/22 11:09:46.0453        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/22 11:09:46.0921        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/22 11:09:47.0140        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/22 11:09:47.0328        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/22 11:09:47.0468        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/22 11:09:47.0656        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/22 11:09:47.0781        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/22 11:09:47.0906        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/22 11:09:48.0453        VIAudio        (01c7ba100f06e3a221b4068682fd2a2f) C:\WINDOWS\system32\drivers\viaudios.sys
2010/10/22 11:09:48.0609        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/22 11:09:48.0781        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/22 11:09:48.0953        Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/10/22 11:09:49.0390        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/22 11:09:49.0765        WpdUsb          (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/10/22 11:09:49.0953        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/22 11:09:50.0234        ================================================================================
2010/10/22 11:09:50.0234        Scan finished
2010/10/22 11:09:50.0234        ================================================================================

Chris4You 22.10.2010 11:20
Hi,

da ist was oberfaul!

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
C:\WINDOWS\System32\weg48.f3d
C:\WINDOWS\System32\fwe43g347347.w6
C:\WINDOWS\System32\gs78.c3
C:\WINDOWS\tasks\ECCZN.job
C:\WINDOWS\System32\dllcache\user32.dll
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!


Der Virenscanner (Meldungen) sind komplett abgeknippst:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet!

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen.

chris

Bob003 22.10.2010 18:51
File: weg48.f3d

Code:
File name:
weg48.f3d
Submission date:
2010-10-22 17:38:13 (UTC)
Current status:
queued (#7) queued (#7) analysing finished
Result:
3/ 42 (7.1%)
       
VT Community

not reviewed
 Safety score: -
Compact
Print results
Antivirus        Version        Last Update        Result
AhnLab-V3        2010.10.22.01        2010.10.22        -
AntiVir        7.10.13.27        2010.10.22        -
Antiy-AVL        2.0.3.7        2010.10.22        -
Authentium        5.2.0.5        2010.10.22        -
Avast        4.8.1351.0        2010.10.22        -
Avast5        5.0.594.0        2010.10.22        -
AVG        9.0.0.851        2010.10.22        -
BitDefender        7.2        2010.10.22        -
CAT-QuickHeal        11.00        2010.10.22        -
ClamAV        0.96.2.0-git        2010.10.22        -
Comodo        6479        2010.10.22        -
DrWeb        5.0.2.03300        2010.10.22        Win32.HLLW.Okamai.origin
Emsisoft        5.0.0.50        2010.10.22        -
eSafe        7.0.17.0        2010.10.21        -
eTrust-Vet        36.1.7928        2010.10.22        -
F-Prot        4.6.2.117        2010.10.22        -
F-Secure        9.0.16160.0        2010.10.22        -
Fortinet        4.2.249.0        2010.10.22        -
GData        21        2010.10.22        -
Ikarus        T3.1.1.90.0        2010.10.22        -
Jiangmin        13.0.900        2010.10.22        -
K7AntiVirus        9.66.2813        2010.10.22        -
Kaspersky        7.0.0.125        2010.10.22        -
McAfee        5.400.0.1158        2010.10.22        W32/Mariofev!enc
McAfee-GW-Edition        2010.1C        2010.10.22        W32/Mariofev!enc
Microsoft        1.6301        2010.10.22        -
NOD32        5555        2010.10.22        -
Norman        6.06.10        2010.10.22        -
nProtect        2010-10-22.01        2010.10.22        -
Panda        10.0.2.7        2010.10.22        -
PCTools        7.0.3.5        2010.10.22        -
Prevx        3.0        2010.10.22        -
Rising        22.70.03.04        2010.10.22        -
Sophos        4.58.0        2010.10.22        -
Sunbelt        7118        2010.10.22        -
SUPERAntiSpyware        4.40.0.1006        2010.10.22        -
TheHacker        6.7.0.1.064        2010.10.21        -
TrendMicro        9.120.0.1004        2010.10.22        -
TrendMicro-HouseCall        9.120.0.1004        2010.10.22        -
VBA32        3.12.14.1        2010.10.22        -
ViRobot        2010.9.25.4060        2010.10.22        -
VirusBuster        12.69.13.0        2010.10.22        -
Additional information
Show all
MD5  : a04a8553f9200ed8290f6f58c5c4b281
SHA1  : bcbe447eedbf8d6deded3d6b1c5d492dc83cb442
SHA256: bdcd5d36553919860f0bb43e9a72579a2f3c18e3c2fb7ca9a1da17d06db4a65b
ssdeep: 1536:SU6NsxvvE2/5IgZSwYD/TfxcY74b9K3V9dwcrsXrJ:qNsxXE2BI3fxva9SVHw0sXl
File size : 68096 bytes
First seen: 2010-10-22 17:38:13
Last seen : 2010-10-22 17:38:13
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Bob003 22.10.2010 18:52
File fwe43g347347.w6

Code:
File name:
fwe43g347347.w6
Submission date:
2010-10-22 17:48:14 (UTC)
Current status:
queued (#8) queued (#8) analysing finished
Result:
3/ 43 (7.0%)
       
VT Community

not reviewed
 Safety score: -
Compact
Print results
Antivirus        Version        Last Update        Result
AhnLab-V3        2010.10.22.01        2010.10.22        -
AntiVir        7.10.13.27        2010.10.22        -
Antiy-AVL        2.0.3.7        2010.10.22        -
Authentium        5.2.0.5        2010.10.22        -
Avast        4.8.1351.0        2010.10.22        -
Avast5        5.0.594.0        2010.10.22        -
AVG        9.0.0.851        2010.10.22        -
BitDefender        7.2        2010.10.22        -
CAT-QuickHeal        11.00        2010.10.22        -
ClamAV        0.96.2.0-git        2010.10.22        -
Comodo        6479        2010.10.22        -
DrWeb        5.0.2.03300        2010.10.22        Win32.HLLW.Okamai.12
Emsisoft        5.0.0.50        2010.10.22        -
eSafe        7.0.17.0        2010.10.21        -
eTrust-Vet        36.1.7928        2010.10.22        -
F-Prot        4.6.2.117        2010.10.22        -
F-Secure        9.0.16160.0        2010.10.22        -
Fortinet        4.2.249.0        2010.10.22        -
GData        21        2010.10.22        -
Ikarus        T3.1.1.90.0        2010.10.22        -
Jiangmin        13.0.900        2010.10.22        -
K7AntiVirus        9.66.2813        2010.10.22        -
Kaspersky        7.0.0.125        2010.10.22        -
McAfee        5.400.0.1158        2010.10.22        W32/Mariofev!enc
McAfee-GW-Edition        2010.1C        2010.10.22        W32/Mariofev!enc
Microsoft        1.6301        2010.10.22        -
NOD32        5555        2010.10.22        -
Norman        6.06.10        2010.10.22        -
nProtect        2010-10-22.01        2010.10.22        -
Panda        10.0.2.7        2010.10.22        -
PCTools        7.0.3.5        2010.10.22        -
Prevx        3.0        2010.10.22        -
Rising        22.70.03.04        2010.10.22        -
Sophos        4.58.0        2010.10.22        -
Sunbelt        7118        2010.10.22        -
SUPERAntiSpyware        4.40.0.1006        2010.10.22        -
Symantec        20101.2.0.161        2010.10.22        -
TheHacker        6.7.0.1.064        2010.10.21        -
TrendMicro        9.120.0.1004        2010.10.22        -
TrendMicro-HouseCall        9.120.0.1004        2010.10.22        -
VBA32        3.12.14.1        2010.10.22        -
ViRobot        2010.9.25.4060        2010.10.22        -
VirusBuster        12.69.13.0        2010.10.22        -
Additional information
Show all
MD5  : a1850c277e90ccc9c42388f441b7b6bf
SHA1  : 035b89c44a42d0dfbd5c10ad6cf1a781c4ecd670
SHA256: 62160ab1cbfbf90cf7b5bcbd6abc04c95ab67db93bfff856ebcab23c2a8c4425
ssdeep: 384:QdZlG895Aikt1uIKnKDLEHTaLyB4Z1Ru/CMBdz0WQ:QdfG89FIKnKPEHTaLOWLuKMBd0L
File size : 36864 bytes
First seen: 2010-10-22 17:48:14
Last seen : 2010-10-22 17:48:14
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Bob003 22.10.2010 18:56
File gs78.c3


Code:
File name:
gs78.c3
Submission date:
2010-10-22 17:53:54 (UTC)
Current status:
queued (#5) queued (#5) analysing finished
Result:
3/ 43 (7.0%)
       
VT Community

not reviewed
 Safety score: -
Compact
Print results
Antivirus        Version        Last Update        Result
AhnLab-V3        2010.10.22.01        2010.10.22        -
AntiVir        7.10.13.27        2010.10.22        -
Antiy-AVL        2.0.3.7        2010.10.22        -
Authentium        5.2.0.5        2010.10.22        -
Avast        4.8.1351.0        2010.10.22        -
Avast5        5.0.594.0        2010.10.22        -
AVG        9.0.0.851        2010.10.22        -
BitDefender        7.2        2010.10.22        -
CAT-QuickHeal        11.00        2010.10.22        -
ClamAV        0.96.2.0-git        2010.10.22        -
Comodo        6479        2010.10.22        -
DrWeb        5.0.2.03300        2010.10.22        Trojan.Rvz.10
Emsisoft        5.0.0.50        2010.10.22        -
eSafe        7.0.17.0        2010.10.21        -
eTrust-Vet        36.1.7928        2010.10.22        -
F-Prot        4.6.2.117        2010.10.22        -
F-Secure        9.0.16160.0        2010.10.22        -
Fortinet        4.2.249.0        2010.10.22        -
GData        21        2010.10.22        -
Ikarus        T3.1.1.90.0        2010.10.22        -
Jiangmin        13.0.900        2010.10.22        -
K7AntiVirus        9.66.2813        2010.10.22        -
Kaspersky        7.0.0.125        2010.10.22        -
McAfee        5.400.0.1158        2010.10.22        W32/Mariofev!enc
McAfee-GW-Edition        2010.1C        2010.10.22        W32/Mariofev!enc
Microsoft        1.6301        2010.10.22        -
NOD32        5555        2010.10.22        -
Norman        6.06.10        2010.10.22        -
nProtect        2010-10-22.01        2010.10.22        -
Panda        10.0.2.7        2010.10.22        -
PCTools        7.0.3.5        2010.10.22        -
Prevx        3.0        2010.10.22        -
Rising        22.70.03.04        2010.10.22        -
Sophos        4.58.0        2010.10.22        -
Sunbelt        7118        2010.10.22        -
SUPERAntiSpyware        4.40.0.1006        2010.10.22        -
Symantec        20101.2.0.161        2010.10.22        -
TheHacker        6.7.0.1.064        2010.10.21        -
TrendMicro        9.120.0.1004        2010.10.22        -
TrendMicro-HouseCall        9.120.0.1004        2010.10.22        -
VBA32        3.12.14.1        2010.10.22        -
ViRobot        2010.9.25.4060        2010.10.22        -
VirusBuster        12.69.13.0        2010.10.22        -
Additional information
Show all
MD5  : 982a389c6156435989e02df2348e938c
SHA1  : 87fd43b0032cb931058cbc328d2752bc3c03cf01
SHA256: 5ecabf51038bd18c326ba32a5714cafd57797093d5517d258ccb010b76d524d3
ssdeep: 384:4cmGBux7z4yOIFAGe5TP5PJI+SEiTNQtyEiAEqzeP7G/GI:WmuLid5JO1/AEX7G/GI
File size : 21504 bytes
First seen: 2010-10-22 17:53:54
Last seen : 2010-10-22 17:53:54
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Bob003 22.10.2010 19:00
File ECCN.job,nix gefunden.

Code:
File name:
ECCZN.job
Submission date:
2010-10-22 17:57:15 (UTC)
Current status:
queued (#2) queued (#2) analysing finished
Result:
0/ 43 (0.0%)

Bob003 22.10.2010 19:04
File user32.dll

Hier scheint jee menge faul zu sein :(

Code:
File name:
user32.dll
Submission date:
2010-10-22 18:00:47 (UTC)
Current status:
queued (#2) queued (#2) analysing finished
Result:
32/ 43 (74.4%)
       
VT Community

not reviewed
 Safety score: -
Compact
Print results
Antivirus        Version        Last Update        Result
AhnLab-V3        2010.10.22.01        2010.10.22        Win-Trojan/User32Hk
AntiVir        7.10.13.27        2010.10.22        TR/Patched.Gen2
Antiy-AVL        2.0.3.7        2010.10.22        Trojan/Win32.Patched.gen
Authentium        5.2.0.5        2010.10.22        W32/User32Hk.A!Generic
Avast        4.8.1351.0        2010.10.22        Win32:SysPatch
Avast5        5.0.594.0        2010.10.22        Win32:SysPatch
AVG        9.0.0.851        2010.10.22        -
BitDefender        7.2        2010.10.22        Win32.MarioForever.Patched
CAT-QuickHeal        11.00        2010.10.22        Trojan.Patched.AP
ClamAV        0.96.2.0-git        2010.10.22        -
Comodo        6479        2010.10.22        TrojWare.Win32.Patched.F
DrWeb        5.0.2.03300        2010.10.22        -
Emsisoft        5.0.0.50        2010.10.22        Trojan.Win32.Patched!IK
eSafe        7.0.17.0        2010.10.21        -
eTrust-Vet        36.1.7928        2010.10.22        Win32/Pruserinf
F-Prot        4.6.2.117        2010.10.22        W32/User32Hk.A!Generic
F-Secure        9.0.16160.0        2010.10.22        Win32.MarioForever.Patched
Fortinet        4.2.249.0        2010.10.22        W32/Patched.D!tr
GData        21        2010.10.22        Win32.MarioForever.Patched
Ikarus        T3.1.1.90.0        2010.10.22        Trojan.Win32.Patched
Jiangmin        13.0.900        2010.10.22        Win32/PatchFile.bk
K7AntiVirus        9.66.2813        2010.10.22        Trojan
Kaspersky        7.0.0.125        2010.10.22        Trojan.Win32.Patched.gq
McAfee        5.400.0.1158        2010.10.22        Patched User32
McAfee-GW-Edition        2010.1C        2010.10.22        Patched User32
Microsoft        1.6301        2010.10.22        Virus:Win32/Mariofev.A
NOD32        5555        2010.10.22        Win32/Pinit
Norman        6.06.10        2010.10.22        -
nProtect        2010-10-22.01        2010.10.22        Virus/W32.Patched.Q
Panda        10.0.2.7        2010.10.22        W32/Patched.H
PCTools        7.0.3.5        2010.10.22        Trojan.Patched!sd5
Prevx        3.0        2010.10.22        -
Rising        22.70.03.04        2010.10.22        -
Sophos        4.58.0        2010.10.22        Troj/User32Hk-A
Sunbelt        7118        2010.10.22        Trojan.Win32.Patched.dr (v)
SUPERAntiSpyware        4.40.0.1006        2010.10.22        -
Symantec        20101.2.0.161        2010.10.22        -
TheHacker        6.7.0.1.064        2010.10.21        -
TrendMicro        9.120.0.1004        2010.10.22        Possible_Patch-1
TrendMicro-HouseCall        9.120.0.1004        2010.10.22        Possible_Patch-1
VBA32        3.12.14.1        2010.10.22        Trojan.Win32.Patched.gq
ViRobot        2010.9.25.4060        2010.10.22        Win32.Patched.X
VirusBuster        12.69.13.0        2010.10.22        -
Additional information
Show all
MD5  : 2628fb678cc34f42b4e98244075f74c1
SHA1  : 981714086c649fd3e7cf64e3d7b30911b0e3ac0b
SHA256: 686f0fd8e1df7031338f041ad7e00dbc7914c715970d8d4e2567bb800a927814
ssdeep: 6144:QXtUG2qbvmfPYjo6QK86tQGdscawPX10BhTruuGVuKtNYmLlLyUTuyGEDSu3ZmDt:s2++f
sZ86q5caW0VhG86xxcEPZm2nG
File size : 580096 bytes
First seen: 2010-04-01 12:50:03
Last seen : 2010-10-22 18:00:47
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. Alle Rechte vorbehalten.
product......: Betriebssystem Microsoft_ Windows_
description..: Client-DLL f_r Windows XP USER-API
original name: user32
internal name: user32
file version.: 5.1.2600.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0xB217
timedatestamp....: 0x4802BFB7 (Mon Apr 14 02:21:43 2008)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x5F283, 0x5F400, 6.66, f747b131a21761b59fd7b2a066b48e2d
.data, 0x61000, 0x1180, 0xC00, 2.37, 775119e98796af9b8a849dd1f6e4f377
.rsrc, 0x63000, 0x2A7BC, 0x2A800, 5.00, ab0716ca00fe22c6cb46856e79f46656
.reloc, 0x8E000, 0x2DE4, 0x2E00, 6.77, 68ebe5a2d822be0663a3e935b39d0bae

