Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   40 TAN trojaner - selbe symptone wieder bereits beschrieben (https://www.trojaner-board.de/89376-40-tan-trojaner-selbe-symptone-bereits-beschrieben.html)

lekakapo 11.08.2010 16:22
40 TAN trojaner - selbe symptone wieder bereits beschrieben
 
Hallo,
habe anscheinend den gleichen Trojaner den andere Nuter bereits beschrieben haben.
-40 TAN -abfrage
- ^^ bei einmaligem Drücken der Taste
Außerdem sehen die Suchfelder bei google oder die meisten Passworteingabefelder plötzlich etwas kleiner aus und die Schrift ist eher grau geworden.

Weitere Infos: Benutze XP und Firefox.

Habe bereits den OTL Scan durchgeführt. Hier das Ergebniss:OTL Logfile:
Code:
OTL logfile created on: 11.08.2010 17:02:22 - Run 3
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
502,00 Mb Total Physical Memory | 134,00 Mb Available Physical Memory | 27,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 9,03 Gb Free Space | 12,12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 534,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CompNa
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Programme\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Programme\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
PRC - C:\Programme\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)
PRC - C:\Programme\Toshiba\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
PRC - C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Programme\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIADE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\symwsc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\system32\brss01a.exe (brother Industries Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Remote Plugins Manager) -- C:\WINDOWS\System32\svshost.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AntiVirService) -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (AntiVirScheduler) -- C:\Programme\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ANIWZCSdService) -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Alpha Networks Inc.)
SRV - (SymWSC) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (GKOTMOUT) -- C:\WINDOWS\System32\gkotmout.hvy File not found
DRV - (catchme) -- C:\DOKUME~1\***\LOKALE~1\Temp\catchme.sys File not found
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (avgntflt) -- C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (V0220Dev) -- C:\WINDOWS\system32\drivers\V0220Dev.sys (Creative Technology Ltd.)
DRV - (V0220Vfx) -- C:\WINDOWS\system32\drivers\V0220Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (TPwSav) -- C:\WINDOWS\system32\drivers\TPwSav.sys (TOSHIBA )
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\Tosrfec.sys (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI)
DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI)
DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (d347prt) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (d347bus) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (SrvcSSIOMngr) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys (COMPAL ELECTRONIC INC.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (Cdr4vsd) -- C:\WINDOWS\System32\drivers\CDR4VSD.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\..\URLSearchHook: {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (Ask.com)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbuE3\toolbaru.dll (IE Toolbar)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.20 21:35:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.11 10:34:18 | 000,000,000 | ---D | M]
 
[2008.09.10 01:06:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2007.05.23 22:03:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\9yb2164h.default\extensions
[2010.08.11 14:43:52 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.04.02 13:12:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.04.02 13:12:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.04.02 13:12:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.04.02 13:12:42 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.04.02 13:12:42 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.11 15:41:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\tbuE3\toolbaru.dll (IE Toolbar)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Search Assistant BHO) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (Ask.com)
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - No CLSID value found.
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - No CLSID value found.
O2 - BHO: (no name) - {1b68470c-2def-493b-8a4a-8e2d81be4ea5} - No CLSID value found.
O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - No CLSID value found.
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - No CLSID value found.
O2 - BHO: (no name) - {2e246fae-8420-11d9-870d-000c2917de7f} - No CLSID value found.
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - No CLSID value found.
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Burn4Free Toolbar Helper) - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Programme\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll ()
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - No CLSID value found.
O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - No CLSID value found.
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - No CLSID value found.
O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - No CLSID value found.
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - No CLSID value found.
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - No CLSID value found.
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - No CLSID value found.
O2 - BHO: (no name) - {9c5875b8-93f3-429d-ff34-660b206d897a} - No CLSID value found.
O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - No CLSID value found.
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - No CLSID value found.
O2 - BHO: (no name) - {b212d577-05b7-4963-911e-4a8588160dfa} - No CLSID value found.
O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - No CLSID value found.
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - No CLSID value found.
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - No CLSID value found.
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - No CLSID value found.
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Ask Toolbar BHO) - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - No CLSID value found.
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Programme\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbuE3\toolbaru.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (Ask Toolbar) - {F4D76F09-7896-458A-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbuE3\toolbaru.dll (IE Toolbar)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F4D76F09-7896-458A-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CeEKEY] C:\Programme\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [CFSServ.exe]  File not found
O4 - HKLM..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HWSetup] C:\Programme\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [PadTouch] C:\Programme\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPNF] C:\Programme\Toshiba\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [Tvs] C:\Programme\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [{0A6455A2-9632-B24D-593E-0CC0268980F9}] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buofo\cizyb.exe (fres)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe File not found
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [Veoh] C:\Programme\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKCU..\RunOnce: [FFTI] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\9yb2164h.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ICQ Toolbar Search - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunApp.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.225 83.169.186.225 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2005.09.12 13:08:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002.09.23 13:00:00 | 000,000,000 | R--D | M] - E:\autorun -- [ CDFS ]
O32 - AutoRun File - [2002.09.23 13:00:00 | 000,053,248 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002.09.23 13:00:00 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{06685abc-569a-11dd-bb5a-000fb0a253be}\Shell\AutoRun\command - "" = F:\nideiect.com -- File not found
O33 - MountPoints2\{06685abc-569a-11dd-bb5a-000fb0a253be}\Shell\explore\Command - "" = F:\nideiect.com -- File not found
O33 - MountPoints2\{06685abc-569a-11dd-bb5a-000fb0a253be}\Shell\open\Command - "" = F:\nideiect.com -- File not found
O33 - MountPoints2\{06685abd-569a-11dd-bb5a-000fb0a253be}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe
O33 - MountPoints2\{06685abd-569a-11dd-bb5a-000fb0a253be}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe
O33 - MountPoints2\{18d7c885-6dd8-11df-bc34-000fb0a253be}\Shell\AutoRun\command - "" = F:\Menu.exe -- File not found
O33 - MountPoints2\{5480ee07-545b-11da-b941-000fb09ed58f}\Shell - "" = AutoRun
O33 - MountPoints2\{5480ee07-545b-11da-b941-000fb09ed58f}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{5480ee07-545b-11da-b941-000fb09ed58f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8cbb855c-2def-11df-bc15-000fb0a253be}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- [2002.09.23 13:00:00 | 000,053,248 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 7 Days ==========
 
[2010.08.11 11:04:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.11 10:49:54 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.08.11 00:27:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\ihnlg(2)
[2010.08.09 12:49:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McPoker
[2010.08.09 12:38:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\McPoker
[2010.08.09 12:38:19 | 000,000,000 | ---D | C] -- C:\Programme\McPoker
[2006.11.15 00:10:03 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2006.11.15 00:10:03 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
 
========== Files - Modified Within 7 Days ==========
 
[2010.08.11 16:34:48 | 000,028,672 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Gesetzliche Grundlagen ne.doc
[2010.08.11 16:32:02 | 000,017,920 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\aufgabenPROJEKT.doc
[2010.08.11 16:27:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.11 16:26:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.11 16:26:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.11 16:26:17 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.11 16:25:22 | 008,912,896 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.08.11 16:25:22 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.08.11 15:59:31 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2010.08.11 15:41:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010.08.11 15:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010.08.11 14:25:47 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\~$setzliche Grundlagen.doc
[2010.08.11 10:49:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.08.11 01:23:44 | 000,026,624 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Gesetzliche Grundlagen.doc
[2010.08.09 13:27:33 | 000,000,035 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\WUPDATE.INI
[2010.08.09 12:38:36 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\McPoker.lnk
[2010.08.09 12:37:58 | 004,998,168 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\McPokerSetup.exe
[2010.08.06 18:14:21 | 009,830,454 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\dino500.bmp
 
========== Files Created - No Company Name ==========
 
[2010.08.11 16:34:48 | 000,028,672 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Gesetzliche Grundlagen ne.doc
[2010.08.11 16:32:01 | 000,017,920 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\aufgabenPROJEKT.doc
[2010.08.11 16:00:07 | 000,000,708 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_disable.log
[2010.08.11 15:59:31 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2010.08.11 14:25:47 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\~$setzliche Grundlagen.doc
[2010.08.10 14:35:14 | 000,026,624 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Gesetzliche Grundlagen.doc
[2010.08.09 12:45:02 | 000,000,035 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\WUPDATE.INI
[2010.08.09 12:38:36 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\McPoker.lnk
[2010.08.09 12:37:12 | 004,998,168 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\McPokerSetup.exe
[2010.08.06 18:14:11 | 009,830,454 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\dino500.bmp
[2008.09.01 08:43:51 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007.10.28 14:55:03 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2007.10.23 13:43:12 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007.10.23 13:43:12 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007.06.18 22:52:49 | 000,000,148 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2007.01.06 21:01:33 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007.01.06 21:01:33 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2007.01.06 21:01:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007.01.06 21:01:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007.01.06 21:01:26 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2007.01.06 21:01:26 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2007.01.06 21:01:25 | 000,009,013 | ---- | C] () -- C:\WINDOWS\HL-2030.INI
[2007.01.06 21:00:55 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006.11.28 13:23:25 | 000,224,768 | ---- | C] () -- C:\WINDOWS\System32\b4fm.dll
[2006.11.23 13:44:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2006.11.06 03:29:45 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006.10.18 13:29:22 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\performent202.dll
[2006.10.18 13:29:21 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\win32hp.dll
[2006.10.18 13:29:17 | 000,012,544 | ---- | C] () -- C:\WINDOWS\spp3.dll
[2006.10.18 13:29:05 | 000,030,208 | ---- | C] () -- C:\WINDOWS\inetdctr.dll
[2006.09.21 22:06:32 | 000,000,433 | ---- | C] () -- C:\WINDOWS\mp3wavsolutions.INI
[2006.06.20 13:07:03 | 000,001,024 | ---- | C] () -- C:\WINDOWS\ppengine.ini
[2005.12.02 09:44:29 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2005.11.20 19:17:20 | 000,287,744 | ---- | C] () -- C:\WINDOWS\uno364mi.dll
[2005.11.20 19:17:20 | 000,109,568 | ---- | C] () -- C:\WINDOWS\vos364mi.dll
[2005.11.20 19:17:20 | 000,091,648 | ---- | C] () -- C:\WINDOWS\osl364mi.dll
[2005.11.20 19:17:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\uno.ini
[2005.11.20 19:16:11 | 000,002,423 | ---- | C] () -- C:\WINDOWS\tonlinst.ini
[2005.11.20 19:15:58 | 000,051,712 | ---- | C] () -- C:\WINDOWS\wc98pp.dll
[2005.11.13 14:56:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005.09.15 09:34:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.09.15 09:17:04 | 000,000,466 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2005.09.15 08:02:27 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.09.14 16:24:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005.09.14 16:24:18 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005.09.14 16:24:18 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005.09.14 16:24:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005.09.14 16:24:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005.09.14 16:24:18 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005.09.14 16:24:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005.09.14 16:16:49 | 000,051,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005.09.14 16:16:49 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005.09.14 15:34:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2005.09.14 15:28:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2005.09.14 11:36:50 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.09.14 11:35:11 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005.09.14 11:35:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005.09.14 11:35:11 | 000,010,161 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005.09.14 11:35:11 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005.09.12 13:17:32 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005.09.12 11:36:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2005.09.12 11:36:46 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.08.11 04:02:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005.08.02 10:39:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005.06.20 10:24:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005.06.13 09:11:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005.06.06 09:44:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005.06.06 09:39:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2004.12.02 15:20:18 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004.09.22 10:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004.08.22 18:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004.07.20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004.04.04 19:48:35 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2004.04.04 19:45:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX4800EFGIPSD.ini
[2004.01.15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004.01.14 03:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003.07.29 15:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2003.07.16 13:09:31 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.10.03 14:42:27 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini
< End of report >
--- --- ---


Vielen Dank schon mal :) viele Grüße Lekakapo

markusg 11.08.2010 16:43
Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
poste den inhalt der otl.txt

lekakapo 12.08.2010 09:51
Danke für die Antwort. Hier die OTL- Logfile:
OTL Logfile:
Code:
OTL logfile created on: 12.08.2010 10:29:08 - Run 4
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
502,00 Mb Total Physical Memory | 174,00 Mb Available Physical Memory | 35,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 8,90 Gb Free Space | 11,94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 534,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PARKER
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Programme\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Programme\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
PRC - C:\Programme\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)
PRC - C:\Programme\Toshiba\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
PRC - C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Programme\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIADE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\symwsc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\system32\brss01a.exe (brother Industries Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Remote Plugins Manager) -- C:\WINDOWS\System32\svshost.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AntiVirService) -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (AntiVirScheduler) -- C:\Programme\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ANIWZCSdService) -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Alpha Networks Inc.)
SRV - (SymWSC) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (GKOTMOUT) -- C:\WINDOWS\System32\gkotmout.hvy File not found
DRV - (catchme) -- C:\DOKUME~1\***\LOKALE~1\Temp\catchme.sys File not found
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (avgntflt) -- C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (V0220Dev) -- C:\WINDOWS\system32\drivers\V0220Dev.sys (Creative Technology Ltd.)
DRV - (V0220Vfx) -- C:\WINDOWS\system32\drivers\V0220Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (TPwSav) -- C:\WINDOWS\system32\drivers\TPwSav.sys (TOSHIBA )
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\Tosrfec.sys (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI)
DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI)
DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (d347prt) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (d347bus) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (SrvcSSIOMngr) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys (COMPAL ELECTRONIC INC.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (Cdr4vsd) -- C:\WINDOWS\System32\drivers\CDR4VSD.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ICQ.com Suche
IE - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006\..\URLSearchHook: {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (Ask.com)
IE - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbuE3\toolbaru.dll (IE Toolbar)
IE - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.20 21:35:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.11 10:34:18 | 000,000,000 | ---D | M]
 