[[ 3 import(s) ]]
GDI32.dll: GetClipRgn, ExtSelectClipRgn, GetHFONT, GetMapMode, SetGraphicsMode, GetClipBox, CreateRectRgn, CreateRectRgnIndirect, SetLayout, GetBoundsRect, ExcludeClipRect, PlayEnhMetaFile, GdiGetBitmapBitsSize, CreatePen, Ellipse, CreateEllipticRgn, GdiFixUpHandle, GetTextCharacterExtra, SetTextCharacterExtra, GetCurrentObject, GetViewportOrgEx, SetViewportOrgEx, PolyPatBlt, CreateBrushIndirect, SetBoundsRect, CopyEnhMetaFileW, CopyMetaFileW, GetPaletteEntries, CreatePalette, SetPaletteEntries, bInitSystemAndFontsDirectoriesW, bMakePathNameW, cGetTTFFromFOT, GetPixel, ExtTextOutA, GetTextCharsetInfo, QueryFontAssocStatus, GetCharWidthInfo, GetCharWidthA, GetTextFaceW, GetCharABCWidthsA, GetCharABCWidthsW, SetBrushOrgEx, CreateFontIndirectW, EnumFontsW, GetTextFaceAliasW, GetTextMetricsW, GetTextColor, GetBkMode, GetViewportExtEx, GetWindowExtEx, GdiGetCharDimensions, GdiGetCodePage, GetTextCharset, GdiPrinterThunk, GdiAddFontResourceW, TranslateCharsetInfo, SaveDC, OffsetWindowOrgEx, RestoreDC, ExtTextOutW, GetObjectType, GetDIBits, CreateDIBSection, SetStretchBltMode, SelectPalette, RealizePalette, SetDIBits, CreateDCW, CreateDIBitmap, CreateCompatibleBitmap, SetBitmapBits, DeleteDC, GdiValidateHandle, GdiDllInitialize, CreateSolidBrush, GetStockObject, CreateCompatibleDC, GdiConvertBitmapV5, GdiCreateLocalEnhMetaFile, GdiCreateLocalMetaFilePict, GetRgnBox, CombineRgn, OffsetRgn, MirrorRgn, EnableEUDC, GdiConvertToDevmodeW, GetTextExtentPointA, GetTextExtentPointW, CreateBitmap, SetLayoutWidth, PatBlt, TextOutA, TextOutW, BitBlt, GdiConvertAndCheckDC, StretchBlt, SetRectRgn, GdiReleaseDC, GdiConvertEnhMetaFile, GdiConvertMetaFilePict, DeleteEnhMetaFile, DeleteMetaFile, DeleteObject, GetDIBColorTable, GetDeviceCaps, StretchDIBits, GetLayout, SetBkColor, SetTextColor, GetObjectW, GetBkColor, SetBkMode, SelectObject, IntersectClipRect, GetTextAlign, SetTextAlign, GdiProcessSetup
KERNEL32.dll: LocalSize, SizeofResource, LoadResource, FindResourceExW, FindResourceExA, GetModuleHandleW, DisableThreadLibraryCalls, GetCurrentThreadId, IsDBCSLeadByteEx, SearchPathW, ExpandEnvironmentStringsW, LoadLibraryExW, GlobalAddAtomW, GetSystemDirectoryW, GetComputerNameW, GetCurrentProcess, GetCurrentThread, ExitThread, GetExitCodeThread, CreateThread, HeapReAlloc, GlobalHandle, FoldStringW, Sleep, GetStringTypeW, GetStringTypeA, GetCPInfo, HeapSize, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, GetFileSize, ReadFile, SetFileTime, GetFileTime, GetSystemWindowsDirectoryW, CopyFileW, MoveFileW, DeleteFileW, CreateProcessW, AddAtomA, AddAtomW, GetAtomNameW, GetAtomNameA, IsValidLocale, ConvertDefaultLocale, CompareStringW, GetCurrentDirectoryW, SetCurrentDirectoryW, lstrlenW, GetLogicalDrives, FindClose, FindNextFileW, FindFirstFileW, GetThreadLocale, ProcessIdToSessionId, GetCurrentProcessId, InterlockedCompareExchange, IsDBCSLeadByte, LCMapStringW, QueryPerformanceCounter, QueryPerformanceFrequency, GetTickCount, lstrlenA, GlobalFindAtomA, GetModuleFileNameA, GetModuleHandleA, GlobalAddAtomA, DelayLoadFailureHook, LoadLibraryA, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, LocalUnlock, LocalLock, LocalReAlloc, GetACP, GetOEMCP, InterlockedIncrement, InterlockedDecrement, SetLastError, GlobalFindAtomW, GlobalAlloc, MultiByteToWideChar, GlobalReAlloc, GetLastError, GetProcAddress, LoadLibraryW, FreeLibrary, lstrcpynW, CreateFileW, WritePrivateProfileStringW, lstrcmpiW, SetEvent, WaitForMultipleObjectsEx, WideCharToMultiByte, GlobalFlags, GetLocaleInfoW, GlobalFree, GetModuleFileNameW, GlobalGetAtomNameW, GlobalGetAtomNameA, InterlockedExchange, DeleteAtom, LocalAlloc, GlobalDeleteAtom, LocalFree, GlobalSize, GlobalLock, GlobalUnlock, GetUserDefaultLCID, HeapAlloc, HeapFree, lstrcpyW, lstrcatW, GetPrivateProfileStringW, RegisterWaitForInputIdle
ntdll.dll: NtQueryVirtualMemory, RtlUnwind, RtlNtStatusToDosError, NlsAnsiCodePage, RtlAllocateHeap, qsort, RtlMultiByteToUnicodeSize, LdrFlushAlternateResourceModules, RtlPcToFileHeader, wcsrchr, NtRaiseHardError, RtlIsNameLegalDOS8Dot3, strrchr, sscanf, NtQueryKey, NtEnumerateValueKey, RtlRunEncodeUnicodeString, RtlRunDecodeUnicodeString, _wcsicmp, CsrAllocateCaptureBuffer, CsrCaptureMessageBuffer, CsrFreeCaptureBuffer, NtOpenThreadToken, NtOpenProcessToken, NtQueryInformationToken, CsrClientCallServer, memmove, NtCallbackReturn, RtlUnicodeToMultiByteSize, RtlActivateActivationContextUnsafeFast, RtlDeactivateActivationContextUnsafeFast, RtlInitializeCriticalSection, NtQuerySystemInformation, swprintf, RtlDeleteCriticalSection, RtlImageNtHeader, CsrClientConnectToServer, NtYieldExecution, NtCreateKey, NtSetValueKey, NtDeleteValueKey, RtlQueryInformationActiveActivationContext, RtlReleaseActivationContext, RtlFreeHeap, wcsncpy, wcscmp, wcstoul, wcscat, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlCreateUnicodeStringFromAsciiz, RtlFreeUnicodeString, NtOpenDirectoryObject, _chkstk, wcscpy, wcsncat, NtSetSecurityObject, NtQuerySecurityObject, NtQueryInformationProcess, wcstol, wcslen, RtlFindActivationContextSectionString, RtlMultiByteToUnicodeN, RtlUnicodeToMultiByteN, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlOpenCurrentUser, NtEnumerateKey, NtOpenKey, NtClose, NtQueryValueKey, RtlInitUnicodeString, RtlUnicodeStringToInteger

[[ 732 export(s) ]]
ActivateKeyboardLayout, AdjustWindowRect, AdjustWindowRectEx, AlignRects, AllowForegroundActivation, AllowSetForegroundWindow, AnimateWindow, AnyPopup, AppendMenuA, AppendMenuW, ArrangeIconicWindows, AttachThreadInput, BeginDeferWindowPos, BeginPaint, BlockInput, BringWindowToTop, BroadcastSystemMessage, BroadcastSystemMessageA, BroadcastSystemMessageExA, BroadcastSystemMessageExW, BroadcastSystemMessageW, BuildReasonArray, CalcMenuBar, CallMsgFilter, CallMsgFilterA, CallMsgFilterW, CallNextHookEx, CallWindowProcA, CallWindowProcW, CascadeChildWindows, CascadeWindows, ChangeClipboardChain, ChangeDisplaySettingsA, ChangeDisplaySettingsExA, ChangeDisplaySettingsExW, ChangeDisplaySettingsW, ChangeMenuA, ChangeMenuW, CharLowerA, CharLowerBuffA, CharLowerBuffW, CharLowerW, CharNextA, CharNextExA, CharNextW, CharPrevA, CharPrevExA, CharPrevW, CharToOemA, CharToOemBuffA, CharToOemBuffW, CharToOemW, CharUpperA, CharUpperBuffA, CharUpperBuffW, CharUpperW, CheckDlgButton, CheckMenuItem, CheckMenuRadioItem, CheckRadioButton, ChildWindowFromPoint, ChildWindowFromPointEx, CliImmSetHotKey, ClientThreadSetup, ClientToScreen, ClipCursor, CloseClipboard, CloseDesktop, CloseWindow, CloseWindowStation, CopyAcceleratorTableA, CopyAcceleratorTableW, CopyIcon, CopyImage, CopyRect, CountClipboardFormats, CreateAcceleratorTableA, CreateAcceleratorTableW, CreateCaret, CreateCursor, CreateDesktopA, CreateDesktopW, CreateDialogIndirectParamA, CreateDialogIndirectParamAorW, CreateDialogIndirectParamW, CreateDialogParamA, CreateDialogParamW, CreateIcon, CreateIconFromResource, CreateIconFromResourceEx, CreateIconIndirect, CreateMDIWindowA, CreateMDIWindowW, CreateMenu, CreatePopupMenu, CreateSystemThreads, CreateWindowExA, CreateWindowExW, CreateWindowStationA, CreateWindowStationW, CsrBroadcastSystemMessageExW, CtxInitUser32, DdeAbandonTransaction, DdeAccessData, DdeAddData, DdeClientTransaction, DdeCmpStringHandles, DdeConnect, DdeConnectList, DdeCreateDataHandle, DdeCreateStringHandleA, DdeCreateStringHandleW, DdeDisconnect, DdeDisconnectList, DdeEnableCallback, DdeFreeDataHandle, DdeFreeStringHandle, DdeGetData, DdeGetLastError, DdeGetQualityOfService, DdeImpersonateClient, DdeInitializeA, DdeInitializeW, DdeKeepStringHandle, DdeNameService, DdePostAdvise, DdeQueryConvInfo, DdeQueryNextServer, DdeQueryStringA, DdeQueryStringW, DdeReconnect, DdeSetQualityOfService, DdeSetUserHandle, DdeUnaccessData, DdeUninitialize, DefDlgProcA, DefDlgProcW, DefFrameProcA, DefFrameProcW, DefMDIChildProcA, DefMDIChildProcW, DefRawInputProc, DefWindowProcA, DefWindowProcW, DeferWindowPos, DeleteMenu, DeregisterShellHookWindow, DestroyAcceleratorTable, DestroyCaret, DestroyCursor, DestroyIcon, DestroyMenu, DestroyReasons, DestroyWindow, DeviceEventWorker, DialogBoxIndirectParamA, DialogBoxIndirectParamAorW, DialogBoxIndirectParamW, DialogBoxParamA, DialogBoxParamW, DisableProcessWindowsGhosting, DispatchMessageA, DispatchMessageW, DisplayExitWindowsWarnings, DlgDirListA, DlgDirListComboBoxA, DlgDirListComboBoxW, DlgDirListW, DlgDirSelectComboBoxExA, DlgDirSelectComboBoxExW, DlgDirSelectExA, DlgDirSelectExW, DragDetect, DragObject, DrawAnimatedRects, DrawCaption, DrawCaptionTempA, DrawCaptionTempW, DrawEdge, DrawFocusRect, DrawFrame, DrawFrameControl, DrawIcon, DrawIconEx, DrawMenuBar, DrawMenuBarTemp, DrawStateA, DrawStateW, DrawTextA, DrawTextExA, DrawTextExW, DrawTextW, EditWndProc, EmptyClipboard, EnableMenuItem, EnableScrollBar, EnableWindow, EndDeferWindowPos, EndDialog, EndMenu, EndPaint, EndTask, EnterReaderModeHelper, EnumChildWindows, EnumClipboardFormats, EnumDesktopWindows, EnumDesktopsA, EnumDesktopsW, EnumDisplayDevicesA, EnumDisplayDevicesW, EnumDisplayMonitors, EnumDisplaySettingsA, EnumDisplaySettingsExA, EnumDisplaySettingsExW, EnumDisplaySettingsW, EnumPropsA, EnumPropsExA, EnumPropsExW, EnumPropsW, EnumThreadWindows, EnumWindowStationsA, EnumWindowStationsW, EnumWindows, EqualRect, ExcludeUpdateRgn, ExitWindowsEx, FillRect, FindWindowA, FindWindowExA, FindWindowExW, FindWindowW, FlashWindow, FlashWindowEx, FrameRect, FreeDDElParam, GetActiveWindow, GetAltTabInfo, GetAltTabInfoA, GetAltTabInfoW, GetAncestor, GetAppCompatFlags, GetAppCompatFlags2, GetAsyncKeyState, GetCapture, GetCaretBlinkTime, GetCaretPos, GetClassInfoA, GetClassInfoExA, GetClassInfoExW, GetClassInfoW, GetClassLongA, GetClassLongW, GetClassNameA, GetClassNameW, GetClassWord, GetClientRect, GetClipCursor, GetClipboardData, GetClipboardFormatNameA, GetClipboardFormatNameW, GetClipboardOwner, GetClipboardSequenceNumber, GetClipboardViewer, GetComboBoxInfo, GetCursor, GetCursorFrameInfo, GetCursorInfo, GetCursorPos, GetDC, GetDCEx, GetDesktopWindow, GetDialogBaseUnits, GetDlgCtrlID, GetDlgItem, GetDlgItemInt, GetDlgItemTextA, GetDlgItemTextW, GetDoubleClickTime, GetFocus, GetForegroundWindow, GetGUIThreadInfo, GetGuiResources, GetIconInfo, GetInputDesktop, GetInputState, GetInternalWindowPos, GetKBCodePage, GetKeyNameTextA, GetKeyNameTextW, GetKeyState, GetKeyboardLayout, GetKeyboardLayoutList, GetKeyboardLayoutNameA, GetKeyboardLayoutNameW, GetKeyboardState, GetKeyboardType, GetLastActivePopup, GetLastInputInfo, GetLayeredWindowAttributes, GetListBoxInfo, GetMenu, GetMenuBarInfo, GetMenuCheckMarkDimensions, GetMenuContextHelpId, GetMenuDefaultItem, GetMenuInfo, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuItemInfoW, GetMenuItemRect, GetMenuState, GetMenuStringA, GetMenuStringW, GetMessageA, GetMessageExtraInfo, GetMessagePos, GetMessageTime, GetMessageW, GetMonitorInfoA, GetMonitorInfoW, GetMouseMovePointsEx, GetNextDlgGroupItem, GetNextDlgTabItem, GetOpenClipboardWindow, GetParent, GetPriorityClipboardFormat, GetProcessDefaultLayout, GetProcessWindowStation, GetProgmanWindow, GetPropA, GetPropW, GetQueueStatus, GetRawInputBuffer, GetRawInputData, GetRawInputDeviceInfoA, GetRawInputDeviceInfoW, GetRawInputDeviceList, GetReasonTitleFromReasonCode, GetRegisteredRawInputDevices, GetScrollBarInfo, GetScrollInfo, GetScrollPos, GetScrollRange, GetShellWindow, GetSubMenu, GetSysColor, GetSysColorBrush, GetSystemMenu, GetSystemMetrics, GetTabbedTextExtentA, GetTabbedTextExtentW, GetTaskmanWindow, GetThreadDesktop, GetTitleBarInfo, GetTopWindow, GetUpdateRect, GetUpdateRgn, GetUserObjectInformationA, GetUserObjectInformationW, GetUserObjectSecurity, GetWinStationInfo, GetWindow, GetWindowContextHelpId, GetWindowDC, GetWindowInfo, GetWindowLongA, GetWindowLongW, GetWindowModuleFileName, GetWindowModuleFileNameA, GetWindowModuleFileNameW, GetWindowPlacement, GetWindowRect, GetWindowRgn, GetWindowRgnBox, GetWindowTextA, GetWindowTextLengthA, GetWindowTextLengthW, GetWindowTextW, GetWindowThreadProcessId, GetWindowWord, GrayStringA, GrayStringW, HideCaret, HiliteMenuItem, IMPGetIMEA, IMPGetIMEW, IMPQueryIMEA, IMPQueryIMEW, IMPSetIMEA, IMPSetIMEW, ImpersonateDdeClientWindow, InSendMessage, InSendMessageEx, InflateRect, InitializeLpkHooks, InitializeWin32EntryTable, InsertMenuA, InsertMenuItemA, InsertMenuItemW, InsertMenuW, InternalGetWindowText, IntersectRect, InvalidateRect, InvalidateRgn, InvertRect, IsCharAlphaA, IsCharAlphaNumericA, IsCharAlphaNumericW, IsCharAlphaW, IsCharLowerA, IsCharLowerW, IsCharUpperA, IsCharUpperW, IsChild, IsClipboardFormatAvailable, IsDialogMessage, IsDialogMessageA, IsDialogMessageW, IsDlgButtonChecked, IsGUIThread, IsHungAppWindow, IsIconic, IsMenu, IsRectEmpty, IsServerSideWindow, IsWinEventHookInstalled, IsWindow, IsWindowEnabled, IsWindowInDestroy, IsWindowUnicode, IsWindowVisible, IsZoomed, KillSystemTimer, KillTimer, LoadAcceleratorsA, LoadAcceleratorsW, LoadBitmapA, LoadBitmapW, LoadCursorA, LoadCursorFromFileA, LoadCursorFromFileW, LoadCursorW, LoadIconA, LoadIconW, LoadImageA, LoadImageW, LoadKeyboardLayoutA, LoadKeyboardLayoutEx, LoadKeyboardLayoutW, LoadLocalFonts, LoadMenuA, LoadMenuIndirectA, LoadMenuIndirectW, LoadMenuW, LoadRemoteFonts, LoadStringA, LoadStringW, LockSetForegroundWindow, LockWindowStation, LockWindowUpdate, LockWorkStation, LookupIconIdFromDirectory, LookupIconIdFromDirectoryEx, MBToWCSEx, MB_GetString, MapDialogRect, MapVirtualKeyA, MapVirtualKeyExA, MapVirtualKeyExW, MapVirtualKeyW, MapWindowPoints, MenuItemFromPoint, MenuWindowProcA, MenuWindowProcW, MessageBeep, MessageBoxA, MessageBoxExA, MessageBoxExW, MessageBoxIndirectA, MessageBoxIndirectW, MessageBoxTimeoutA, MessageBoxTimeoutW, MessageBoxW, ModifyMenuA, ModifyMenuW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow, MoveWindow, MsgWaitForMultipleObjects, MsgWaitForMultipleObjectsEx, NotifyWinEvent, OemKeyScan, OemToCharA, OemToCharBuffA, OemToCharBuffW, OemToCharW, OffsetRect, OpenClipboard, OpenDesktopA, OpenDesktopW, OpenIcon, OpenInputDesktop, OpenWindowStationA, OpenWindowStationW, PackDDElParam, PaintDesktop, PaintMenuBar, PeekMessageA, PeekMessageW, PostMessageA, PostMessageW, PostQuitMessage, PostThreadMessageA, PostThreadMessageW, PrintWindow, PrivateExtractIconExA, PrivateExtractIconExW, PrivateExtractIconsA, PrivateExtractIconsW, PrivateSetDbgTag, PrivateSetRipFlags, PtInRect, QuerySendMessage, QueryUserCounters, RealChildWindowFromPoint, RealGetWindowClass, RealGetWindowClassA, RealGetWindowClassW, ReasonCodeNeedsBugID, ReasonCodeNeedsComment, RecordShutdownReason, RedrawWindow, RegisterClassA, RegisterClassExA, RegisterClassExW, RegisterClassW, RegisterClipboardFormatA, RegisterClipboardFormatW, RegisterDeviceNotificationA, RegisterDeviceNotificationW, RegisterHotKey, RegisterLogonProcess, RegisterMessagePumpHook, RegisterRawInputDevices, RegisterServicesProcess, RegisterShellHookWindow, RegisterSystemThread, RegisterTasklist, RegisterUserApiHook, RegisterWindowMessageA, RegisterWindowMessageW, ReleaseCapture, ReleaseDC, RemoveMenu, RemovePropA, RemovePropW, ReplyMessage, ResolveDesktopForWOW, ReuseDDElParam, ScreenToClient, ScrollChildren, ScrollDC, ScrollWindow, ScrollWindowEx, SendDlgItemMessageA, SendDlgItemMessageW, SendIMEMessageExA, SendIMEMessageExW, SendInput, SendMessageA, SendMessageCallbackA, SendMessageCallbackW, SendMessageTimeoutA, SendMessageTimeoutW, SendMessageW, SendNotifyMessageA, SendNotifyMessageW, SetActiveWindow, SetCapture, SetCaretBlinkTime, SetCaretPos, SetClassLongA, SetClassLongW, SetClassWord, SetClipboardData, SetClipboardViewer, SetConsoleReserveKeys, SetCursor, SetCursorContents, SetCursorPos, SetDebugErrorLevel, SetDeskWallpaper, SetDlgItemInt, SetDlgItemTextA, SetDlgItemTextW, SetDoubleClickTime, SetFocus, SetForegroundWindow, SetInternalWindowPos, SetKeyboardState, SetLastErrorEx, SetLayeredWindowAttributes, SetLogonNotifyWindow, SetMenu, SetMenuContextHelpId, SetMenuDefaultItem, SetMenuInfo, SetMenuItemBitmaps, SetMenuItemInfoA, SetMenuItemInfoW, SetMessageExtraInfo, SetMessageQueue, SetParent, SetProcessDefaultLayout, SetProcessWindowStation, SetProgmanWindow, SetPropA, SetPropW, SetRect, SetRectEmpty, SetScrollInfo, SetScrollPos, SetScrollRange, SetShellWindow, SetShellWindowEx, SetSysColors, SetSysColorsTemp, SetSystemCursor, SetSystemMenu, SetSystemTimer, SetTaskmanWindow, SetThreadDesktop, SetTimer, SetUserObjectInformationA, SetUserObjectInformationW, SetUserObjectSecurity, SetWinEventHook, SetWindowContextHelpId, SetWindowLongA, SetWindowLongW, SetWindowPlacement, SetWindowPos, SetWindowRgn, SetWindowStationUser, SetWindowTextA, SetWindowTextW, SetWindowWord, SetWindowsHookA, SetWindowsHookExA, SetWindowsHookExW, SetWindowsHookW, ShowCaret, ShowCursor, ShowOwnedPopups, ShowScrollBar, ShowStartGlass, ShowWindow, ShowWindowAsync, SoftModalMessageBox, SubtractRect, SwapMouseButton, SwitchDesktop, SwitchToThisWindow, SystemParametersInfoA, SystemParametersInfoW, TabbedTextOutA, TabbedTextOutW, TileChildWindows, TileWindows, ToAscii, ToAsciiEx, ToUnicode, ToUnicodeEx, TrackMouseEvent, TrackPopupMenu, TrackPopupMenuEx, TranslateAccelerator, TranslateAcceleratorA, TranslateAcceleratorW, TranslateMDISysAccel, TranslateMessage, TranslateMessageEx, UnhookWinEvent, UnhookWindowsHook, UnhookWindowsHookEx, UnionRect, UnloadKeyboardLayout, UnlockWindowStation, UnpackDDElParam, UnregisterClassA, UnregisterClassW, UnregisterDeviceNotification, UnregisterHotKey, UnregisterMessagePumpHook, UnregisterUserApiHook, UpdateLayeredWindow, UpdatePerUserSystemParameters, UpdateWindow, User32InitializeImmEntryTable, UserClientDllInitialize, UserHandleGrantAccess, UserLpkPSMTextOut, UserLpkTabbedTextOut, UserRealizePalette, UserRegisterWowHandlers, VRipOutput, VTagOutput, ValidateRect, ValidateRgn, VkKeyScanA, VkKeyScanExA, VkKeyScanExW, VkKeyScanW, WCSToMBEx, WINNLSEnableIME, WINNLSGetEnableStatus, WINNLSGetIMEHotkey, WaitForInputIdle, WaitMessage, Win32PoolAllocationStats, WinHelpA, WinHelpW, WindowFromDC, WindowFromPoint, keybd_event, mouse_event, wsprintfA, wsprintfW, wvsprintfA, wvsprintfW
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 390144
CompanyName: Microsoft Corporation
EntryPoint: 0xb217
FileDescription: Client-DLL f r Windows XP USER-API
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 566 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 5.1.2600.5512 (xpsp.080413-2105)
FileVersionNumber: 5.1.2600.5512
ImageVersion: 5.1
InitializedDataSize: 188928
InternalName: user32
LanguageCode: German
LegalCopyright: Microsoft Corporation. Alle Rechte vorbehalten.
LinkerVersion: 7.1
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.1
ObjectFileType: Dynamic link library
OriginalFilename: user32
PEType: PE32
ProductName: Betriebssystem Microsoft Windows
ProductVersion: 5.1.2600.5512
ProductVersionNumber: 5.1.2600.5512
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2008:04:14 04:21:43+02:00
UninitializedDataSize: 0
Warning: Possibly corrupt Version resource

Bob003 22.10.2010 19:19
Code:
ComboFix 10-10-22.02 - Administrator 22.10.2010  20:06:46.1.1 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1527.1125 [GMT 2:00]
ausgeführt von:: d:\downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\All Users\Dokumente\Server\admin.txt
c:\dokumente und einstellungen\All Users\Dokumente\Server\server.dat
C:\Thumbs.db

Infizierte Kopie von c:\windows\system32\winlogon.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\ServicePackFiles\i386\winlogon.exe wurde wiederhergestellt

Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\ServicePackFiles\i386\explorer.exe wurde wiederhergestellt

c:\windows\system32\drivers\cdrom.sys fehlte
Kopie von - c:\windows\ServicePackFiles\i386\cdrom.sys wurde wiederhergestellt

.
(((((((((((((((((((((((  Dateien erstellt von 2010-09-22 bis 2010-10-22  ))))))))))))))))))))))))))))))
.

2010-10-22 18:11 . 2008-04-13 22:10        62976        ----a-w-        c:\windows\system32\drivers\cdrom.sys
2010-10-22 07:45 . 2008-03-21 11:57        14640        ------w-        c:\windows\system32\spmsgXP_2k3.dll
2010-10-22 07:37 . 2010-10-22 07:37        25512        ----a-w-        c:\windows\system32\drivers\ggsemc.sys
2010-10-22 07:37 . 2010-10-22 07:37        13224        ----a-w-        c:\windows\system32\drivers\ggflt.sys
2010-10-22 07:37 . 2010-10-22 07:37        1112288        ----a-w-        c:\windows\system32\WdfCoInstaller01007.dll
2010-10-22 07:37 . 2010-10-22 07:37        --------        d-----w-        c:\windows\system32\DRVSTORE
2010-10-22 04:39 . 2010-10-22 04:39        --------        d-----w-        c:\programme\Gemeinsame Dateien\Adobe
2010-10-19 18:42 . 2010-10-19 18:42        --------        d-----w-        c:\programme\Microsoft
2010-10-19 18:42 . 2010-10-19 18:42        --------        d-----w-        c:\programme\Windows Live SkyDrive
2010-10-19 18:41 . 2010-10-19 18:41        --------        d-----w-        c:\programme\Windows Live
2010-10-19 09:56 . 2010-10-19 09:56        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-10-18 13:46 . 2010-10-18 13:46        --------        d-----w-        C:\$AVG
2010-10-18 13:13 . 2010-10-18 13:13        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\AVG10
2010-10-18 13:12 . 2010-10-18 13:12        --------        d--h--w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Common Files
2010-10-18 13:10 . 2010-10-18 13:10        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVG10
2010-10-18 13:00 . 2010-10-18 13:00        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\MFAData
2010-10-18 12:35 . 2010-10-18 12:35        580096        ----a-w-        c:\windows\system32\dllcache\user32.dll
2010-10-18 12:30 . 2010-10-18 12:30        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Gutscheinmieze
2010-10-18 12:26 . 2009-11-12 12:48        7168        ----a-w-        c:\windows\system32\drivers\StarOpen.sys
2010-10-15 12:57 . 2010-10-15 12:57        --------        d-----w-        c:\windows\SxsCaPendDel
2010-10-14 22:01 . 2010-10-14 22:01        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\skypePM
2010-10-14 21:55 . 2010-10-14 21:55        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Skype
2010-10-14 21:55 . 2010-10-14 21:55        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
2010-10-14 17:39 . 2007-02-12 12:50        20480        ----a-w-        c:\windows\FixCamera.exe
2010-10-12 16:55 . 2010-10-12 16:55        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Identities
2010-10-12 14:05 . 2010-10-12 14:05        --------        d-----w-        c:\windows\Sun
2010-10-12 14:00 . 2010-10-12 14:00        423656        ----a-w-        c:\windows\system32\deployJava1.dll
2010-10-12 14:00 . 2010-10-12 14:00        423656        ----a-w-        c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-01 17:46 . 2010-10-01 17:46        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\vlc
2010-10-01 17:16 . 2010-10-01 17:16        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Canneverbe Limited
2010-10-01 16:44 . 2010-10-01 16:44        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Canneverbe Limited

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 10:21 . 2010-08-31 18:01        2516        --sha-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
2010-09-17 10:20 . 2010-08-31 18:01        88        --sh--r-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\2C69BD85DE.sys
2010-09-13 14:27 . 2010-09-13 14:27        25680        ----a-w-        c:\windows\system32\drivers\AVGIDSEH.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 2DD94551294E8E9BD086DAF840D8AB27 . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2006-07-16 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 45CE0641FC476C7C21AEF5CEE58E3F33 . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2006-07-16 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="d:\programme\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1064:TCP"= 1064:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.09.2010 16:27 25680]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [22.10.2010 09:37 13224]
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\frpay4z7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: d:\programme\Reader\browser\nppdf32.dll
FF - plugin: d:\vlc\npvlc.dll

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-22 20:13
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(3464)
c:\windows\system32\msi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\rundll32.exe
d:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-22  20:17:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-10-22 18:17

Vor Suchlauf: 538.050.560 Bytes frei
Nach Suchlauf: 503.377.920 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 01E23C7E9BD01E9F0F6D9BDB523E9815

Chris4You 22.10.2010 19:42
Hi,

sofort Cureit hinter jagen und den JOB (ECCZN.job) umgehend löschen (der ist mit hoher Wahrscheinlichkeit da, das Teil neu zu installieren)...
(Achtung, das Teil ist hidden!)