[2008.09.10 01:06:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2007.05.23 22:03:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\9yb2164h.default\extensions
[2010.08.11 14:43:52 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.04.02 13:12:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.04.02 13:12:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.04.02 13:12:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.04.02 13:12:42 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.04.02 13:12:42 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.11 15:41:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\tbuE3\toolbaru.dll (IE Toolbar)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Search Assistant BHO) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (Ask.com)
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - No CLSID value found.
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - No CLSID value found.
O2 - BHO: (no name) - {1b68470c-2def-493b-8a4a-8e2d81be4ea5} - No CLSID value found.
O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - No CLSID value found.
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - No CLSID value found.
O2 - BHO: (no name) - {2e246fae-8420-11d9-870d-000c2917de7f} - No CLSID value found.
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - No CLSID value found.
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Burn4Free Toolbar Helper) - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Programme\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll ()
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - No CLSID value found.
O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - No CLSID value found.
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - No CLSID value found.
O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - No CLSID value found.
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - No CLSID value found.
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - No CLSID value found.
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - No CLSID value found.
O2 - BHO: (no name) - {9c5875b8-93f3-429d-ff34-660b206d897a} - No CLSID value found.
O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - No CLSID value found.
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - No CLSID value found.
O2 - BHO: (no name) - {b212d577-05b7-4963-911e-4a8588160dfa} - No CLSID value found.
O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - No CLSID value found.
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - No CLSID value found.
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - No CLSID value found.
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - No CLSID value found.
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Ask Toolbar BHO) - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - No CLSID value found.
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Programme\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbuE3\toolbaru.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006\..\Toolbar\ShellBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006\..\Toolbar\ShellBrowser: (Ask Toolbar) - {F4D76F09-7896-458A-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbuE3\toolbaru.dll (IE Toolbar)
O3 - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {F4D76F09-7896-458A-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CeEKEY] C:\Programme\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [CFSServ.exe]  File not found
O4 - HKLM..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HWSetup] C:\Programme\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [PadTouch] C:\Programme\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPNF] C:\Programme\Toshiba\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [Tvs] C:\Programme\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006..\Run: [{0A6455A2-9632-B24D-593E-0CC0268980F9}] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buofo\cizyb.exe (fres)
O4 - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006..\Run: [BitTorrent DNA] C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe File not found
O4 - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006..\Run: [Veoh] C:\Programme\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006..\RunOnce: [FFTI] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\9yb2164h.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ICQ Toolbar Search - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunApp.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.225 83.169.186.225 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2005.09.12 13:08:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002.09.23 13:00:00 | 000,000,000 | R--D | M] - E:\autorun -- [ CDFS ]
O32 - AutoRun File - [2002.09.23 13:00:00 | 000,053,248 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002.09.23 13:00:00 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{06685abc-569a-11dd-bb5a-000fb0a253be}\Shell\AutoRun\command - "" = F:\nideiect.com -- File not found
O33 - MountPoints2\{06685abc-569a-11dd-bb5a-000fb0a253be}\Shell\explore\Command - "" = F:\nideiect.com -- File not found
O33 - MountPoints2\{06685abc-569a-11dd-bb5a-000fb0a253be}\Shell\open\Command - "" = F:\nideiect.com -- File not found
O33 - MountPoints2\{06685abd-569a-11dd-bb5a-000fb0a253be}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe
O33 - MountPoints2\{06685abd-569a-11dd-bb5a-000fb0a253be}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe
O33 - MountPoints2\{18d7c885-6dd8-11df-bc34-000fb0a253be}\Shell\AutoRun\command - "" = F:\Menu.exe -- File not found
O33 - MountPoints2\{5480ee07-545b-11da-b941-000fb09ed58f}\Shell - "" = AutoRun
O33 - MountPoints2\{5480ee07-545b-11da-b941-000fb09ed58f}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{5480ee07-545b-11da-b941-000fb09ed58f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8cbb855c-2def-11df-bc15-000fb0a253be}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- [2002.09.23 13:00:00 | 000,053,248 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^antispysoldier.lnk - C:\Programme\Antispyware Soldier\antispysoldier.exe - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^Microsoft Office OneNote 2003 Schnellstart.lnk - C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^OpenOffice.org 2.3.lnk - C:\Programme\OpenOffice.org 2.3\program\quickstart.exe - ()
MsConfig - StartUpReg: ANIWZCS2Service - hkey= - key= - C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
MsConfig - StartUpReg: C: - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Creative Live! Cam Manager - hkey= - key= - C:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.)
MsConfig - StartUpReg: D-Link AirPlus G - hkey= - key= - C:\Programme\D-Link\AirPlus G\AirGCFG.exe (D-Link)
MsConfig - StartUpReg: DAEMON Tools-1033 - hkey= - key= - C:\Programme\D-Tools\daemon.exe (DAEMON'S HOME)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
MsConfig - StartUpReg: igfxtray - hkey= - key= -  File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NDSTray.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: Steam - hkey= - key= - c:\programme\valve\steam\steam.exe (Valve Corporation)
MsConfig - StartUpReg: TCtryIOHook - hkey= - key= -  File not found
MsConfig - StartUpReg: TFncKy - hkey= - key= -  File not found
MsConfig - StartUpReg: TPSMain - hkey= - key= -  File not found
MsConfig - StartUpReg: V0220Mon.exe - hkey= - key= - C:\WINDOWS\V0220Mon.exe (Creative Technology Ltd.)
MsConfig - StartUpReg: Zooming - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm -  File not found
SafeBootNet: nm.sys -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvid.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (58278930930466816)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.12 10:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.08.11 17:51:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Opera
[2010.08.11 17:51:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera
[2010.08.11 17:50:41 | 000,000,000 | ---D | C] -- C:\Programme\Opera
[2010.08.11 17:47:17 | 013,336,312 | ---- | C] (Opera Software ASA) -- C:\Dokumente und Einstellungen\***\Desktop\Opera_1060_int_Setup.exe
[2010.08.11 11:04:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.11 10:49:54 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.08.11 00:27:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\ihnlg(2)
[2010.08.09 12:49:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McPoker
[2010.08.09 12:38:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\McPoker
[2010.08.09 12:38:19 | 000,000,000 | ---D | C] -- C:\Programme\McPoker
[2010.08.03 22:58:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\neue musi zum kosten
[2010.08.03 16:23:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Audio_DZ_10_31
[2010.07.28 19:45:47 | 000,000,000 | ---D | C] -- C:\Programme\PKR
[2010.07.22 13:00:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Neuer Ordner
[2010.07.21 09:11:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Bueb
[2010.07.14 19:10:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\sprache
[2010.07.14 01:55:19 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2006.11.15 00:10:03 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2006.11.15 00:10:03 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.12 10:22:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.12 10:22:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.12 10:21:56 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.12 10:21:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.11 21:27:55 | 008,912,896 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.08.11 21:27:55 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.08.11 19:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010.08.11 17:50:53 | 000,000,588 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk
[2010.08.11 17:47:21 | 013,336,312 | ---- | M] (Opera Software ASA) -- C:\Dokumente und Einstellungen\***\Desktop\Opera_1060_int_Setup.exe
[2010.08.11 17:32:55 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\ufpbrp6c.exe
[2010.08.11 16:34:48 | 000,028,672 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Gesetzliche Grundlagen ne.doc
[2010.08.11 16:32:02 | 000,017,920 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\aufgabenPROJEKT.doc
[2010.08.11 15:59:31 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2010.08.11 15:41:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010.08.11 14:25:47 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\~$setzliche Grundlagen.doc
[2010.08.11 10:49:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.08.11 01:23:44 | 000,026,624 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Gesetzliche Grundlagen.doc
[2010.08.09 13:27:33 | 000,000,035 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\WUPDATE.INI
[2010.08.09 12:38:36 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\McPoker.lnk
[2010.08.09 12:37:58 | 004,998,168 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\McPokerSetup.exe
[2010.08.06 18:14:21 | 009,830,454 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\dino500.bmp
[2010.08.03 16:22:32 | 092,529,980 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Audio_DZ_10_31.rar
[2010.08.03 08:36:20 | 000,238,632 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Linie 9 Thekla.pdf
[2010.08.03 01:19:42 | 173,098,080 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Allesumsonst.part1.rar
[2010.08.02 22:17:19 | 003,489,836 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\07-07. Der Kinn-Nasen-Prof.mp3
[2010.08.02 17:16:45 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.08.02 17:16:45 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010.08.02 16:54:57 | 002,648,812 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\walkem.pdf
[2010.08.02 16:53:53 | 000,010,752 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Mündliche Modulprüfungen Master.doc
[2010.07.30 20:53:28 | 000,010,752 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\MuendlicheModulpruefungenMaster.doc
[2010.07.27 08:29:42 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010.07.23 21:43:21 | 000,043,008 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Gutachten V.doc
[2010.07.20 23:31:16 | 000,025,088 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.14 03:09:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
 
========== Files Created - No Company Name ==========
 
[2010.08.11 17:50:53 | 000,000,588 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk
[2010.08.11 17:32:54 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\ufpbrp6c.exe
[2010.08.11 16:34:48 | 000,028,672 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Gesetzliche Grundlagen ne.doc
[2010.08.11 16:32:01 | 000,017,920 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\aufgabenPROJEKT.doc
[2010.08.11 16:00:07 | 000,000,708 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_disable.log
[2010.08.11 15:59:31 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2010.08.11 14:25:47 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\~$setzliche Grundlagen.doc
[2010.08.10 14:35:14 | 000,026,624 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Gesetzliche Grundlagen.doc
[2010.08.09 12:45:02 | 000,000,035 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\WUPDATE.INI
[2010.08.09 12:38:36 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\McPoker.lnk
[2010.08.09 12:37:12 | 004,998,168 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\McPokerSetup.exe
[2010.08.06 18:14:11 | 009,830,454 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\dino500.bmp
[2010.08.03 16:14:37 | 092,529,980 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Audio_DZ_10_31.rar
[2010.08.03 08:36:19 | 000,238,632 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Linie 9 Thekla.pdf
[2010.08.03 00:48:46 | 173,098,080 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Allesumsonst.part1.rar
[2010.08.02 22:17:01 | 003,489,836 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\07-07. Der Kinn-Nasen-Prof.mp3
[2010.08.02 17:16:45 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010.08.02 17:16:45 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010.08.02 16:54:56 | 002,648,812 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\walkem.pdf
[2010.08.02 16:53:52 | 000,010,752 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Mündliche Modulprüfungen Master.doc
[2010.07.30 20:53:27 | 000,010,752 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\MuendlicheModulpruefungenMaster.doc
[2010.07.22 19:49:11 | 000,043,008 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Gutachten V.doc
[2008.09.01 08:43:51 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007.10.28 14:55:03 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2007.10.23 13:43:12 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007.10.23 13:43:12 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007.06.18 22:52:49 | 000,000,148 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2007.01.06 21:01:33 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007.01.06 21:01:33 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2007.01.06 21:01:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007.01.06 21:01:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007.01.06 21:01:26 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2007.01.06 21:01:26 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2007.01.06 21:01:25 | 000,009,013 | ---- | C] () -- C:\WINDOWS\HL-2030.INI
[2007.01.06 21:00:55 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006.11.28 13:23:25 | 000,224,768 | ---- | C] () -- C:\WINDOWS\System32\b4fm.dll
[2006.11.23 13:44:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2006.11.06 03:29:45 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006.10.18 13:29:22 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\performent202.dll
[2006.10.18 13:29:21 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\win32hp.dll
[2006.10.18 13:29:17 | 000,012,544 | ---- | C] () -- C:\WINDOWS\spp3.dll
[2006.10.18 13:29:05 | 000,030,208 | ---- | C] () -- C:\WINDOWS\inetdctr.dll
[2006.09.21 22:06:32 | 000,000,433 | ---- | C] () -- C:\WINDOWS\mp3wavsolutions.INI
[2006.06.20 13:07:03 | 000,001,024 | ---- | C] () -- C:\WINDOWS\ppengine.ini
[2005.12.02 09:44:29 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2005.11.20 19:17:20 | 000,287,744 | ---- | C] () -- C:\WINDOWS\uno364mi.dll
[2005.11.20 19:17:20 | 000,109,568 | ---- | C] () -- C:\WINDOWS\vos364mi.dll
[2005.11.20 19:17:20 | 000,091,648 | ---- | C] () -- C:\WINDOWS\osl364mi.dll
[2005.11.20 19:17:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\uno.ini
[2005.11.20 19:16:11 | 000,002,423 | ---- | C] () -- C:\WINDOWS\tonlinst.ini
[2005.11.20 19:15:58 | 000,051,712 | ---- | C] () -- C:\WINDOWS\wc98pp.dll
[2005.11.13 14:56:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005.09.15 09:34:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.09.15 09:17:04 | 000,000,466 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2005.09.15 08:02:27 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.09.14 16:24:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005.09.14 16:24:18 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005.09.14 16:24:18 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005.09.14 16:24:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005.09.14 16:24:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005.09.14 16:24:18 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005.09.14 16:24:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005.09.14 16:16:49 | 000,051,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005.09.14 16:16:49 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005.09.14 15:34:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2005.09.14 15:28:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2005.09.14 11:36:50 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.09.14 11:35:11 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005.09.14 11:35:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005.09.14 11:35:11 | 000,010,161 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005.09.14 11:35:11 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005.09.12 13:17:32 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005.09.12 11:36:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2005.09.12 11:36:46 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.08.11 04:02:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005.08.02 10:39:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005.06.20 10:24:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005.06.13 09:11:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005.06.06 09:44:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005.06.06 09:39:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2004.12.02 15:20:18 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004.09.22 10:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004.08.22 18:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004.07.20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004.04.04 19:48:35 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2004.04.04 19:45:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX4800EFGIPSD.ini
[2004.01.15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004.01.14 03:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003.07.29 15:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2003.07.16 13:09:31 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.10.03 14:42:27 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini
 