Cureit:
http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

Danach bitte ein neues OTL-Log posten...
  • Starte bitte die OTL.exe
  • Vista/Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox

Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
mv61xx.sys
/md5stop
c:\windows\system32\drivers\*.sys /lockedfiles
c:\windows\system32\*.dll /lockedfiles
%systemroot%\*. /mp /s
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button
  • Klick auf OK
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread



chris

Bob003 22.10.2010 21:21
Code:
C:\WINDOWS\system32\weg48.f3d gepackt von XOREXE
>C:\WINDOWS\system32\weg48.f3d infiziert mit Win32.HLLW.Okamai.origin - nicht desinfizierbar - verschoben
C:\WINDOWS\system32\winlogon.exe gepackt von FLY-CODE
>C:\WINDOWS\system32\winlogon.exe - OK
C:\WINDOWS\system32\mscories.dll - OK
C:\WINDOWS\system32\gs78.c3 gepackt von XOREXE
>C:\WINDOWS\system32\gs78.c3 infiziert mit Trojan.Rvz.10 - gelöscht
C:\WINDOWS\system32\sessmgr.exe - OK
C:\WINDOWS\system32\sl_anet.acm - OK
C:\WINDOWS\system32\msgsvc.dll - OK
C:\WINDOWS\system32\fwe43g347347.w6 gepackt von XOREXE
>C:\WINDOWS\system32\fwe43g347347.w6 infiziert mit Win32.HLLW.Okamai.12 - gelöscht
C:\WINDOWS\system32\desk.cpl - OK
C:\WINDOWS\system32\wuauclt.exe - OK
Gescannt: 5421
Infiziert: 3
Modifikationen: 0
Verdächtig: 0
Adware: 0
Dialer: 0
Scherzprogramme: 0
Riskware: 0
Hacktools: 0
Desinfiziert: 0
Gelöscht: 2
Umbenannt: 0
Verschoben: 1
Ignoriert: 0
Geschwindigkeit:: 868 Kb/s
Dauer:: 0:15:16

Bob003 22.10.2010 21:22
OTL Logfile:
Code:
OTL logfile created on: 22.10.2010 21:47:38 - Run 2
OTL by OldTimer - Version 3.2.16.0    Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 500 744 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 4,87 Gb Total Space | 0,52 Gb Free Space | 10,63% Space Free | Partition Type: FAT32
Drive D: | 32,37 Gb Total Space | 30,95 Gb Free Space | 95,59% Space Free | Partition Type: NTFS
 
Computer Name: CPMW-B7CD394AA2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - D:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WMConnectCDS) -- C:\Programme\Windows Media Connect 2\wmccds.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (NMSAccess) -- D:\Programme\CDBurnerXP\NMSAccessU.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\WINDOWS\System32\DRIVERS\snp2sxp.sys File not found
DRV - (DwProt) --  File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (VIAudio) VIA AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\viaudios.sys (VIA Technologies, Inc.)
DRV - (FA312) -- C:\WINDOWS\system32\drivers\FA312nd5.sys (NETGEAR Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.18 16:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.29 19:29:38 | 000,000,000 | ---D | M]
 
[2010.10.18 16:02:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.10.18 16:02:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\frpay4z7.default\extensions
[2010.10.18 16:04:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\frpay4z7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.18 16:02:24 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.10.12 16:00:18 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.14 23:32:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 23:32:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 23:32:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.22 20:12:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Programme\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\WALLPAPER\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\WALLPAPER\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.29 19:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.22 20:56:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\DoctorWeb
[2010.10.22 20:17:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.10.22 20:06:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.10.22 20:05:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.10.22 20:05:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.10.22 20:05:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.10.22 20:05:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.10.22 20:04:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.10.22 20:04:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.10.22 09:45:30 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2010.10.22 09:37:44 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll
[2010.10.22 09:37:44 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2010.10.22 09:37:44 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[2010.10.22 09:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010.10.22 07:55:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.10.22 07:14:18 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2010.10.22 06:39:43 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe
[2010.10.19 21:08:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.10.19 20:42:42 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2010.10.19 20:42:09 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive
[2010.10.19 20:41:41 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live
[2010.10.19 11:56:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.10.18 16:02:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2010.10.18 15:46:50 | 000,000,000 | ---D | C] -- C:\$AVG
[2010.10.18 15:13:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AVG10
[2010.10.18 15:12:35 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2010.10.18 15:10:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10
[2010.10.18 15:00:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2010.10.18 14:35:18 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010.10.18 14:30:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Gutscheinmieze
[2010.10.18 14:16:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Server
[2010.10.15 14:57:52 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Config.Msi
[2010.10.15 14:57:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010.10.15 00:01:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skypePM
[2010.10.14 23:55:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype
[2010.10.14 23:55:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
[2010.10.12 18:55:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Identities
[2010.10.12 16:05:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010.10.12 16:00:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.10.12 16:00:28 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.10.12 15:59:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun
[2010.10.01 19:46:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
[2010.10.01 19:16:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canneverbe Limited
[2010.10.01 18:44:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.09.29 07:57:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
[56 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.22 21:25:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.22 21:13:24 | 000,000,213 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DrWeb.csv
[2010.10.22 20:06:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010.10.22 19:46:54 | 000,003,307 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Dokument.rtf
[2010.10.22 11:43:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.10.22 09:48:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.10.22 09:48:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.10.22 09:48:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010.10.22 09:37:40 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll
[2010.10.22 09:37:40 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2010.10.22 09:37:40 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[2010.10.22 08:42:28 | 000,269,857 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\attachment.pdf
[2010.10.22 06:39:54 | 000,001,440 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.10.22 06:37:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.19 20:30:20 | 000,007,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.18 16:02:28 | 000,001,470 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.10.18 14:56:00 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.10.18 14:38:38 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.18 14:35:18 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010.10.18 14:26:14 | 000,000,690 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CDBurnerXP.lnk
[2010.10.14 21:52:06 | 000,045,612 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00035.JPG
[2010.10.14 14:37:22 | 000,060,193 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00032.JPG
[2010.10.12 16:00:18 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.10.01 19:46:00 | 000,000,408 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2010.10.01 19:28:36 | 000,000,166 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\trueburner.ini
[2010.10.01 18:43:46 | 000,416,044 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.10.01 18:43:46 | 000,401,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.01 18:43:46 | 000,075,392 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.10.01 18:43:46 | 000,062,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.10.01 18:31:10 | 000,136,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.09.29 19:57:08 | 000,000,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\achhenre.rtf
[56 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.22 21:13:22 | 000,000,213 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DrWeb.csv
[2010.10.22 20:06:15 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.10.22 20:06:13 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2010.10.22 20:05:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.10.22 20:05:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.10.22 20:05:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.10.22 20:05:00 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.10.22 20:05:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.10.22 19:46:52 | 000,003,307 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Dokument.rtf
[2010.10.22 09:48:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.10.22 09:48:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.10.22 09:48:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010.10.22 08:42:26 | 000,269,857 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\attachment.pdf
[2010.10.22 06:39:52 | 000,001,440 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.10.18 16:02:26 | 000,001,470 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.10.18 14:55:58 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.10.18 14:38:37 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.18 14:26:13 | 000,000,690 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CDBurnerXP.lnk
[2010.10.18 14:26:12 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.10.14 19:39:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe
[2010.10.14 17:09:13 | 000,045,612 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00035.JPG
[2010.10.14 17:05:25 | 000,060,193 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00032.JPG
[2010.10.01 19:45:59 | 000,000,408 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2010.10.01 19:43:22 | 000,007,168 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.01 19:22:25 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\trueburner.ini
[2010.09.29 19:57:06 | 000,000,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\achhenre.rtf
[2010.08.31 20:01:53 | 000,002,516 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2010.08.31 20:01:53 | 000,000,088 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2C69BD85DE.sys
[2010.08.30 16:49:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2010.08.29 18:52:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2006.07.17 00:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2006.07.17 00:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.07.17 00:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2006.07.17 00:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2006.07.17 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2006.07.17 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\SoftwareDistribution\Download\6d7942155110b701ebe17a64d84cc620\backup\sp2qfe\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\SoftwareDistribution\Download\9a1182b50c9ecbd8bedf4c560755eafc\sp2qfe\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2006.07.17 00:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< c:\windows\system32\drivers\*.sys /lockedfiles >
 
< c:\windows\system32\*.dll /lockedfiles >
[1 c:\windows\system32\*.tmp files -> c:\windows\system32\*.tmp -> ]
 
< %systemroot%\*. /mp /s >
 
< %PROGRAMFILES%\*. >
[2010.08.29 18:52:46 | 000,000,000 | ---D | M] -- C:\Programme\Gemeinsame Dateien
[2010.08.29 19:01:30 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT
[2010.08.29 19:02:08 | 000,000,000 | ---D | M] -- C:\Programme\MSN Gaming Zone
[2010.08.29 19:02:12 | 000,000,000 | ---D | M] -- C:\Programme\Messenger
[2010.08.29 19:02:22 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player
[2010.10.19 20:41:42 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live
[2010.10.19 20:42:10 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live SkyDrive
[2010.08.29 19:03:40 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer
[2010.08.29 19:03:50 | 000,000,000 | ---D | M] -- C:\Programme\Outlook Express
[2010.08.29 19:03:54 | 000,000,000 | ---D | M] -- C:\Programme\NetMeeting
[2010.08.29 19:04:04 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker
[2010.08.29 19:05:08 | 000,000,000 | ---D | M] -- C:\Programme\Online-Dienste
[2010.08.29 19:05:14 | 000,000,000 | ---D | M] -- C:\Programme\WindowsUpdate
[2010.10.19 20:42:44 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft
[2010.08.29 19:15:48 | 000,000,000 | ---D | M] -- C:\Programme\microsoft frontpage
[2010.08.29 19:15:48 | 000,000,000 | ---D | M] -- C:\Programme\xerox
[2010.08.29 19:25:08 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information
[2010.08.29 19:29:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox
[2010.08.30 16:16:48 | 000,000,000 | -H-D | M] -- C:\Programme\InstallShield Installation Information
[2010.08.30 16:49:08 | 000,000,000 | ---D | M] -- C:\Programme\VIA Technologies, Inc
[2010.08.30 18:14:28 | 000,000,000 | ---D | M] -- C:\Programme\Recuva
[2010.09.01 17:12:30 | 000,000,000 | ---D | M] -- C:\Programme\DivX
[2010.09.08 16:41:06 | 000,000,000 | ---D | M] -- C:\Programme\OpenOffice.org 3
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-01 12:53:58

< End of report >
--- --- ---

[/CODE]

Bob003 22.10.2010 21:23
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 22.10.2010 21:47:38 - Run 2
OTL by OldTimer - Version 3.2.16.0    Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 500 744 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 4,87 Gb Total Space | 0,52 Gb Free Space | 10,63% Space Free | Partition Type: FAT32
Drive D: | 32,37 Gb Total Space | 30,95 Gb Free Space | 95,59% Space Free | Partition Type: NTFS
 
Computer Name: CPMW-B7CD394AA2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"1064:TCP" = 1064:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Recuva" = Recuva
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"VLC media player" = VLC media player 1.1.4
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMCSetup" = Windows Media Connect
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.09.2010 14:21:01 | Computer Name = CPMW-B7CD394AA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Recuva.exe, Version 1.38.0.504, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 01.10.2010 12:15:11 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:12 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:12 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:13 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:15 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:16 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:17 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:18 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:22 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 1043
Description = Fehler beim Starten einer Windows Installer-Transaktion: . Beim Beenden
 der Transaktion ist Fehler 5 aufgetreten.
 
[ System Events ]
Error - 01.10.2010 13:16:51 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:16:57 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:17:04 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:17:20 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:17:26 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:18:14 | Computer Name = CPMW-B7CD394AA2 | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort1 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 01.10.2010 13:18:18 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:18:25 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:30:44 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:30:47 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
 
< End of report >
--- --- ---


[/CODE]

Chris4You 22.10.2010 22:38
Hi,

das gefällt mir noch nicht ganz...

XP:
sfc /scannow
1.) Start->ausführen cmd eingeben
2.) sfc /scannow eingeben
3.) XP-CD bereithalten, falls fehlerhafte Dateien gefunden werden
(bei OEM-Rechnern befindet sich i. a. ein entsprechendes Verzeichnis bereits auf der Festplatte)
4.) warten...

Was macht der Rechner?

chris

Bob003 23.10.2010 10:35
Windows Dateischutzfenster ging auf es lief ein blauer Balken voll und dann ging das fenstr wieder zu.

Windows Cd musst ich nicht einlegen.

Bob003 23.10.2010 10:39
Eine Frage nebenbei,welches Antiviren Programm für einen Dauerhaften Betrieb im Hintergrund empfiehlst du?

Bob003 23.10.2010 10:43
Es ist immer noch was drauf irgendwie....wenn ich bei google was gesucht habe und dann auf den link klicke kommt nen vollkommen andere seite auch wenn ich andere wörter und seiten suche und darauf klicke kommt entweder die selbe komische seite oder andere.

Bob003 23.10.2010 10:47
Code:
C:\WINDOWS\system32\weg48.f3d infiziert mit Win32.HLLW.Okamai.origin - nicht desinfizierbar - verschoben
Liegt das vlt an der sache was Cureit nur verschieben konnte?

Chris4You 23.10.2010 19:12
Hi,

das sieht jetzt eher wie TDDS aus...

Wird auch der IE umgeleitet?

Schauen wir noch mal nach den userinit und winlogon...

  • Starte bitte die OTL.exe
  • Vista/Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox

Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
mv61xx.sys
winlogon.exe
userinit.exe
/md5stop
c:\windows\system32\drivers\*.sys /lockedfiles
c:\windows\system32\*.dll /lockedfiles
%systemroot%\*. /mp /s
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button
  • Klick auf OK
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Defogger
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick. Vista User: Bitte mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert nun zum Neustart auf. Bestätige dies mit OK.
  • DeFogger erstellt nun ein Logfile auf dem Desktop (defogger_disable).
Poste bitte den Inhalt der Logfile in Deiner nächsten Antwort. Wenn wir die Bereinigung beendet haben, starte bitte defogger erneut und klicke den Re-enable Button.

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte gmer und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Stürzt GMER ab, bitte im abgesicherten Modus (F8 beim Booten) probieren!

Deployment-Cache löschen:
Folge den Anweisungen auf dieser Seite
http://www.java.com/de/download/help/cache_virus.xml
und dann dem Abschnitt "Lösung"...

chris

Bob003 26.10.2010 05:07
Code:
OTL logfile created on: 26.10.2010 06:02:30 - Run 4
OTL by OldTimer - Version 3.2.17.1    Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 500 744 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 4,87 Gb Total Space | 0,70 Gb Free Space | 14,28% Space Free | Partition Type: FAT32
Drive D: | 32,37 Gb Total Space | 31,23 Gb Free Space | 96,47% Space Free | Partition Type: NTFS
 
Computer Name: CPMW-B7CD394AA2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Recuva\Recuva.exe (Piriform Ltd)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - D:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WMConnectCDS) -- C:\Programme\Windows Media Connect 2\wmccds.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (NMSAccess) -- D:\Programme\CDBurnerXP\NMSAccessU.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\WINDOWS\System32\DRIVERS\snp2sxp.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (VIAudio) VIA AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\viaudios.sys (VIA Technologies, Inc.)
DRV - (FA312) -- C:\WINDOWS\system32\drivers\FA312nd5.sys (NETGEAR Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.18 16:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.29 19:29:38 | 000,000,000 | ---D | M]
 
[2010.10.18 16:02:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.10.18 16:02:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\frpay4z7.default\extensions
[2010.10.23 16:22:08 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\frpay4z7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.18 16:02:24 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.10.12 16:00:18 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.14 23:32:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 23:32:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 23:32:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.23 16:15:36 | 000,422,512 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 14591 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Programme\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\WALLPAPER\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\WALLPAPER\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.29 19:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.26 06:00:32 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2010.10.25 22:52:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.10.25 22:52:07 | 000,073,728 | ---- | C] (Sonix) -- C:\WINDOWS\System32\vsnp2std.dll
[2010.10.22 22:01:55 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010.10.22 20:56:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\DoctorWeb
[2010.10.22 20:17:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.10.22 20:06:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.10.22 20:05:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.10.22 20:05:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.10.22 20:05:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.10.22 20:05:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.10.22 20:04:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.10.22 20:04:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.10.22 09:45:30 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2010.10.22 09:37:44 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll
[2010.10.22 09:37:44 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2010.10.22 09:37:44 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[2010.10.22 09:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010.10.22 07:55:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.10.22 06:39:43 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe
[2010.10.19 21:08:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.10.19 20:42:42 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2010.10.19 20:42:09 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive
[2010.10.19 20:41:41 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live
[2010.10.19 11:56:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.10.18 16:02:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2010.10.18 15:46:50 | 000,000,000 | ---D | C] -- C:\$AVG
[2010.10.18 15:13:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AVG10
[2010.10.18 15:12:35 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2010.10.18 15:10:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10
[2010.10.18 15:00:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2010.10.18 14:35:18 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010.10.18 14:30:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Gutscheinmieze
[2010.10.18 14:16:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Server
[2010.10.15 14:57:52 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Config.Msi
[2010.10.15 14:57:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010.10.15 00:01:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skypePM
[2010.10.14 23:55:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype
[2010.10.14 23:55:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
[2010.10.12 18:55:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Identities
[2010.10.12 16:05:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010.10.12 16:00:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.10.12 16:00:28 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.10.12 15:59:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun
[2010.10.01 19:46:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
[2010.10.01 19:16:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canneverbe Limited
[2010.10.01 18:44:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.09.29 07:57:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
[56 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.25 22:47:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.25 03:01:28 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2010.10.25 02:58:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.23 16:07:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.10.23 10:46:24 | 000,056,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00050.JPG
[2010.10.23 10:46:00 | 000,069,257 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00049.JPG
[2010.10.23 10:45:50 | 000,061,257 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00048.JPG
[2010.10.22 20:06:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010.10.22 09:48:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.10.22 09:48:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.10.22 09:48:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010.10.22 09:37:40 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll
[2010.10.22 09:37:40 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2010.10.22 09:37:40 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[2010.10.22 06:39:54 | 000,001,440 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.10.19 20:30:20 | 000,007,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.18 16:02:28 | 000,001,470 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.10.18 14:56:00 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.10.18 14:38:38 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.18 14:35:18 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010.10.18 14:26:14 | 000,000,690 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CDBurnerXP.lnk
[2010.10.14 21:52:06 | 000,045,612 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00035.JPG
[2010.10.14 14:37:22 | 000,060,193 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00032.JPG
[2010.10.12 16:00:18 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.10.01 19:46:00 | 000,000,408 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2010.10.01 19:28:36 | 000,000,166 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\trueburner.ini
[2010.10.01 18:43:46 | 000,416,044 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.10.01 18:43:46 | 000,401,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.01 18:43:46 | 000,075,392 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.10.01 18:43:46 | 000,062,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.10.01 18:31:10 | 000,136,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[56 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.25 03:01:26 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2010.10.23 13:01:59 | 000,069,257 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00049.JPG
[2010.10.23 13:01:59 | 000,061,257 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00048.JPG
[2010.10.23 13:01:59 | 000,056,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00050.JPG
[2010.10.22 20:06:15 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.10.22 20:06:13 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2010.10.22 20:05:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.10.22 20:05:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.10.22 20:05:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.10.22 20:05:00 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.10.22 20:05:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.10.22 09:48:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.10.22 09:48:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.10.22 09:48:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010.10.22 06:39:52 | 000,001,440 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.10.18 16:02:26 | 000,001,470 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.10.18 14:55:58 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.10.18 14:38:37 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.18 14:26:13 | 000,000,690 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CDBurnerXP.lnk
[2010.10.18 14:26:12 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.10.14 19:39:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe
[2010.10.14 17:09:13 | 000,045,612 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00035.JPG
[2010.10.14 17:05:25 | 000,060,193 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00032.JPG
[2010.10.01 19:45:59 | 000,000,408 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2010.10.01 19:43:22 | 000,007,168 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.01 19:22:25 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\trueburner.ini
[2010.08.31 20:01:53 | 000,002,516 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2010.08.31 20:01:53 | 000,000,088 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2C69BD85DE.sys
[2010.08.30 16:49:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2010.08.29 18:52:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2006.07.17 00:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2006.07.17 00:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.07.17 00:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2006.07.17 00:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2006.07.17 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2006.07.17 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\SoftwareDistribution\Download\6d7942155110b701ebe17a64d84cc620\backup\sp2qfe\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\SoftwareDistribution\Download\9a1182b50c9ecbd8bedf4c560755eafc\sp2qfe\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2006.07.17 00:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2006.07.17 00:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=1A6ADB86B0FD7E1822BAA78D258BC73F -- C:\WINDOWS\system32\winlogon.exe
[2006.07.17 00:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
 
< c:\windows\system32\drivers\*.sys /lockedfiles >
 
< c:\windows\system32\*.dll /lockedfiles >
[1 c:\windows\system32\*.tmp files -> c:\windows\system32\*.tmp -> ]
 
< %systemroot%\*. /mp /s >
 
< %PROGRAMFILES%\*. >
[2010.08.29 18:52:46 | 000,000,000 | ---D | M] -- C:\Programme\Gemeinsame Dateien
[2010.08.29 19:01:30 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT
[2010.08.29 19:02:08 | 000,000,000 | ---D | M] -- C:\Programme\MSN Gaming Zone
[2010.08.29 19:02:12 | 000,000,000 | ---D | M] -- C:\Programme\Messenger
[2010.08.29 19:02:22 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player
[2010.10.19 20:41:42 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live
[2010.10.19 20:42:10 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live SkyDrive
[2010.08.29 19:03:40 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer
[2010.08.29 19:03:50 | 000,000,000 | ---D | M] -- C:\Programme\Outlook Express
[2010.08.29 19:03:54 | 000,000,000 | ---D | M] -- C:\Programme\NetMeeting
[2010.08.29 19:04:04 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker
[2010.08.29 19:05:08 | 000,000,000 | ---D | M] -- C:\Programme\Online-Dienste
[2010.08.29 19:05:14 | 000,000,000 | ---D | M] -- C:\Programme\WindowsUpdate
[2010.10.19 20:42:44 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft
[2010.08.29 19:15:48 | 000,000,000 | ---D | M] -- C:\Programme\microsoft frontpage
[2010.08.29 19:15:48 | 000,000,000 | ---D | M] -- C:\Programme\xerox
[2010.08.29 19:25:08 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information
[2010.08.29 19:29:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox
[2010.08.30 16:16:48 | 000,000,000 | -H-D | M] -- C:\Programme\InstallShield Installation Information
[2010.08.30 16:49:08 | 000,000,000 | ---D | M] -- C:\Programme\VIA Technologies, Inc
[2010.08.30 18:14:28 | 000,000,000 | ---D | M] -- C:\Programme\Recuva
[2010.09.01 17:12:30 | 000,000,000 | ---D | M] -- C:\Programme\DivX
[2010.09.08 16:41:06 | 000,000,000 | ---D | M] -- C:\Programme\OpenOffice.org 3
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-01 12:53:58

< End of report >

Code:
OTL Extras logfile created on: 26.10.2010 06:02:30 - Run 4
OTL by OldTimer - Version 3.2.17.1    Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 500 744 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 4,87 Gb Total Space | 0,70 Gb Free Space | 14,28% Space Free | Partition Type: FAT32
Drive D: | 32,37 Gb Total Space | 31,23 Gb Free Space | 96,47% Space Free | Partition Type: NTFS
 
Computer Name: CPMW-B7CD394AA2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"1064:TCP" = 1064:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Recuva" = Recuva
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"VLC media player" = VLC media player 1.1.4
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMCSetup" = Windows Media Connect
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.09.2010 14:21:01 | Computer Name = CPMW-B7CD394AA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Recuva.exe, Version 1.38.0.504, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 01.10.2010 12:15:11 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:12 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:12 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:13 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:15 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:16 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:17 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:18 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:22 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 1043
Description =
 
[ System Events ]
Error - 01.10.2010 13:16:51 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:16:57 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:17:04 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:17:20 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:17:26 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:18:14 | Computer Name = CPMW-B7CD394AA2 | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort1 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 01.10.2010 13:18:18 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:18:25 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:30:44 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:30:47 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
 
< End of report >

Bob003 26.10.2010 05:12
Wenn ich Defooger Starte und nach der Anleitung vor gehe kommt am ende Finish und ich drücke Ok aber dann kommt keine meldung das er einen neu start haben will.

Bob003 26.10.2010 05:16
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 06:10 on 26/10/2010 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Code:
defogger_enable by jpshortstuff (23.02.10.1)
Log created at 06:12 on 26/10/2010 (Administrator)

Parsing file...


-=E.O.F=-

Bob003 26.10.2010 05:25
Code:
GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit scan 2010-10-26 06:24:39
Windows 5.1.2600 Service Pack 3
Running: 761pwp17.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\kgeoykow.sys


---- User code sections - GMER 1.0.15 ----

.text  C:\WINDOWS\Explorer.EXE[1304] kernel32.dll!CreateProcessInternalW      7C81979C 5 Bytes  JMP 009E85CB
.text  C:\Programme\Mozilla Firefox\firefox.exe[3588] ntdll.dll!LdrLoadDll    7C9263A3 5 Bytes  JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text  C:\Programme\Mozilla Firefox\firefox.exe[3588] WS2_32.dll!closesocket  71A13E2B 5 Bytes  JMP 00156367
.text  C:\Programme\Mozilla Firefox\firefox.exe[3588] WS2_32.dll!send        71A14C27 5 Bytes  JMP 00155F60
.text  C:\Programme\Mozilla Firefox\firefox.exe[3588] WS2_32.dll!WSARecv      71A14CB5 5 Bytes  JMP 00156138
.text  C:\Programme\Mozilla Firefox\firefox.exe[3588] WS2_32.dll!recv        71A1676F 5 Bytes  JMP 00155FD3
.text  C:\Programme\Mozilla Firefox\firefox.exe[3588] WS2_32.dll!WSASend      71A168FA 5 Bytes  JMP 0015609E

---- EOF - GMER 1.0.15 ----

Bob003 26.10.2010 05:31
Zitat:
Öffnen Sie in der Systemsteuerung das Java Plug-in Bedienungsfeld
Wo steht das in der Systemsteuerung?Finde da kein Java.

Chris4You 26.10.2010 07:17
Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
C:\WINDOWS\System32\ir32_32.dll
C:\WINDOWS\System32\dllcache\user32.dll
C:\WINDOWS\system32\winlogon.exe
C:\Windows\System32\WS2_32.dll
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Prevx:
Das Tool neigt zu Fehlalarmen und kann in der freien Version auch nichts löschen, ist aber sonst recht gut... (und läuft auch auf 64Bit-Plattformen)
Prevx 3.0 for Home and Family
Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters...

chris

Bob003 26.10.2010 11:36
File: ir32_32.dll
Code:
ir32_32.dll
Submission date:
2010-10-26 10:22:19 (UTC)
Current status:
queued (#11) queued analysing finished
Result:
0/ 43 (0.0%)
       
VT Community

not reviewed
 Safety score: -
Compact
Print results
Antivirus        Version        Last Update        Result
AhnLab-V3        2010.10.26.01        2010.10.26        -
AntiVir        7.10.13.42        2010.10.26        -
Antiy-AVL        2.0.3.7        2010.10.26        -
Authentium        5.2.0.5        2010.10.26        -
Avast        4.8.1351.0        2010.10.26        -
Avast5        5.0.594.0        2010.10.26        -
AVG        9.0.0.851        2010.10.26        -
BitDefender        7.2        2010.10.26        -
CAT-QuickHeal        11.00        2010.10.26        -
ClamAV        0.96.2.0-git        2010.10.26        -
Comodo        6513        2010.10.26        -
DrWeb        5.0.2.03300        2010.10.26        -
Emsisoft        5.0.0.50        2010.10.26        -
eSafe        7.0.17.0        2010.10.25        -
eTrust-Vet        36.1.7936        2010.10.26        -
F-Prot        4.6.2.117        2010.10.25        -
F-Secure        9.0.16160.0        2010.10.26        -
Fortinet        4.2.249.0        2010.10.26        -
GData        21        2010.10.26        -
Ikarus        T3.1.1.90.0        2010.10.26        -
Jiangmin        13.0.900        2010.10.26        -
K7AntiVirus        9.66.2830        2010.10.25        -
Kaspersky        7.0.0.125        2010.10.26        -
McAfee        5.400.0.1158        2010.10.26        -
McAfee-GW-Edition        2010.1C        2010.10.26        -
Microsoft        1.6301        2010.10.26        -
NOD32        5563        2010.10.26        -
Norman        6.06.10        2010.10.25        -
nProtect        2010-10-26.01        2010.10.26        -
Panda        10.0.2.7        2010.10.25        -
PCTools        7.0.3.5        2010.10.26        -
Prevx        3.0        2010.10.26        -
Rising        22.71.00.03        2010.10.26        -
Sophos        4.58.0        2010.10.26        -
Sunbelt        7142        2010.10.26        -
SUPERAntiSpyware        4.40.0.1006        2010.10.26        -
Symantec        20101.2.0.161        2010.10.26        -
TheHacker        6.7.0.1.066        2010.10.25        -
TrendMicro        9.120.0.1004        2010.10.26        -
TrendMicro-HouseCall        9.120.0.1004        2010.10.26        -
VBA32        3.12.14.1        2010.10.25        -
ViRobot        2010.10.25.4110        2010.10.26        -
VirusBuster        12.70.4.0        2010.10.25        -
Additional information
Show all
MD5  : cf159355de2c8b4633172353cc22ed89
SHA1  : 548fa23e00e81f594094da3e562d553b712da1ca
SHA256: 45cce3619bf4383bda577ce79e150798339850290c51f83aca602e88845adf8d
ssdeep: 3072:yq1uRIvVwC7dzJ4zGNpxMOUyiYz1IBipa1at95gEziNSA1aqDO/:rxX7dzKSdFTi2j5gUi
gA
File size : 199168 bytes
First seen: 2009-05-12 05:00:12
Last seen : 2010-10-26 10:22:19
TrID:
Win32 Executable MS Visual C++ (generic) (65.1%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x123C3
timedatestamp....: 0x3B7E5670 (Sat Aug 18 11:50:08 2001)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x15866, 0x15A00, 6.55, 820c6b3b316495a427804f6bbaefc89d
.bss, 0x17000, 0x243E0, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rdata, 0x3C000, 0x23C, 0x400, 2.78, 9eb0c41fd5f56bfc72e2770478b8a84b
.data, 0x3D000, 0x177B8, 0x17800, 3.01, f9864ba7c462b3d3b933c2a246352cdd
.idata, 0x55000, 0x58E, 0x600, 5.51, 9915f4f4c0a3afc06aa208cc4ffd45a3
.edata, 0x56000, 0x90, 0x200, 1.68, f75928ecab740a1a47d43c778fdb229c
.rsrc, 0x57000, 0x1428, 0x1600, 3.14, d74bf022dcca9d8a0d88b696a8b18366
.reloc, 0x59000, 0x1140, 0x1200, 5.61, 6ef3de6a1eff93f477aad3b630906f25