========== LOP Check ==========
 
[2005.09.14 16:34:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\toshiba
[2006.12.20 21:42:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
[2010.08.09 12:49:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McPoker
[2006.10.26 21:55:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2004.04.04 19:53:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2005.09.14 16:34:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\toshiba
[2008.03.13 14:03:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\BitTorrent DNA
[2010.08.12 10:27:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Bueb
[2008.06.20 10:26:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buofo
[2007.10.12 23:37:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2010.08.12 10:32:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DNA
[2004.04.04 20:14:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\EPSON
[2010.06.03 16:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0
[2008.07.04 13:10:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
[2008.06.08 19:04:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ Toolbar
[2005.11.12 23:51:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQLite
[2005.11.04 23:50:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo
[2008.12.06 16:27:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2006.09.11 23:32:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nokia Multimedia Player
[2010.08.11 17:51:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera
[2007.05.06 23:30:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Steinberg
[2006.10.26 21:55:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\T-DSL SpeedManager
[2007.06.14 22:22:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Template
[2007.01.14 19:24:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\toshiba
[2005.11.04 18:56:59 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registrierungserinnerung 2.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.03.18 22:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe
[2005.11.05 15:37:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AdobeUM
[2008.03.13 14:03:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\BitTorrent DNA
[2007.01.06 22:19:35 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Brother
[2010.08.12 10:27:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Bueb
[2008.06.20 10:26:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buofo
[2007.10.12 23:37:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2007.05.23 19:53:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Creative
[2006.11.15 00:30:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CyberLink
[2010.08.12 10:32:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DNA
[2004.04.04 20:14:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\EPSON
[2007.07.03 21:24:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Google
[2010.06.03 16:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0
[2006.10.02 18:18:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Help
[2008.07.04 13:10:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
[2008.06.08 19:04:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ Toolbar
[2005.11.12 23:51:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQLite
[2005.09.12 13:49:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities
[2005.11.04 23:50:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo
[2008.12.06 16:27:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2007.11.04 18:40:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia
[2008.08.30 06:52:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2007.06.21 17:42:20 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft
[2008.09.10 01:06:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla
[2006.09.11 23:32:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nokia Multimedia Player
[2010.07.15 00:11:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org2
[2010.08.11 17:51:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera
[2007.10.12 23:32:11 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SecuROM
[2010.08.12 10:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype
[2005.09.14 16:41:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sonic
[2007.05.06 23:30:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Steinberg
[2005.11.20 20:27:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun
[2005.11.22 12:33:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Symantec
[2006.10.26 21:55:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\T-DSL SpeedManager
[2007.04.20 14:34:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\teamspeak2
[2007.06.14 22:22:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Template
[2007.01.14 19:24:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\toshiba
[2007.01.10 13:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vlc
[2007.06.25 20:46:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2008.06.20 10:26:42 | 000,133,632 | ---- | M] (fres) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buofo\cizyb.exe
[2006.10.04 18:14:50 | 000,015,872 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
[2005.09.14 16:37:28 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{C45F4811-31D5-4786-801D-F79CD06EDD85}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.09.29 22:09:48 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.09.29 22:09:48 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.09.29 22:09:48 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.09.29 22:09:48 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2005.09.12 14:58:43 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005.09.12 14:58:43 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005.09.12 14:58:43 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
< End of report >
--- --- ---


Grüße Lekakapo

markusg 12.08.2010 10:06
• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun das Folgende in die Textbox.

:OTL
O4 - HKU\S-1-5-21-4070166686-3657432434-1460335447-1006..\Run: [{0A6455A2-9632-B24D-593E-0CC0268980F9}] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buofo\cizyb.exe
(fres)
[2010.07.21 09:11:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Bueb
[2010.08.12 10:27:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Bueb
[2008.06.20 10:26:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buofo
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten

lekakapo 12.08.2010 10:26
Danke für die Hilfe! DIe Suchkästchen sehen schon wieder normal aus. und das ^^ symptom ist auch verschwunden :)

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-4070166686-3657432434-1460335447-1006\Software\Microsoft\Windows\CurrentVersion\Run\\{0A6455A2-9632-B24D-593E-0CC0268980F9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A6455A2-9632-B24D-593E-0CC0268980F9}\ not found.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buofo\cizyb.exe moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Bueb folder moved successfully.
Folder C:\Dokumente und Einstellungen\***\Anwendungsdaten\Bueb\ not found.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buofo folder moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: ***
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3755893 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08122010_111725

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

markusg 12.08.2010 10:30
öffne den arbeitsplatz, öffne c:
rechtsklick auf _OTL und wähle zu _OTL.rar oder _OTL.zip hinzufügen.
lade dieses archiv an uns hoch:
http://www.trojaner-board.de/54791-a...ner-board.html
wie unter punkt2 beschreiben, gib bescheid, wenn das erledigt ist.

lekakapo 12.08.2010 10:43
erledigt :)

markusg 12.08.2010 11:14
ok angekommen :-)
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

lekakapo 12.08.2010 13:46
Hallo,

kurze Zwischenfrage. Der Scan läuft inzwischen etwa 2 Stunden. Dabei wurde bisher weder die Uhrzeit verstellt oder eine Stufe fertiggestellt. Das _ blinkt aber weiterhin. Obwohl ich Avira deaktiviert habe kam vor dem Start eine Vorsichtsmeldung. Könnte das der Grund für die lange Scandauer sein oder sollte ich mich einfach noch etwas gedulden? Ich schreibe übrigens von einem anderen PC und lasse den Patienten ungestört.

Grüß Lekakapo

markusg 12.08.2010 13:48
ne brich das mal ab.
starte dann in den abgesicherten modus, sollte die f8-taste bei systemstart sein, probiers dann bitte noch mal

lekakapo 12.08.2010 14:54
Obwohl ich Avira Antivirus sogar deinstaliert habe erscheint beim Starten des Programmes eine Wahnmeldung:

CombFix hat festgestellt, dass folgende Real Time Scanner aktiv sind:

antivirus: Avira AntiVir PersonalEdition Classic
antivirus: Avira AntiVir PersonalEdition Classic
antivirus: Avira AntiVir PersonalEdition Classic
antivirus: Avira AntiVir PersonalEdition Classic
antivirus: Avira AntiVir PersonalEdition Classic
antivirus: Avira AntiVir PersonalEdition Classic
antivirus: Avira AntiVir PersonalEdition Classic

Antivirus und Eindringling Schutzprogramme sind dafür bekannt, dass sie die Arbeit....(usw)

Sollte ich es dennoch versuchen?

lekakapo 12.08.2010 14:55
Ich meinte natürlich eine Warnmeldung :)

markusg 12.08.2010 15:04
ja, kannst einfach weiter machen.

lekakapo 12.08.2010 15:23
so hier die Log:

Combofix Logfile:
Code:
ComboFix 10-08-11.05 - *** 12.08.2010  16:00:34.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.502.306 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated) {804E5368-FFA4-00EC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {804E5358-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {804E5358-FFA4-00EC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {BADB0D00-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {FFFFFFFF-FFA4-00C8-0D24-347CA8A3377C}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\***\Anwendungsdaten\Buofo\cizyb.exe
c:\windows\daemon.dll
c:\windows\system32\msmsn.exe
c:\windows\wc98pp.dll

c:\windows\system32\mshearts.exe . . . ist infiziert!!