[[ 4 import(s) ]]
GDI32.dll: CreateCompatibleDC, DeleteDC, SelectObject, BitBlt, GetSystemPaletteEntries, GetObjectA, GetNearestColor, GetDeviceCaps
KERNEL32.dll: GetSystemInfo, GlobalLock, GlobalAlloc, GlobalFree, GlobalUnlock, LocalFree, LocalAlloc, MultiByteToWideChar, WideCharToMultiByte, RtlUnwind, WriteFile, GetProcAddress, GetFileType, GetStdHandle, GetStartupInfoA, GetOEMCP, GetACP, GetCPInfo, LoadLibraryA, GetModuleHandleA, GetLastError, VirtualAlloc, VirtualFree, GetModuleFileNameA, GetVersion, GetCommandLineA, GetEnvironmentStrings, ExitProcess
USER32.dll: MessageBoxA, GetWindowRect, EndPaint, DialogBoxParamA, GetDlgItemInt, EndDialog, PostMessageA, SetDlgItemTextA, wsprintfA, GetDC, ReleaseDC, MessageBeep, LoadStringA, LoadBitmapA, GetWindowLongA, BeginPaint
WINMM.dll: DefDriverProc

[[ 4 export(s) ]]
AboutDialogProc, DllMain, DriverDialogProc, DriverProc
ExifTool:
file metadata
CharacterSet: ASCII
CodeSize: 88576
CompanyName: Intel(R) Corporation
EntryPoint: 0x123c3
FileFlagsMask: 0x003f
FileOS: Windows 16-bit
FileSize: 194 kB
FileSubtype: 8
FileType: Win32 DLL
FileVersionNumber: 3.24.15.3
ImageVersion: 0.0
InitializedDataSize: 109568
InternalName: ir32_32.dll
LanguageCode: English (U.S.)
LegalCopyright: Copyright Intel Corporation 1992-1995
LegalTrademarks: Indeo(R) is a trademark of Intel Corporation
LinkerVersion: 2.55
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 1.0
ObjectFileType: Driver
PEType: PE32
ProductName: Intel Indeo(R) Video R3.2 32-bit Driver
ProductVersion: Version 3.24.15.03
ProductVersionNumber: 3.24.15.3
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2001:08:18 13:50:08+02:00
UninitializedDataSize: 148480

File user32.dll

Code:
File name:
user32.dll
Submission date:
2010-10-26 10:27:13 (UTC)
Current status:
queued (#29) queued (#25) analysing finished
Result:
32/ 43 (74.4%)
       
VT Community

not reviewed
 Safety score: -
Compact
Print results
Antivirus        Version        Last Update        Result
AhnLab-V3        2010.10.26.01        2010.10.26        Win-Trojan/User32Hk
AntiVir        7.10.13.42        2010.10.26        TR/Patched.Gen2
Antiy-AVL        2.0.3.7        2010.10.26        Trojan/Win32.Patched
Authentium        5.2.0.5        2010.10.26        W32/User32Hk.A!Generic
Avast        4.8.1351.0        2010.10.26        Win32:SysPatch
Avast5        5.0.594.0        2010.10.26        Win32:SysPatch
AVG        9.0.0.851        2010.10.26        -
BitDefender        7.2        2010.10.26        Win32.MarioForever.Patched
CAT-QuickHeal        11.00        2010.10.26        Trojan.Patched.AP
ClamAV        0.96.2.0-git        2010.10.26        -
Comodo        6513        2010.10.26        TrojWare.Win32.Patched.F
DrWeb        5.0.2.03300        2010.10.26        -
Emsisoft        5.0.0.50        2010.10.26        Trojan.Win32.Patched!IK
eSafe        7.0.17.0        2010.10.25        -
eTrust-Vet        36.1.7936        2010.10.26        Win32/Pruserinf
F-Prot        4.6.2.117        2010.10.25        W32/User32Hk.A!Generic
F-Secure        9.0.16160.0        2010.10.26        Win32.MarioForever.Patched
Fortinet        4.2.249.0        2010.10.26        W32/Patched.D!tr
GData        21        2010.10.26        Win32.MarioForever.Patched
Ikarus        T3.1.1.90.0        2010.10.26        Trojan.Win32.Patched
Jiangmin        13.0.900        2010.10.26        Win32/PatchFile.bk
K7AntiVirus        9.66.2830        2010.10.25        Trojan
Kaspersky        7.0.0.125        2010.10.26        Trojan.Win32.Patched.gq
McAfee        5.400.0.1158        2010.10.26        Patched User32
McAfee-GW-Edition        2010.1C        2010.10.26        Patched User32
Microsoft        1.6301        2010.10.26        Virus:Win32/Mariofev.A
NOD32        5563        2010.10.26        Win32/Pinit
Norman        6.06.10        2010.10.25        -
nProtect        2010-10-26.01        2010.10.26        Virus/W32.Patched.Q
Panda        10.0.2.7        2010.10.25        W32/Patched.H
PCTools        7.0.3.5        2010.10.26        Trojan.Patched!sd5
Prevx        3.0        2010.10.26        -
Rising        22.71.00.03        2010.10.26        -
Sophos        4.58.0        2010.10.26        Troj/User32Hk-A
Sunbelt        7142        2010.10.26        Trojan.Win32.Patched.dr (v)
SUPERAntiSpyware        4.40.0.1006        2010.10.26        -
Symantec        20101.2.0.161        2010.10.26        -
TheHacker        6.7.0.1.066        2010.10.25        -
TrendMicro        9.120.0.1004        2010.10.26        Possible_Patch-1
TrendMicro-HouseCall        9.120.0.1004        2010.10.26        Possible_Patch-1
VBA32        3.12.14.1        2010.10.25        Trojan.Win32.Patched.gq
ViRobot        2010.10.25.4110        2010.10.26        Win32.Patched.X
VirusBuster        12.70.4.0        2010.10.25        -
Additional information
Show all
MD5  : 2628fb678cc34f42b4e98244075f74c1
SHA1  : 981714086c649fd3e7cf64e3d7b30911b0e3ac0b
SHA256: 686f0fd8e1df7031338f041ad7e00dbc7914c715970d8d4e2567bb800a927814
ssdeep: 6144:QXtUG2qbvmfPYjo6QK86tQGdscawPX10BhTruuGVuKtNYmLlLyUTuyGEDSu3ZmDt:s2++f
sZ86q5caW0VhG86xxcEPZm2nG
File size : 580096 bytes
First seen: 2010-04-01 12:50:03
Last seen : 2010-10-26 10:27:13
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. Alle Rechte vorbehalten.
product......: Betriebssystem Microsoft_ Windows_
description..: Client-DLL f_r Windows XP USER-API
original name: user32
internal name: user32
file version.: 5.1.2600.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0xB217
timedatestamp....: 0x4802BFB7 (Mon Apr 14 02:21:43 2008)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x5F283, 0x5F400, 6.66, f747b131a21761b59fd7b2a066b48e2d
.data, 0x61000, 0x1180, 0xC00, 2.37, 775119e98796af9b8a849dd1f6e4f377
.rsrc, 0x63000, 0x2A7BC, 0x2A800, 5.00, ab0716ca00fe22c6cb46856e79f46656
.reloc, 0x8E000, 0x2DE4, 0x2E00, 6.77, 68ebe5a2d822be0663a3e935b39d0bae

[[ 3 import(s) ]]
GDI32.dll: GetClipRgn, ExtSelectClipRgn, GetHFONT, GetMapMode, SetGraphicsMode, GetClipBox, CreateRectRgn, CreateRectRgnIndirect, SetLayout, GetBoundsRect, ExcludeClipRect, PlayEnhMetaFile, GdiGetBitmapBitsSize, CreatePen, Ellipse, CreateEllipticRgn, GdiFixUpHandle, GetTextCharacterExtra, SetTextCharacterExtra, GetCurrentObject, GetViewportOrgEx, SetViewportOrgEx, PolyPatBlt, CreateBrushIndirect, SetBoundsRect, CopyEnhMetaFileW, CopyMetaFileW, GetPaletteEntries, CreatePalette, SetPaletteEntries, bInitSystemAndFontsDirectoriesW, bMakePathNameW, cGetTTFFromFOT, GetPixel, ExtTextOutA, GetTextCharsetInfo, QueryFontAssocStatus, GetCharWidthInfo, GetCharWidthA, GetTextFaceW, GetCharABCWidthsA, GetCharABCWidthsW, SetBrushOrgEx, CreateFontIndirectW, EnumFontsW, GetTextFaceAliasW, GetTextMetricsW, GetTextColor, GetBkMode, GetViewportExtEx, GetWindowExtEx, GdiGetCharDimensions, GdiGetCodePage, GetTextCharset, GdiPrinterThunk, GdiAddFontResourceW, TranslateCharsetInfo, SaveDC, OffsetWindowOrgEx, RestoreDC, ExtTextOutW, GetObjectType, GetDIBits, CreateDIBSection, SetStretchBltMode, SelectPalette, RealizePalette, SetDIBits, CreateDCW, CreateDIBitmap, CreateCompatibleBitmap, SetBitmapBits, DeleteDC, GdiValidateHandle, GdiDllInitialize, CreateSolidBrush, GetStockObject, CreateCompatibleDC, GdiConvertBitmapV5, GdiCreateLocalEnhMetaFile, GdiCreateLocalMetaFilePict, GetRgnBox, CombineRgn, OffsetRgn, MirrorRgn, EnableEUDC, GdiConvertToDevmodeW, GetTextExtentPointA, GetTextExtentPointW, CreateBitmap, SetLayoutWidth, PatBlt, TextOutA, TextOutW, BitBlt, GdiConvertAndCheckDC, StretchBlt, SetRectRgn, GdiReleaseDC, GdiConvertEnhMetaFile, GdiConvertMetaFilePict, DeleteEnhMetaFile, DeleteMetaFile, DeleteObject, GetDIBColorTable, GetDeviceCaps, StretchDIBits, GetLayout, SetBkColor, SetTextColor, GetObjectW, GetBkColor, SetBkMode, SelectObject, IntersectClipRect, GetTextAlign, SetTextAlign, GdiProcessSetup
KERNEL32.dll: LocalSize, SizeofResource, LoadResource, FindResourceExW, FindResourceExA, GetModuleHandleW, DisableThreadLibraryCalls, GetCurrentThreadId, IsDBCSLeadByteEx, SearchPathW, ExpandEnvironmentStringsW, LoadLibraryExW, GlobalAddAtomW, GetSystemDirectoryW, GetComputerNameW, GetCurrentProcess, GetCurrentThread, ExitThread, GetExitCodeThread, CreateThread, HeapReAlloc, GlobalHandle, FoldStringW, Sleep, GetStringTypeW, GetStringTypeA, GetCPInfo, HeapSize, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, GetFileSize, ReadFile, SetFileTime, GetFileTime, GetSystemWindowsDirectoryW, CopyFileW, MoveFileW, DeleteFileW, CreateProcessW, AddAtomA, AddAtomW, GetAtomNameW, GetAtomNameA, IsValidLocale, ConvertDefaultLocale, CompareStringW, GetCurrentDirectoryW, SetCurrentDirectoryW, lstrlenW, GetLogicalDrives, FindClose, FindNextFileW, FindFirstFileW, GetThreadLocale, ProcessIdToSessionId, GetCurrentProcessId, InterlockedCompareExchange, IsDBCSLeadByte, LCMapStringW, QueryPerformanceCounter, QueryPerformanceFrequency, GetTickCount, lstrlenA, GlobalFindAtomA, GetModuleFileNameA, GetModuleHandleA, GlobalAddAtomA, DelayLoadFailureHook, LoadLibraryA, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, LocalUnlock, LocalLock, LocalReAlloc, GetACP, GetOEMCP, InterlockedIncrement, InterlockedDecrement, SetLastError, GlobalFindAtomW, GlobalAlloc, MultiByteToWideChar, GlobalReAlloc, GetLastError, GetProcAddress, LoadLibraryW, FreeLibrary, lstrcpynW, CreateFileW, WritePrivateProfileStringW, lstrcmpiW, SetEvent, WaitForMultipleObjectsEx, WideCharToMultiByte, GlobalFlags, GetLocaleInfoW, GlobalFree, GetModuleFileNameW, GlobalGetAtomNameW, GlobalGetAtomNameA, InterlockedExchange, DeleteAtom, LocalAlloc, GlobalDeleteAtom, LocalFree, GlobalSize, GlobalLock, GlobalUnlock, GetUserDefaultLCID, HeapAlloc, HeapFree, lstrcpyW, lstrcatW, GetPrivateProfileStringW, RegisterWaitForInputIdle
ntdll.dll: NtQueryVirtualMemory, RtlUnwind, RtlNtStatusToDosError, NlsAnsiCodePage, RtlAllocateHeap, qsort, RtlMultiByteToUnicodeSize, LdrFlushAlternateResourceModules, RtlPcToFileHeader, wcsrchr, NtRaiseHardError, RtlIsNameLegalDOS8Dot3, strrchr, sscanf, NtQueryKey, NtEnumerateValueKey, RtlRunEncodeUnicodeString, RtlRunDecodeUnicodeString, _wcsicmp, CsrAllocateCaptureBuffer, CsrCaptureMessageBuffer, CsrFreeCaptureBuffer, NtOpenThreadToken, NtOpenProcessToken, NtQueryInformationToken, CsrClientCallServer, memmove, NtCallbackReturn, RtlUnicodeToMultiByteSize, RtlActivateActivationContextUnsafeFast, RtlDeactivateActivationContextUnsafeFast, RtlInitializeCriticalSection, NtQuerySystemInformation, swprintf, RtlDeleteCriticalSection, RtlImageNtHeader, CsrClientConnectToServer, NtYieldExecution, NtCreateKey, NtSetValueKey, NtDeleteValueKey, RtlQueryInformationActiveActivationContext, RtlReleaseActivationContext, RtlFreeHeap, wcsncpy, wcscmp, wcstoul, wcscat, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlCreateUnicodeStringFromAsciiz, RtlFreeUnicodeString, NtOpenDirectoryObject, _chkstk, wcscpy, wcsncat, NtSetSecurityObject, NtQuerySecurityObject, NtQueryInformationProcess, wcstol, wcslen, RtlFindActivationContextSectionString, RtlMultiByteToUnicodeN, RtlUnicodeToMultiByteN, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlOpenCurrentUser, NtEnumerateKey, NtOpenKey, NtClose, NtQueryValueKey, RtlInitUnicodeString, RtlUnicodeStringToInteger

[[ 732 export(s) ]]
ActivateKeyboardLayout, AdjustWindowRect, AdjustWindowRectEx, AlignRects, AllowForegroundActivation, AllowSetForegroundWindow, AnimateWindow, AnyPopup, AppendMenuA, AppendMenuW, ArrangeIconicWindows, AttachThreadInput, BeginDeferWindowPos, BeginPaint, BlockInput, BringWindowToTop, BroadcastSystemMessage, BroadcastSystemMessageA, BroadcastSystemMessageExA, BroadcastSystemMessageExW, BroadcastSystemMessageW, BuildReasonArray, CalcMenuBar, CallMsgFilter, CallMsgFilterA, CallMsgFilterW, CallNextHookEx, CallWindowProcA, CallWindowProcW, CascadeChildWindows, CascadeWindows, ChangeClipboardChain, ChangeDisplaySettingsA, ChangeDisplaySettingsExA, ChangeDisplaySettingsExW, ChangeDisplaySettingsW, ChangeMenuA, ChangeMenuW, CharLowerA, CharLowerBuffA, CharLowerBuffW, CharLowerW, CharNextA, CharNextExA, CharNextW, CharPrevA, CharPrevExA, CharPrevW, CharToOemA, CharToOemBuffA, CharToOemBuffW, CharToOemW, CharUpperA, CharUpperBuffA, CharUpperBuffW, CharUpperW, CheckDlgButton, CheckMenuItem, CheckMenuRadioItem, CheckRadioButton, ChildWindowFromPoint, ChildWindowFromPointEx, CliImmSetHotKey, ClientThreadSetup, ClientToScreen, ClipCursor, CloseClipboard, CloseDesktop, CloseWindow, CloseWindowStation, CopyAcceleratorTableA, CopyAcceleratorTableW, CopyIcon, CopyImage, CopyRect, CountClipboardFormats, CreateAcceleratorTableA, CreateAcceleratorTableW, CreateCaret, CreateCursor, CreateDesktopA, CreateDesktopW, CreateDialogIndirectParamA, CreateDialogIndirectParamAorW, CreateDialogIndirectParamW, CreateDialogParamA, CreateDialogParamW, CreateIcon, CreateIconFromResource, CreateIconFromResourceEx, CreateIconIndirect, CreateMDIWindowA, CreateMDIWindowW, CreateMenu, CreatePopupMenu, CreateSystemThreads, CreateWindowExA, CreateWindowExW, CreateWindowStationA, CreateWindowStationW, CsrBroadcastSystemMessageExW, CtxInitUser32, DdeAbandonTransaction, DdeAccessData, DdeAddData, DdeClientTransaction, DdeCmpStringHandles, DdeConnect, DdeConnectList, DdeCreateDataHandle, DdeCreateStringHandleA, DdeCreateStringHandleW, DdeDisconnect, DdeDisconnectList, DdeEnableCallback, DdeFreeDataHandle, DdeFreeStringHandle, DdeGetData, DdeGetLastError, DdeGetQualityOfService, DdeImpersonateClient, DdeInitializeA, DdeInitializeW, DdeKeepStringHandle, DdeNameService, DdePostAdvise, DdeQueryConvInfo, DdeQueryNextServer, DdeQueryStringA, DdeQueryStringW, DdeReconnect, DdeSetQualityOfService, DdeSetUserHandle, DdeUnaccessData, DdeUninitialize, DefDlgProcA, DefDlgProcW, DefFrameProcA, DefFrameProcW, DefMDIChildProcA, DefMDIChildProcW, DefRawInputProc, DefWindowProcA, DefWindowProcW, DeferWindowPos, DeleteMenu, DeregisterShellHookWindow, DestroyAcceleratorTable, DestroyCaret, DestroyCursor, DestroyIcon, DestroyMenu, DestroyReasons, DestroyWindow, DeviceEventWorker, DialogBoxIndirectParamA, DialogBoxIndirectParamAorW, DialogBoxIndirectParamW, DialogBoxParamA, DialogBoxParamW, DisableProcessWindowsGhosting, DispatchMessageA, DispatchMessageW, DisplayExitWindowsWarnings, DlgDirListA, DlgDirListComboBoxA, DlgDirListComboBoxW, DlgDirListW, DlgDirSelectComboBoxExA, DlgDirSelectComboBoxExW, DlgDirSelectExA, DlgDirSelectExW, DragDetect, DragObject, DrawAnimatedRects, DrawCaption, DrawCaptionTempA, DrawCaptionTempW, DrawEdge, DrawFocusRect, DrawFrame, DrawFrameControl, DrawIcon, DrawIconEx, DrawMenuBar, DrawMenuBarTemp, DrawStateA, DrawStateW, DrawTextA, DrawTextExA, DrawTextExW, DrawTextW, EditWndProc, EmptyClipboard, EnableMenuItem, EnableScrollBar, EnableWindow, EndDeferWindowPos, EndDialog, EndMenu, EndPaint, EndTask, EnterReaderModeHelper, EnumChildWindows, EnumClipboardFormats, EnumDesktopWindows, EnumDesktopsA, EnumDesktopsW, EnumDisplayDevicesA, EnumDisplayDevicesW, EnumDisplayMonitors, EnumDisplaySettingsA, EnumDisplaySettingsExA, EnumDisplaySettingsExW, EnumDisplaySettingsW, EnumPropsA, EnumPropsExA, EnumPropsExW, EnumPropsW, EnumThreadWindows, EnumWindowStationsA, EnumWindowStationsW, EnumWindows, EqualRect, ExcludeUpdateRgn, ExitWindowsEx, FillRect, FindWindowA, FindWindowExA, FindWindowExW, FindWindowW, FlashWindow, FlashWindowEx, FrameRect, FreeDDElParam, GetActiveWindow, GetAltTabInfo, GetAltTabInfoA, GetAltTabInfoW, GetAncestor, GetAppCompatFlags, GetAppCompatFlags2, GetAsyncKeyState, GetCapture, GetCaretBlinkTime, GetCaretPos, GetClassInfoA, GetClassInfoExA, GetClassInfoExW, GetClassInfoW, GetClassLongA, GetClassLongW, GetClassNameA, GetClassNameW, GetClassWord, GetClientRect, GetClipCursor, GetClipboardData, GetClipboardFormatNameA, GetClipboardFormatNameW, GetClipboardOwner, GetClipboardSequenceNumber, GetClipboardViewer, GetComboBoxInfo, GetCursor, GetCursorFrameInfo, GetCursorInfo, GetCursorPos, GetDC, GetDCEx, GetDesktopWindow, GetDialogBaseUnits, GetDlgCtrlID, GetDlgItem, GetDlgItemInt, GetDlgItemTextA, GetDlgItemTextW, GetDoubleClickTime, GetFocus, GetForegroundWindow, GetGUIThreadInfo, GetGuiResources, GetIconInfo, GetInputDesktop, GetInputState, GetInternalWindowPos, GetKBCodePage, GetKeyNameTextA, GetKeyNameTextW, GetKeyState, GetKeyboardLayout, GetKeyboardLayoutList, GetKeyboardLayoutNameA, GetKeyboardLayoutNameW, GetKeyboardState, GetKeyboardType, GetLastActivePopup, GetLastInputInfo, GetLayeredWindowAttributes, GetListBoxInfo, GetMenu, GetMenuBarInfo, GetMenuCheckMarkDimensions, GetMenuContextHelpId, GetMenuDefaultItem, GetMenuInfo, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuItemInfoW, GetMenuItemRect, GetMenuState, GetMenuStringA, GetMenuStringW, GetMessageA, GetMessageExtraInfo, GetMessagePos, GetMessageTime, GetMessageW, GetMonitorInfoA, GetMonitorInfoW, GetMouseMovePointsEx, GetNextDlgGroupItem, GetNextDlgTabItem, GetOpenClipboardWindow, GetParent, GetPriorityClipboardFormat, GetProcessDefaultLayout, GetProcessWindowStation, GetProgmanWindow, GetPropA, GetPropW, GetQueueStatus, GetRawInputBuffer, GetRawInputData, GetRawInputDeviceInfoA, GetRawInputDeviceInfoW, GetRawInputDeviceList, GetReasonTitleFromReasonCode, GetRegisteredRawInputDevices, GetScrollBarInfo, GetScrollInfo, GetScrollPos, GetScrollRange, GetShellWindow, GetSubMenu, GetSysColor, GetSysColorBrush, GetSystemMenu, GetSystemMetrics, GetTabbedTextExtentA, GetTabbedTextExtentW, GetTaskmanWindow, GetThreadDesktop, GetTitleBarInfo, GetTopWindow, GetUpdateRect, GetUpdateRgn, GetUserObjectInformationA, GetUserObjectInformationW, GetUserObjectSecurity, GetWinStationInfo, GetWindow, GetWindowContextHelpId, GetWindowDC, GetWindowInfo, GetWindowLongA, GetWindowLongW, GetWindowModuleFileName, GetWindowModuleFileNameA, GetWindowModuleFileNameW, GetWindowPlacement, GetWindowRect, GetWindowRgn, GetWindowRgnBox, GetWindowTextA, GetWindowTextLengthA, GetWindowTextLengthW, GetWindowTextW, GetWindowThreadProcessId, GetWindowWord, GrayStringA, GrayStringW, HideCaret, HiliteMenuItem, IMPGetIMEA, IMPGetIMEW, IMPQueryIMEA, IMPQueryIMEW, IMPSetIMEA, IMPSetIMEW, ImpersonateDdeClientWindow, InSendMessage, InSendMessageEx, InflateRect, InitializeLpkHooks, InitializeWin32EntryTable, InsertMenuA, InsertMenuItemA, InsertMenuItemW, InsertMenuW, InternalGetWindowText, IntersectRect, InvalidateRect, InvalidateRgn, InvertRect, IsCharAlphaA, IsCharAlphaNumericA, IsCharAlphaNumericW, IsCharAlphaW, IsCharLowerA, IsCharLowerW, IsCharUpperA, IsCharUpperW, IsChild, IsClipboardFormatAvailable, IsDialogMessage, IsDialogMessageA, IsDialogMessageW, IsDlgButtonChecked, IsGUIThread, IsHungAppWindow, IsIconic, IsMenu, IsRectEmpty, IsServerSideWindow, IsWinEventHookInstalled, IsWindow, IsWindowEnabled, IsWindowInDestroy, IsWindowUnicode, IsWindowVisible, IsZoomed, KillSystemTimer, KillTimer, LoadAcceleratorsA, LoadAcceleratorsW, LoadBitmapA, LoadBitmapW, LoadCursorA, LoadCursorFromFileA, LoadCursorFromFileW, LoadCursorW, LoadIconA, LoadIconW, LoadImageA, LoadImageW, LoadKeyboardLayoutA, LoadKeyboardLayoutEx, LoadKeyboardLayoutW, LoadLocalFonts, LoadMenuA, LoadMenuIndirectA, LoadMenuIndirectW, LoadMenuW, LoadRemoteFonts, LoadStringA, LoadStringW, LockSetForegroundWindow, LockWindowStation, LockWindowUpdate, LockWorkStation, LookupIconIdFromDirectory, LookupIconIdFromDirectoryEx, MBToWCSEx, MB_GetString, MapDialogRect, MapVirtualKeyA, MapVirtualKeyExA, MapVirtualKeyExW, MapVirtualKeyW, MapWindowPoints, MenuItemFromPoint, MenuWindowProcA, MenuWindowProcW, MessageBeep, MessageBoxA, MessageBoxExA, MessageBoxExW, MessageBoxIndirectA, MessageBoxIndirectW, MessageBoxTimeoutA, MessageBoxTimeoutW, MessageBoxW, ModifyMenuA, ModifyMenuW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow, MoveWindow, MsgWaitForMultipleObjects, MsgWaitForMultipleObjectsEx, NotifyWinEvent, OemKeyScan, OemToCharA, OemToCharBuffA, OemToCharBuffW, OemToCharW, OffsetRect, OpenClipboard, OpenDesktopA, OpenDesktopW, OpenIcon, OpenInputDesktop, OpenWindowStationA, OpenWindowStationW, PackDDElParam, PaintDesktop, PaintMenuBar, PeekMessageA, PeekMessageW, PostMessageA, PostMessageW, PostQuitMessage, PostThreadMessageA, PostThreadMessageW, PrintWindow, PrivateExtractIconExA, PrivateExtractIconExW, PrivateExtractIconsA, PrivateExtractIconsW, PrivateSetDbgTag, PrivateSetRipFlags, PtInRect, QuerySendMessage, QueryUserCounters, RealChildWindowFromPoint, RealGetWindowClass, RealGetWindowClassA, RealGetWindowClassW, ReasonCodeNeedsBugID, ReasonCodeNeedsComment, RecordShutdownReason, RedrawWindow, RegisterClassA, RegisterClassExA, RegisterClassExW, RegisterClassW, RegisterClipboardFormatA, RegisterClipboardFormatW, RegisterDeviceNotificationA, RegisterDeviceNotificationW, RegisterHotKey, RegisterLogonProcess, RegisterMessagePumpHook, RegisterRawInputDevices, RegisterServicesProcess, RegisterShellHookWindow, RegisterSystemThread, RegisterTasklist, RegisterUserApiHook, RegisterWindowMessageA, RegisterWindowMessageW, ReleaseCapture, ReleaseDC, RemoveMenu, RemovePropA, RemovePropW, ReplyMessage, ResolveDesktopForWOW, ReuseDDElParam, ScreenToClient, ScrollChildren, ScrollDC, ScrollWindow, ScrollWindowEx, SendDlgItemMessageA, SendDlgItemMessageW, SendIMEMessageExA, SendIMEMessageExW, SendInput, SendMessageA, SendMessageCallbackA, SendMessageCallbackW, SendMessageTimeoutA, SendMessageTimeoutW, SendMessageW, SendNotifyMessageA, SendNotifyMessageW, SetActiveWindow, SetCapture, SetCaretBlinkTime, SetCaretPos, SetClassLongA, SetClassLongW, SetClassWord, SetClipboardData, SetClipboardViewer, SetConsoleReserveKeys, SetCursor, SetCursorContents, SetCursorPos, SetDebugErrorLevel, SetDeskWallpaper, SetDlgItemInt, SetDlgItemTextA, SetDlgItemTextW, SetDoubleClickTime, SetFocus, SetForegroundWindow, SetInternalWindowPos, SetKeyboardState, SetLastErrorEx, SetLayeredWindowAttributes, SetLogonNotifyWindow, SetMenu, SetMenuContextHelpId, SetMenuDefaultItem, SetMenuInfo, SetMenuItemBitmaps, SetMenuItemInfoA, SetMenuItemInfoW, SetMessageExtraInfo, SetMessageQueue, SetParent, SetProcessDefaultLayout, SetProcessWindowStation, SetProgmanWindow, SetPropA, SetPropW, SetRect, SetRectEmpty, SetScrollInfo, SetScrollPos, SetScrollRange, SetShellWindow, SetShellWindowEx, SetSysColors, SetSysColorsTemp, SetSystemCursor, SetSystemMenu, SetSystemTimer, SetTaskmanWindow, SetThreadDesktop, SetTimer, SetUserObjectInformationA, SetUserObjectInformationW, SetUserObjectSecurity, SetWinEventHook, SetWindowContextHelpId, SetWindowLongA, SetWindowLongW, SetWindowPlacement, SetWindowPos, SetWindowRgn, SetWindowStationUser, SetWindowTextA, SetWindowTextW, SetWindowWord, SetWindowsHookA, SetWindowsHookExA, SetWindowsHookExW, SetWindowsHookW, ShowCaret, ShowCursor, ShowOwnedPopups, ShowScrollBar, ShowStartGlass, ShowWindow, ShowWindowAsync, SoftModalMessageBox, SubtractRect, SwapMouseButton, SwitchDesktop, SwitchToThisWindow, SystemParametersInfoA, SystemParametersInfoW, TabbedTextOutA, TabbedTextOutW, TileChildWindows, TileWindows, ToAscii, ToAsciiEx, ToUnicode, ToUnicodeEx, TrackMouseEvent, TrackPopupMenu, TrackPopupMenuEx, TranslateAccelerator, TranslateAcceleratorA, TranslateAcceleratorW, TranslateMDISysAccel, TranslateMessage, TranslateMessageEx, UnhookWinEvent, UnhookWindowsHook, UnhookWindowsHookEx, UnionRect, UnloadKeyboardLayout, UnlockWindowStation, UnpackDDElParam, UnregisterClassA, UnregisterClassW, UnregisterDeviceNotification, UnregisterHotKey, UnregisterMessagePumpHook, UnregisterUserApiHook, UpdateLayeredWindow, UpdatePerUserSystemParameters, UpdateWindow, User32InitializeImmEntryTable, UserClientDllInitialize, UserHandleGrantAccess, UserLpkPSMTextOut, UserLpkTabbedTextOut, UserRealizePalette, UserRegisterWowHandlers, VRipOutput, VTagOutput, ValidateRect, ValidateRgn, VkKeyScanA, VkKeyScanExA, VkKeyScanExW, VkKeyScanW, WCSToMBEx, WINNLSEnableIME, WINNLSGetEnableStatus, WINNLSGetIMEHotkey, WaitForInputIdle, WaitMessage, Win32PoolAllocationStats, WinHelpA, WinHelpW, WindowFromDC, WindowFromPoint, keybd_event, mouse_event, wsprintfA, wsprintfW, wvsprintfA, wvsprintfW
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 390144
CompanyName: Microsoft Corporation
EntryPoint: 0xb217
FileDescription: Client-DLL f r Windows XP USER-API
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 566 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 5.1.2600.5512 (xpsp.080413-2105)
FileVersionNumber: 5.1.2600.5512
ImageVersion: 5.1
InitializedDataSize: 188928
InternalName: user32
LanguageCode: German
LegalCopyright: Microsoft Corporation. Alle Rechte vorbehalten.
LinkerVersion: 7.1
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.1
ObjectFileType: Dynamic link library
OriginalFilename: user32
PEType: PE32
ProductName: Betriebssystem Microsoft Windows
ProductVersion: 5.1.2600.5512
ProductVersionNumber: 5.1.2600.5512
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2008:04:14 04:21:43+02:00
UninitializedDataSize: 0
Warning: Possibly corrupt Version resource