.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


(((((((((((((((((((((((  Dateien erstellt von 2010-07-12 bis 2010-08-12  ))))))))))))))))))))))))))))))
.

2010-08-11 15:51 . 2010-08-11 15:51        --------        d-----w-        c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Opera
2010-08-11 15:50 . 2010-08-11 15:50        --------        d-----w-        c:\programme\Opera
2010-08-11 09:04 . 2010-08-11 09:04        --------        d-----w-        C:\_OTL
2010-08-09 10:49 . 2010-08-09 10:49        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\McPoker
2010-08-09 10:38 . 2010-08-09 10:38        --------        d-----w-        c:\programme\McPoker
2010-07-28 17:45 . 2010-08-05 13:11        --------        d-----w-        c:\programme\PKR
2010-07-13 23:55 . 2010-06-14 14:31        744448        -c----w-        c:\windows\system32\dllcache\helpsvc.exe

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 14:11 . 2008-03-13 12:03        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\DNA
2010-08-12 14:11 . 2008-03-13 12:03        --------        d-----w-        c:\programme\DNA
2010-08-12 13:19 . 2007-04-16 18:13        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Skype
2010-08-11 15:48 . 2009-06-15 17:15        --------        d-----w-        c:\programme\PokerStars
2010-07-14 22:11 . 2007-12-29 14:25        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\OpenOffice.org2
2010-07-14 21:20 . 2007-12-29 14:27        1        ----a-w-        c:\dokumente und einstellungen\***\Anwendungsdaten\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-06-14 14:31 . 2005-09-12 11:05        744448        ----a-w-        c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0A94B116-4504-4e26-AB05-E61E474AA38B}"= "c:\programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL" [2007-05-13 61440]

[HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="c:\programme\Veoh Networks\Veoh\VeohClient.exe" [2008-02-22 3537968]
"TOSCDSPD"="c:\programme\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2007-06-08 23233576]
"BitTorrent DNA"="c:\programme\DNA\btdna.exe" [2009-10-19 323392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"Tvs"="c:\programme\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]
"TPNF"="c:\programme\TOSHIBA\TouchPad\TPTray.exe" [2005-08-25 53248]
"SVPWUTIL"="c:\programme\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SmoothView"="c:\programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2005-05-13 118784]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2006-09-28 98304]
"PadTouch"="c:\programme\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 1077328]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"HWSetup"="c:\programme\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"EPSON Stylus DX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"CeEKEY"="c:\programme\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 671744]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2004-03-24 196608]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 88358]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders        msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^antispysoldier.lnk]
path=c:\dokumente und einstellungen\***\Startmenü\Programme\Autostart\antispysoldier.lnk
backup=c:\windows\pss\antispysoldier.lnkStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^Microsoft Office OneNote 2003 Schnellstart.lnk]
path=c:\dokumente und einstellungen\***\Startmenü\Programme\Autostart\Microsoft Office OneNote 2003 Schnellstart.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Schnellstart.lnkStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^OpenOffice.org 2.3.lnk]
path=c:\dokumente und einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2005-10-19 17:19        49152        ----a-w-        c:\programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32\V0220Cvw.dll]
2006-05-23 17:00        245760        ----a-r-        c:\windows\system32\V0220Cvw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
2006-05-31 14:00        143360        ------w-        c:\programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
2005-11-23 14:04        1544192        ----a-w-        c:\programme\D-Link\AirPlus G\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05        81920        ----a-w-        c:\programme\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2008-09-01 15:08        173304        ----a-w-        c:\programme\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-07-19 18:09        94208        ----a-w-        c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22        1695232        ------w-        c:\programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-03-05 11:29        1217872        ----a-w-        c:\programme\Valve\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]
2005-08-22 14:49        28672        ----a-w-        c:\windows\system32\TCtrlIOHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2005-08-12 09:34        266240        ----a-w-        c:\windows\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0220Mon.exe]
2006-06-28 17:01        32768        ----a-r-        c:\windows\V0220Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
2005-06-06 07:58        24576        ----a-w-        c:\windows\system32\ZoomingHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\LimeWire\\LimeWire.exe"=
"c:\\Programme\\SightSpeed\\SightSpeed.exe"=

[HKLM\~\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List"=]
"c:\\Programme\\BitTorrent_DNA\\dna.exe"=
"c:\\Programme\\DNA\\btdna.exe"=
"c:\\Programme\\ICQ6\\ICQ.exe"=
"c:\\Programme\\Trillian\\trillian.exe"=
"c:\\Programme\\Java\\jre1.5.0_03\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Zattoo\\zattood.exe"=
"c:\\Programme\\Zattoo\\Zattoo1.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Warcraft III an Sixpack\\Warcraft III.exe"=
"c:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [15.11.2006 00:10 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [15.11.2006 00:10 5248]
S0 Cdr4vsd;Cdr4vsd;c:\windows\system32\drivers\CDR4VSD.SYS [20.06.2006 13:05 60688]
S2 GKOTMOUT;GKOTMOUT;\??\c:\windows\system32\gkotmout.hvy --> c:\windows\system32\gkotmout.hvy [?]
S2 Remote Plugins Manager;Remote Plugins Manager;"c:\windows\system32\svshost.exe" --> c:\windows\system32\svshost.exe [?]
S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [23.05.2007 19:57 146112]
S3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [23.05.2007 19:57 6272]
.
Inhalt des "geplante Tasks" Ordners

2005-11-04 c:\windows\Tasks\Registrierungserinnerung 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-09-12 02:22]

2010-08-12 c:\windows\Tasks\Symantec NetDetect.job
- c:\programme\Symantec\LiveUpdate\NDETECT.EXE [2005-09-15 13:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &ICQ Toolbar Search - c:\programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\programme\PartyGaming\PartyCasino\RunApp.exe
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} -
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\9yb2164h.default\
FF - plugin: c:\programme\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-{0A6455A2-9632-B24D-593E-0CC0268980F9} - c:\dokumente und einstellungen\***\Anwendungsdaten\Buofo\cizyb.exe
HKCU-RunOnce-FFTI - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\9yb2164h.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-TFncKy - TFncKy.exe
AddRemove-DCXtended .9 - c:\programme\EA GAMES\Battlefield 1942\Mods\DC_Extended\uninstall.exe
AddRemove-UnrealTournament - c:\unrealtournament\System\Setup.exe
AddRemove-WChat - c:\westwood\WWONLINE\UNINSTWC.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-12 16:11
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82CE4648]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf865df28
\Driver\ACPI -> ACPI.sys @ 0xf8589cb8
\Driver\atapi -> 0x82ce4648
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf8402bd4
 PacketIndicateHandler -> NDIS.sys @ 0xf83f0a0d
 SendHandler -> NDIS.sys @ 0xf8404b40
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GKOTMOUT]
"ImagePath"="\??\c:\windows\system32\gkotmout.hvy"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-4070166686-3657432434-1460335447-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *T*i*b*e*r*i*u*m* *W*a*r*s*"!\Kundendienst]
"Order"=hex:08,00,00,00,02,00,00,00,b8,02,00,00,01,00,00,00,04,00,00,00,de,00,
  00,00,00,00,00,00,d0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,be,00,32,\

[HKEY_USERS\S-1-5-21-4070166686-3657432434-1460335447-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *T*i*b*e*r*i*u*m* *W*a*r*s*"!\Kundendienst]
"Order"=hex:08,00,00,00,02,00,00,00,b8,02,00,00,01,00,00,00,04,00,00,00,de,00,
  00,00,00,00,00,00,d0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,be,00,32,\

[HKEY_USERS\S-1-5-21-4070166686-3657432434-1460335447-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:57,81,71,a8,c4,ad,db,f8,b9,c7,be,50,b6,88,98,b8,68,98,19,34,5b,c1,c1,
  03,6a,1d,45,92,03,72,c1,de,3d,a1,66,3a,8e,82,41,d4,d2,49,9f,38,dd,04,fd,86,\
"??"=hex:c1,cc,17,a2,ad,b6,94,bc,ee,8b,88,c6,5d,d6,24,be