File winlogon.exe
Code:
File name:
winlogon.exe
Submission date:
2010-10-26 10:30:19 (UTC)
Current status:
queued (#36) queued analysing finished
Result:
25/ 43 (58.1%)
       
VT Community

not reviewed
 Safety score: -
Compact
Print results
Antivirus        Version        Last Update        Result
AhnLab-V3        2010.10.26.01        2010.10.26        -
AntiVir        7.10.13.42        2010.10.26        TR/Spy.513024.22
Antiy-AVL        2.0.3.7        2010.10.26        Trojan/Win32.Patched.gen
Authentium        5.2.0.5        2010.10.26        W32/Bamital.C
Avast        4.8.1351.0        2010.10.26        Win32:Bamital-AE
Avast5        5.0.594.0        2010.10.26        Win32:Bamital-AE
AVG        9.0.0.851        2010.10.26        -
BitDefender        7.2        2010.10.26        Trojan.Patched.GM
CAT-QuickHeal        11.00        2010.10.26        -
ClamAV        0.96.2.0-git        2010.10.26        Trojan.Patched-155
Comodo        6513        2010.10.26        TrojWare.Win32.Patched.kl
DrWeb        5.0.2.03300        2010.10.26        Win32.Dat.12
Emsisoft        5.0.0.50        2010.10.26        -
eSafe        7.0.17.0        2010.10.25        -
eTrust-Vet        36.1.7936        2010.10.26        Win32/Bamital.AP
F-Prot        4.6.2.117        2010.10.25        W32/Bamital.C
F-Secure        9.0.16160.0        2010.10.26        Trojan.Patched.GM
Fortinet        4.2.249.0        2010.10.26        -
GData        21        2010.10.26        Trojan.Patched.GM
Ikarus        T3.1.1.90.0        2010.10.26        -
Jiangmin        13.0.900        2010.10.26        TrojanDownloader.Small.atpv
K7AntiVirus        9.66.2830        2010.10.25        Virus
Kaspersky        7.0.0.125        2010.10.26        Trojan.Win32.Patched.kl
McAfee        5.400.0.1158        2010.10.26        W32/Bamital.a
McAfee-GW-Edition        2010.1C        2010.10.26        -
Microsoft        1.6301        2010.10.26        Virus:Win32/Bamital.F
NOD32        5563        2010.10.26        Win32/Bamital.EL
Norman        6.06.10        2010.10.25        -
nProtect        2010-10-26.01        2010.10.26        Trojan-Downloader/W32.Small.513024
Panda        10.0.2.7        2010.10.25        -
PCTools        7.0.3.5        2010.10.26        Trojan.Bamital
Prevx        3.0        2010.10.26        -
Rising        22.71.00.03        2010.10.26        -
Sophos        4.58.0        2010.10.26        Troj/Patched-O
Sunbelt        7142        2010.10.26        Virus.Win32.Bamital.c (v)
SUPERAntiSpyware        4.40.0.1006        2010.10.26        -
Symantec        20101.2.0.161        2010.10.26        Trojan.Bamital!inf
TheHacker        6.7.0.1.066        2010.10.25        -
TrendMicro        9.120.0.1004        2010.10.26        -
TrendMicro-HouseCall        9.120.0.1004        2010.10.26        -
VBA32        3.12.14.1        2010.10.25        -
ViRobot        2010.10.25.4110        2010.10.26        Win32.Patched.AF.C
VirusBuster        12.70.4.0        2010.10.25        -
Additional information
Show all
MD5  : 1a6adb86b0fd7e1822baa78d258bc73f
SHA1  : 0196f33420d472c2e98bcc28ed2ffb5586b0d4a6
SHA256: 698d40e89804fac605b23355c1d343c618f9124a119dd359c20b0af82844f24d
ssdeep: 6144:nNZlxEdL5RvGlcHF37newMLao6nynKHOD13XRnCfOVSePfLtisgZYlI:odz+lcDKao6ncK
HsRqOMgxZgJ
File size : 513024 bytes
First seen: 2010-10-26 10:30:19
Last seen : 2010-10-26 10:30:19
TrID:
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. Alle Rechte vorbehalten.
product......: Betriebssystem Microsoft_ Windows_
description..: Windows NT-Anmeldung
original name: WINLOGON.EXE
internal name: winlogon
file version.: 5.1.2600.5512 (xpsp.080413-2113)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x3E5E1
timedatestamp....: 0x48027549 (Sun Apr 13 21:04:09 2008)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x70991, 0x70A00, 6.82, e052c1e95daf74468b413f7e681045ea
.data, 0x72000, 0x4E70, 0x2000, 6.28, 44bd27282514b5e3a27b570106930d8d
.rsrc, 0x77000, 0xA570, 0xA600, 3.73, a208013369b967cddeb11c1aa535162c

[[ 20 import(s) ]]
ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA
AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle
CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx
GDI32.dll: RemoveFontResourceW, AddFontResourceW
KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, ExpandEnvironmentStringsW, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, GetVersionExA, DuplicateHandle, OpenProcess, GetOverlappedResult, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, TlsGetValue, DeleteCriticalSection, TlsAlloc, VirtualFree, TlsFree
msvcrt.dll: wcslen, _vsnwprintf, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp
NDdeApi.dll: -, -, -, -
ntdll.dll: RtlSubAuthoritySid, RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtSetInformationProcess, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlInitString, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlGetNtProductType, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtOpenDirectoryObject
PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW
PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW
REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery
RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate
Secur32.dll: LsaCallAuthenticationPackage, GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess
SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW
USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, GetMessageTime, SetTimer, SetLogonNotifyWindow, UnlockWindowStation, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, RegisterClassW, SetCursor, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, KillTimer, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, DefWindowProcW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW
USERENV.dll: -, WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, -, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, GetUserProfileDirectoryW
VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, _WinStationNotifyLogoff, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon
WINTRUST.dll: CryptCATAdminEnumCatalogFromHash, CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext
WS2_32.dll: -, -, getaddrinfo
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 461312
CompanyName: Microsoft Corporation
EntryPoint: 0x3e5e1
FileDescription: Windows NT-Anmeldung
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 501 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 5.1.2600.5512 (xpsp.080413-2113)
FileVersionNumber: 5.1.2600.5512
ImageVersion: 21315.20512
InitializedDataSize: 50688
InternalName: winlogon
LanguageCode: German
LegalCopyright: Microsoft Corporation. Alle Rechte vorbehalten.
LinkerVersion: 187.7
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.1
ObjectFileType: Executable application
OriginalFilename: WINLOGON.EXE
PEType: PE32
ProductName: Betriebssystem Microsoft Windows
ProductVersion: 5.1.2600.5512
ProductVersionNumber: 5.1.2600.5512
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2008:04:13 23:04:09+02:00
UninitializedDataSize: 0
Warning: Possibly corrupt Version resource
File ws2_32.dll

Code:
File name:
WS2_32.dll
Submission date:
2010-10-26 10:34:11 (UTC)
Current status:
queued queued (#36) analysing finished
Result:
0/ 42 (0.0%)

Bob003 26.10.2010 11:41
Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
 
User: All Users
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Administrator
->Temp folder emptied: 1602012 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 29420 bytes
->FireFox cache emptied: 49022514 bytes
->Flash cache emptied: 2096 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2771214 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 51,00 mb
 
 
OTL by OldTimer - Version 3.2.17.1 log created on 10262010_123718

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Bob003 26.10.2010 12:00
Prevx 3.0 for Home and Family,
hat nix gefunden.

Chris4You 26.10.2010 12:22
Hi,

nach wie vor sind die OS-Teile verseucht..
Code:
C:\WINDOWS\System32\dllcache\user32.dll
C:\WINDOWS\system32\winlogon.exe
Habe hier ein passendes Systeme (XP, SP3), werde von zuhause was machen heute Abend (wenn ich dazu komme). Wir werden die zwei Dateien austauschen... (eigentlich nur eine...)..

Lade schon mal das Teil hier runter:
Lade das Programm von hier runter http://www3.telus.net/_/replacer/Replacer.zip
Entpacke das Programm in ein eigenes Verzeichns C:\replacer.

Der Rest folgt dann heute abend!

chris

Chris4You 26.10.2010 18:53
Hi,

so, habe saubere Versionen hier hochgeladen, bitte runterladen und in das Verzeichnis (C:\Replacer) das wir angelegt haben entpacken...
File-Upload.net - WinLogonUser32.zip

In dem Verzeichnis musst Du jetzt die Dateien

user32.dll
winlogon.exe

vorfinden (prüfe das).

Als erstes löschen wir das Verzeichnis:
C:\WINDOWS\System32\dllcache
und damit die defekte user32.dll.

Nach dem Start plazierst Du per Drag-and-Drop aus dem Explorer heraus
die Datei die ersetzt werde soll in das Fenster vom Replacer,
der Pfad mit Datei wird zur Sicherheit angezeigt,mit Return weiter.
Im nächsten Schritt wirst Du aufgefordert die neue Datei per
Drag-and-Drop in das Fenster zu übergeben, auch das wird noch mal
angezeigt, mit Return bestätigen.
Es wird nun zur Sicherheit angezeigt, welche Datei durch welche
ersetzt wird. Das mit y bestätigen und nach Abschluß des
Backups (was der Replacer durchführt) q eingeben, dass Fenster
schließt sich, jetzt den Rechner neu starten.

Soweit klar? Keine Fehler jetzt, das System bootet dann nicht mehr!

Also im Explorer zur ersten Datei in das Verzeichnis C:\WINDOWS\system32 navigieren und dort die Datei winlogon.exe per Mouse in das Replacer-Fenster ziehen, fallen lasse. Die Datei wird zur Sicherheit mit Pfadangabe noch mal vom Replacer angezeigt und Return drücken. Jetzt mit dem Explorer zur sauberen Datei in das C:\Replacer-Verzeichnis wechseln und dort mit der Mouse die winlogon.exe in das Replacer-Fenster ziehen und fallen lassen.

Du wirst nun gefragt ob er weitermachen soll, y bestätigen und nach Abschluß des Backups (was der Replacer durchführt) q eingeben, dass Fenster schließt sich, jetzt den Rechner manuell neu starten.

Dann das gleiche wiederholen mit der user32.dll und wieder neu starten.

Damit sollen die Dateien durch saubere ersetzt worden sein...

Dann Cureit updaten und noch mal laufen lassen...

chris

Bob003 27.10.2010 11:19
Code:
Als erstes löschen wir das Verzeichnis:
C:\WINDOWS\System32\dllcache
und damit die defekte user32.dll.
Solch ein Ordner finde ich bei mir nicht,

User32.dll befindet sich :
C:\Windows\System32
C:\Windows\ERDNT/cache
C:\Windows\ServicesPackFiles\i386

Welches davon soll ich löschen?

Chris4You 27.10.2010 12:55
Hi,

davon bitte keine...

Die hier wäre es gewesen:
C:\WINDOWS\System32\dllcache\user32.dll

Tausche auf jeden Fall die winlogon.exe wie beschrieben aus!

chris

Bob003 27.10.2010 21:47
Code:
C:\WINDOWS\System32\dllcache\user32.dll
Ein dllcache ordner sehe ich leider nicht.

Bob003 27.10.2010 21:49
Jetzt habe ich nochmal nachgedacht,ich hatte bei der Ordneroption/Ansicht das häkchen noch drin;)

Nun lege ich mal los damit.

Ich kann übrigens leider nicht immer so rasch antworten weil ich nebenbei noch arbeiten muss,ich sage aber hiermit schon mal DANKE für deine Unterstützung.

Chris4You 28.10.2010 06:23
Hi,

das muss ich auch ;o)...

chris

Bob003 29.10.2010 09:20
So hat alles bestens geklappt.DANKE dir für die ausführlichen anleitungen.

Welches Antiviren Programm kannst du mir denn für die Zunkunft empfehlen,was im hintergrund arbeitet oder ne Firewall?

Chris4You 30.10.2010 15:04
Hi,

Rechner absichern:
Zusätzlich zu Avira und der Windows-Firewall noch Threadfire-free Herunterladen Kostenlos).
Zum Surfen Firefox mit den PlugIns "WOT" (http://filepony.de/?q=WOT) und
"NoScript" (http://filepony.de/download-noscript//)) verwenden,
einen "Guest"-Account (keine Adminrechte! XP: (Schritt 6: Eingeschränkte Rechte für Viren - Schritt für Schritt: Windows XP absichern - CHIP Online,
Vista/Win7: Windows-7-Anleitung: Benutzerkonten anlegen und verwalten - NETZWELT) anlegen.

chris


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:18 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19