[HKEY_USERS\S-1-5-21-4070166686-3657432434-1460335447-1006\Software\SecuROM\License information*]
"datasecu"=hex:55,ee,09,6f,e0,47,19,65,34,55,40,aa,8f,fb,69,14,7a,06,d2,79,0e,
  84,7d,6d,ff,2d,a6,09,29,44,8d,73,81,7a,8b,4b,e6,ad,10,de,3f,4f,79,df,5d,93,\
"rkeysecu"=hex:5f,3a,02,12,52,33,e2,55,2b,0c,6c,af,70,82,81,53
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(3372)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\brss01a.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\AGRSMMSG.exe
c:\programme\Apoint2K\Apntex.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-12  16:17:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-12 14:17

Vor Suchlauf: 9.444.732.928 Bytes frei
Nach Suchlauf: 9.335.287.808 Bytes frei

- - End Of File - - 470530A9038693C2C708E6E9883FCF02
--- --- ---

markusg 12.08.2010 15:28
kannst du die folgende datei mal auf
VirusTotal - Free Online Virus, Malware and URL Scanner
prüfen?
c:\windows\system32\mshearts.exe
fals datei bereits analysiert, klicke erneut prüfen, poste bitte das ergebniss

lekakapo 12.08.2010 15:43
hier das Ergebniss:

File name:
mshearts.exe
Submission date:
2010-08-12 14:35:02 (UTC)
Current status:
queued (#66) queued (#67) analysing finished
Result:
0/ 42 (0.0%)


Antivirus Version Last Update Result
AhnLab-V3 2010.08.12.00 2010.08.11 -
AntiVir 8.2.4.34 2010.08.12 -
Antiy-AVL 2.0.3.7 2010.08.11 -
Authentium 5.2.0.5 2010.08.12 -
Avast 4.8.1351.0 2010.08.12 -
Avast5 5.0.332.0 2010.08.12 -
AVG 9.0.0.851 2010.08.12 -
BitDefender 7.2 2010.08.12 -
CAT-QuickHeal 11.00 2010.08.12 -
ClamAV 0.96.0.3-git 2010.08.12 -
Comodo 5715 2010.08.12 -
DrWeb 5.0.2.03300 2010.08.12 -
Emsisoft 5.0.0.37 2010.08.12 -
eSafe 7.0.17.0 2010.08.11 -
eTrust-Vet 36.1.7785 2010.08.12 -
F-Prot 4.6.1.107 2010.08.12 -
F-Secure 9.0.15370.0 2010.08.12 -
Fortinet 4.1.143.0 2010.08.12 -
GData 21 2010.08.12 -
Ikarus T3.1.1.88.0 2010.08.12 -
Jiangmin 13.0.900 2010.08.12 -
Kaspersky 7.0.0.125 2010.08.12 -
McAfee 5.400.0.1158 2010.08.12 -
McAfee-GW-Edition 2010.1 2010.08.12 -
Microsoft 1.6004 2010.08.12 -
NOD32 5361 2010.08.12 -
Norman 6.05.11 2010.08.12 -
nProtect 2010-08-12.03 2010.08.12 -
Panda 10.0.2.7 2010.08.12 -
PCTools 7.0.3.5 2010.08.12 -
Prevx 3.0 2010.08.12 -
Rising 22.60.03.04 2010.08.12 -
Sophos 4.56.0 2010.08.12 -
Sunbelt 6722 2010.08.12 -
SUPERAntiSpyware 4.40.0.1006 2010.08.12 -
Symantec 20101.1.1.7 2010.08.12 -
TheHacker 6.5.2.1.343 2010.08.11 -
TrendMicro 9.120.0.1004 2010.08.12 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.12 -
VBA32 3.12.14.0 2010.08.11 -
ViRobot 2010.8.9.3978 2010.08.12 -
VirusBuster 5.0.27.0 2010.08.12 -
Additional information
Show all
MD5 : c91c6b79896824f1c3d615e4ad06fccb
SHA1 : cc061c32cd39dbde4ee7316a08c158410eaee44f
SHA256: 091b4ac271c881fddd410fa066fa1f7cee9622e51e3959ef2941a8c05274142f
ssdeep: 3072:Jwvi4RRZdyw6PmjeJKyS+tX1RAraPNC8884NJH:sFERHKv+tX1
File size : 135680 bytes
First seen: 2010-08-12 14:35:02
Last seen : 2010-08-12 14:35:02
TrID:
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. Alle Rechte vorbehalten.
product......: Betriebssystem Microsoft_ Windows_
description..: Das Microsoft-Netzwerk mit Herz
original name: MSHEARTS.EXE
internal name: MSHEARTS
file version.: 5.1.2600.0 (xpclient.010817-1148)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0xAA30
timedatestamp....: 0x3B7D847A (Fri Aug 17 20:54:18 2001)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xBEB4, 0xC000, 6.14, 57195ac518d6af9a1f6ab3371e4a9ec7
.data, 0xD000, 0x750, 0x400, 3.66, 14e3e6aae88289d5a732ef6c80345a7f
.rsrc, 0xE000, 0x13000, 0x12C00, 5.87, 18c386052387bbfcb4cf25452f1f6135

[[ 8 import(s) ]]
MFC42u.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
msvcrt.dll: rand, qsort, _errno, _c_exit, _exit, _XcptFilter, _cexit, exit, _wcmdln, __wgetmainargs, time, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, __1type_info@@UAE@XZ, __dllonexit, _onexit, _terminate@@YAXXZ, _controlfp, _except_handler3, srand, _initterm, _wtoi, wcscmp, _purecall, __CxxFrameHandler
ADVAPI32.dll: RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegCreateKeyW, RegQueryValueExW, RegSetValueExW, RegFlushKey, RegDeleteValueW
KERNEL32.dll: lstrcpyW, GetStartupInfoW, GetModuleHandleA, lstrcmpiW, FindResourceW, LoadResource, LockResource, SetErrorMode, lstrlenW, FreeLibrary, LoadLibraryW, GetProcAddress, LoadLibraryA, WinExec
GDI32.dll: CombineRgn, GetTextExtentPoint32W, GetTextMetricsW, GetDeviceCaps, CreateSolidBrush, UnrealizeObject, PatBlt, CreateFontW, SetLayout, SetPixel, GetPixel, BitBlt, CreateCompatibleBitmap, CreateRectRgn, SetRectRgn, CreateICW, CreateCompatibleDC
USER32.dll: MessageBeep, DdeGetLastError, IntersectRect, SystemParametersInfoW, GetSystemMetrics, GetDesktopWindow, UpdateWindow, GetMenu, EnableMenuItem, CheckMenuItem, FillRect, KillTimer, GetProcessDefaultLayout, SetTimer, InvalidateRect, LoadIconW, wsprintfW, EnableWindow, SendMessageW, GetParent, ClientToScreen, GetClientRect, SetRect, PostMessageW, DdeCreateDataHandle, DdeCreateStringHandleW, DdeFreeStringHandle, DdeGetData, DdeInitializeW, DdePostAdvise, DdeClientTransaction, DdeUninitialize, DdeNameService, DdeConnect, DdeDisconnect, DrawIcon, DrawTextW, GetWindowRect
SHELL32.dll: ShellAboutW
WINMM.dll: waveOutGetNumDevs, sndPlaySoundW
Symantec reputation:Suspicious.Insight

markusg 12.08.2010 15:47
nutze mal den kaspersky tdss killer.
http://www.trojaner-board.de/82358-t...tml#post640150
und poste das ergebniss.

lekakapo 12.08.2010 16:13
Das Ergebniss:


2010/08/12 17:07:53.0937 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09
2010/08/12 17:07:53.0937 ================================================================================
2010/08/12 17:07:53.0937 SystemInfo:
2010/08/12 17:07:53.0937
2010/08/12 17:07:53.0937 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/12 17:07:53.0937 Product type: Workstation
2010/08/12 17:07:53.0937 ComputerName: PARKER
2010/08/12 17:07:53.0937 UserName: ***
2010/08/12 17:07:53.0937 Windows directory: C:\WINDOWS
2010/08/12 17:07:53.0937 System windows directory: C:\WINDOWS
2010/08/12 17:07:53.0937 Processor architecture: Intel x86
2010/08/12 17:07:53.0937 Number of processors: 1
2010/08/12 17:07:53.0937 Page size: 0x1000
2010/08/12 17:07:53.0937 Boot type: Normal boot
2010/08/12 17:07:53.0937 ================================================================================
2010/08/12 17:07:54.0203 Initialize success
2010/08/12 17:07:57.0828 ================================================================================
2010/08/12 17:07:57.0828 Scan started
2010/08/12 17:07:57.0828 Mode: Manual;
2010/08/12 17:07:57.0828 ================================================================================
2010/08/12 17:08:00.0937 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/12 17:08:01.0015 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/08/12 17:08:01.0125 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/12 17:08:01.0250 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/12 17:08:01.0500 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/08/12 17:08:01.0843 ALCXWDM (35045a23957a71ba649740741e69408c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/08/12 17:08:02.0140 ANIO (92defe8a13a7ce457817e3bd464a9ff4) C:\WINDOWS\system32\ANIO.SYS
2010/08/12 17:08:02.0234 ApfiltrService (87ec3fdcaf6c5052e2e72b861dedd3d3) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/08/12 17:08:02.0328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/12 17:08:02.0500 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2010/08/12 17:08:02.0562 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/12 17:08:02.0750 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/12 17:08:02.0828 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/12 17:08:02.0921 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/12 17:08:03.0000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/12 17:08:03.0078 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
2010/08/12 17:08:03.0171 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/12 17:08:03.0312 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/12 17:08:03.0406 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/12 17:08:03.0484 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/12 17:08:03.0578 Cdr4vsd (9fc549cb9099f92f032df52f7a6092d4) C:\WINDOWS\system32\drivers\Cdr4vsd.sys
2010/08/12 17:08:03.0671 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/12 17:08:03.0875 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/12 17:08:03.0968 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/12 17:08:04.0109 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
2010/08/12 17:08:04.0156 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
2010/08/12 17:08:04.0312 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/12 17:08:04.0421 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/12 17:08:04.0578 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/12 17:08:04.0671 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/12 17:08:04.0750 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/12 17:08:04.0828 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/12 17:08:04.0921 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/08/12 17:08:05.0015 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/08/12 17:08:05.0218 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/12 17:08:05.0296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/12 17:08:05.0359 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/12 17:08:05.0421 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/12 17:08:05.0515 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/12 17:08:05.0593 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/12 17:08:05.0796 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/12 17:08:05.0906 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/12 17:08:05.0968 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/12 17:08:06.0078 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/12 17:08:06.0250 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/12 17:08:06.0484 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/12 17:08:06.0609 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/12 17:08:06.0703 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/12 17:08:06.0765 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/12 17:08:06.0953 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/12 17:08:07.0031 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/12 17:08:07.0250 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/12 17:08:07.0312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/12 17:08:07.0421 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/12 17:08:07.0546 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/12 17:08:07.0625 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/12 17:08:07.0703 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2010/08/12 17:08:07.0781 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\WINDOWS\system32\DRIVERS\k750bus.sys
2010/08/12 17:08:07.0828 k750mdfl (f44521f63c0c00364fa3d59db980de6a) C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
2010/08/12 17:08:07.0890 k750mdm (e93323c3ed5e8923a177740a973c27b2) C:\WINDOWS\system32\DRIVERS\k750mdm.sys
2010/08/12 17:08:08.0015 k750obex (81ca2d57b2c14f76f4ba80846784bb3d) C:\WINDOWS\system32\DRIVERS\k750obex.sys
2010/08/12 17:08:08.0062 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/12 17:08:08.0171 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/12 17:08:08.0281 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/12 17:08:08.0406 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/12 17:08:08.0531 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/12 17:08:08.0625 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/12 17:08:08.0812 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/12 17:08:08.0906 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/12 17:08:09.0000 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/12 17:08:09.0140 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/12 17:08:09.0312 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/12 17:08:09.0390 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/12 17:08:09.0421 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/12 17:08:09.0484 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/12 17:08:09.0546 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/12 17:08:09.0593 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/12 17:08:09.0671 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/12 17:08:09.0812 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/12 17:08:09.0937 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/12 17:08:10.0109 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/12 17:08:10.0187 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/12 17:08:10.0234 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/12 17:08:10.0281 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/12 17:08:10.0328 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/12 17:08:10.0406 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/12 17:08:10.0578 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/12 17:08:10.0734 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/12 17:08:10.0828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/12 17:08:10.0968 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/12 17:08:11.0078 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/12 17:08:11.0171 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/12 17:08:11.0234 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/12 17:08:11.0312 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/12 17:08:11.0453 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2010/08/12 17:08:11.0531 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/12 17:08:11.0656 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/12 17:08:11.0734 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/12 17:08:11.0828 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/12 17:08:12.0000 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/08/12 17:08:12.0343 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2010/08/12 17:08:12.0453 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/12 17:08:12.0515 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/12 17:08:12.0593 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/12 17:08:12.0734 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/12 17:08:13.0046 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/12 17:08:13.0093 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/12 17:08:13.0171 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/12 17:08:13.0234 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/12 17:08:13.0312 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/12 17:08:13.0453 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/12 17:08:13.0578 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/12 17:08:13.0687 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/12 17:08:13.0796 RT73 (cb20f16afdba63707fb971e0922edec1) C:\WINDOWS\system32\DRIVERS\Dr71WU.sys
2010/08/12 17:08:13.0953 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2010/08/12 17:08:14.0125 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/08/12 17:08:14.0218 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/08/12 17:08:14.0296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/12 17:08:14.0359 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/12 17:08:14.0515 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
2010/08/12 17:08:14.0640 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/08/12 17:08:14.0687 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/08/12 17:08:14.0750 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
2010/08/12 17:08:14.0812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/08/12 17:08:14.0859 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
2010/08/12 17:08:15.0046 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
2010/08/12 17:08:15.0171 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/12 17:08:15.0265 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/12 17:08:15.0359 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/12 17:08:15.0468 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/12 17:08:15.0625 SrvcSSIOMngr (79b7af340d55861df1d69e7bac975fcc) C:\WINDOWS\system32\Drivers\SSIoMngr.sys
2010/08/12 17:08:15.0734 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/08/12 17:08:15.0812 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/08/12 17:08:15.0875 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/12 17:08:15.0937 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/12 17:08:15.0984 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/12 17:08:16.0265 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/12 17:08:16.0468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/12 17:08:16.0625 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/08/12 17:08:16.0781 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/12 17:08:16.0875 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/12 17:08:16.0921 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/12 17:08:17.0015 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/08/12 17:08:17.0078 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/08/12 17:08:17.0140 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/08/12 17:08:17.0218 tfsndres (6740bd5e6a73a48e896fe80134aeaad5) C:\WINDOWS\system32\dla\tfsndres.sys
2010/08/12 17:08:17.0281 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/08/12 17:08:17.0390 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/08/12 17:08:17.0453 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/08/12 17:08:17.0500 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/08/12 17:08:17.0531 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/08/12 17:08:17.0656 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys
2010/08/12 17:08:17.0781 tosrfec (28c252f4311244a07b6dafc1fa0a2b0e) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
2010/08/12 17:08:17.0843 TPwSav (f163e994d26c2b17fee748fa84fbdba5) C:\WINDOWS\system32\Drivers\TPwSav.sys
2010/08/12 17:08:17.0921 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/08/12 17:08:18.0062 Tvs (925b851b10eefece7ed6b9a1c8873135) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2010/08/12 17:08:18.0218 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/12 17:08:18.0343 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/12 17:08:18.0421 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/12 17:08:18.0500 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/12 17:08:18.0578 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/12 17:08:18.0734 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/12 17:08:18.0843 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/12 17:08:18.0890 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/12 17:08:18.0937 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/12 17:08:19.0031 V0220Dev (d26829d436f592f6d80d71b9c02c690f) C:\WINDOWS\system32\DRIVERS\V0220Dev.sys
2010/08/12 17:08:19.0078 V0220Vfx (eb4e73963bc2eda84b93b29174e15b02) C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys
2010/08/12 17:08:19.0156 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/12 17:08:19.0375 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/12 17:08:19.0703 w29n51 (67caa926ef06e07f2d31056b39f51c54) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2010/08/12 17:08:19.0968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/12 17:08:20.0093 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/12 17:08:20.0250 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/12 17:08:20.0312 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/12 17:08:20.0375 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/12 17:08:20.0484 ================================================================================
2010/08/12 17:08:20.0484 Scan finished
2010/08/12 17:08:20.0484 ================================================================================

markusg 12.08.2010 16:29
musstest du Cure *oder Delete ausführen?

lekakapo 12.08.2010 16:41
Nein nichts.

markusg 12.08.2010 16:45
poste einen gmer report
http://www.trojaner-board.de/74908-a...t-scanner.html

lekakapo 12.08.2010 17:09
Bei dem Versuch das Programm zu starten erscheint eine Problemmeldung:

Problemsignatur:

AppName: 1g3s1s3l.exe AppVer: 1.0.15.15281 ModName: 1g3s1s3l.exe
ModVer: 1.0.15.15281 Offset: 0005c887


Brauchst du weitere Details oder soll ich etwas anderes versuchen?

markusg 12.08.2010 17:14
ne versuchen wir n anderes.
download radix
Radix Antirootkit - Download - CHIP Online
bitte schalte alles an laufender software ab, trenne die internetverbindung, radix in nen eigenen ordner entpacken, klicke dann die radixgui.exe, aktiviere auf der 1-klick registerkarte alles, lasse ihn scannen, nichts löschen am ende
log hier hochladen:
File-Upload.net
download link posten.

lekakapo 12.08.2010 17:32
Während des Scanvorgangs kamen verschiedene Anfragen. Soll ich immer zustimmen?

markusg 12.08.2010 17:36
ja, mach das bitte

lekakapo 12.08.2010 17:57
Der Computer ist während des Scans abgestürzt. Es gibt dennoch eine Log. Soll ich es noch mal versuchen oder den existierenden Log hochladen?

Ein Auszug:

95 >\FileSystem\srfs 82F01D08 sr.sys
97 \FileSystem\tfsndrct 82C57DA0 tfsndrct.sys --[HOOKED]--
This might be a false positive, as I was unable to check.
* Majorfunction 03 (IRP_MJ_READ) hooked at 82C862C8 probably by C:\WINDOWS\system32\DRIVERS\d347bus.sys
WARNING: This is just a rough guess that was made by analyzing the code at this address!
-------------------------------------------------------------------------------
Information for module d347bus.sys:
-------------------------------------------------------------------------------
Index: 4
Base address: F857C000
Size: 00026000
Flags: 09004000
Load count: 1
Imagename: d347bus.sys
Name:
Version: 3.47.0.0
Company:
File Version: 3.47.0.0 built by: WinDDK
Description: PnP BIOS Extension
Possible path: C:\WINDOWS\system32\DRIVERS\d347bus.sys
Signed: > NO! <



* The DriverUnload function points to another module than the start routine.
* Unload routine is at F857ECEC by C:\WINDOWS\system32\DRIVERS\d347bus.sys
-------------------------------------------------------------------------------
Information for module d347bus.sys:
-------------------------------------------------------------------------------
Index: 4
Base address: F857C000
Size: 00026000
Flags: 09004000
Load count: 1
Imagename: d347bus.sys
Name:
Version: 3.47.0.0
Company:
File Version: 3.47.0.0 built by: WinDDK
Description: PnP BIOS Extension
Possible path: C:\WINDOWS\system32\DRIVERS\d347bus.sys
Signed: > NO! <



98 \FileSystem\NetBIOS 82B05390 netbios.sys
96 \FileSystem\sr 82F01D08 sr.sys
99 \FileSystem\tfsnboio 82C57550 tfsnboio.sys --[HOOKED]--
This might be a false positive, as I was unable to check.
* Majorfunction 03 (IRP_MJ_READ) hooked at 82C89178 probably by C:\WINDOWS\system32\DRIVERS\d347bus.sys
WARNING: This is just a rough guess that was made by analyzing the code at this address!
-------------------------------------------------------------------------------
Information for module d347bus.sys:
-------------------------------------------------------------------------------
Index: 4
Base address: F857C000
Size: 00026000
Flags: 09004000
Load count: 1
Imagename: d347bus.sys
Name:
Version: 3.47.0.0
Company:
File Version: 3.47.0.0 built by: WinDDK
Description: PnP BIOS Extension
Possible path: C:\WINDOWS\system32\DRIVERS\d347bus.sys
Signed: > NO! <



* The DriverUnload function points to another module than the start routine.
* Unload routine is at F857ECEC by C:\WINDOWS\system32\DRIVERS\d347bus.sys
-------------------------------------------------------------------------------
Information for module d347bus.sys:
-------------------------------------------------------------------------------
Index: 4
Base address: F857C000
Size: 00026000
Flags: 09004000
Load count: 1
Imagename: d347bus.sys
Name:
Version: 3.47.0.0
Company:
File Version: 3.47.0.0 built by: WinDDK
Description: PnP BIOS Extension
Possible path: C:\WINDOWS\system32\DRIVERS\d347bus.sys
Signed: > NO! <



100 \FileSystem\Rdbss 82A9AA70 rdbss.sys --[HOOKED]--
This might be a false positive, as I was unable to check.
* Majorfunction 03 (IRP_MJ_READ) hooked at 82B2E1E8 probably by C:\WINDOWS\system32\DRIVERS\d347bus.sys
WARNING: This is just a rough guess that was made by analyzing the code at this address!
-------------------------------------------------------------------------------
Information for module d347bus.sys:
-------------------------------------------------------------------------------
Index: 4
Base address: F857C000
Size: 00026000
Flags: 09004000
Load count: 1
Imagename: d347bus.sys
Name:
Version: 3.47.0.0
Company:
File Version: 3.47.0.0 built by: WinDDK
Description: PnP BIOS Extension
Possible path: C:\WINDOWS\system32\DRIVERS\d347bus.sys
Signed: > NO! <



75 \FileSystem\sscdbhk5 82D53768 sscdbhk5.sys
75 >\Driver\Cdromscdbhk5 82D4CF38 cdrom.sys
58 >\Driver\redbookdbhk5 82D53528 redbook.sys
101 \FileSystem\tfsndres 82B46DA0 tfsndres.sys
102 \FileSystem\ssrtln 82DC3550 ssrtln.sys
103 \FileSystem\tfsnifs 82C1C030 tfsnifs.sys
104 \FileSystem\tfsnopio 82A92A70 tfsnopio.sys
105 \FileSystem\Msfs 829B5550 Msfs.SYS --[HOOKED]--
This might be a false positive, as I was unable to check.
* Majorfunction 03 (IRP_MJ_READ) hooked at 82A8C7F0 probably by C:\WINDOWS\system32\DRIVERS\d347bus.sys
WARNING: This is just a rough guess that was made by analyzing the code at this address!
-------------------------------------------------------------------------------
Information for module d347bus.sys:
-------------------------------------------------------------------------------
Index: 4
Base address: F857C000
Size: 00026000
Flags: 09004000
Load count: 1
Imagename: d347bus.sys
Name:
Version: 3.47.0.0
Company:
File Version: 3.47.0.0 built by: WinDDK
Description: PnP BIOS Extension
Possible path: C:\WINDOWS\system32\DRIVERS\d347bus.sys
Signed: > NO! <



* The DriverUnload function points to another module than the start routine.
* Unload routine is at F857ECEC by C:\WINDOWS\system32\DRIVERS\d347bus.sys
-------------------------------------------------------------------------------
Information for module d347bus.sys:
-------------------------------------------------------------------------------
Index: 4
Base address: F857C000
Size: 00026000
Flags: 09004000
Load count: 1
Imagename: d347bus.sys
Name:
Version: 3.47.0.0
Company:
File Version: 3.47.0.0 built by: WinDDK
Description: PnP BIOS Extension
Possible path: C:\WINDOWS\system32\DRIVERS\d347bus.sys
Signed: > NO! <



106 \FileSystem\MRxSmb 82D0F878 mrxsmb.sys --[HOOKED]--
This might be a false positive, as I was unable to check.
* Majorfunction 03 (IRP_MJ_READ) hooked at 82B2D1E8 probably by C:\WINDOWS\system32\DRIVERS\d347bus.sys
WARNING: This is just a rough guess that was made by analyzing the code at this address!
-------------------------------------------------------------------------------
Information for module d347bus.sys:
-------------------------------------------------------------------------------
Index: 4
Base address: F857C000
Size: 00026000
Flags: 09004000
Load count: 1
Imagename: d347bus.sys
Name:
Version: 3.47.0.0
Company:
File Version: 3.47.0.0 built by: WinDDK
Description: PnP BIOS Extension
Possible path: C:\WINDOWS\system32\DRIVERS\d347bus.sys
Signed: > NO! <

markusg 12.08.2010 18:01
lad mal das ganze log bei file-upload hoch, ich schaue mir mal an was da ist.

lekakapo 12.08.2010 18:05
hier der link:

hxxp://www.file-upload.net/download-2740724/log.txt.html

markusg 12.08.2010 19:17
versuche mal normans tdss cleaner:
Rootkit.tdss entfernen: Norman TDSS Cleaner - Paules-PC-Forum.de
poste die oder das log.

lekakapo 12.08.2010 20:01
hier die Log:

Norman TDSS Cleaner
Version 1.9.3
Copyright © 1990 - 2010, Norman ASA. Built 2010/05/25 11:56:03

Norman Scanner Engine Version: 6.04.08
Nvcbin.def Version: 6.04.00, Date: 2010/05/25 11:56:03, Variants: 57644

Scan started: 2010/08/12 20:50:36

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 3
Logged on user: PARKER\***

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Running anti-TDSS module:

No TDSS infection detected

TDSS scan complete. Will now scan for related malware

Scanning bootsectors...

Number of sectors found: 1
Number of sectors scanned: 1
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 31ms


Scanning running processes and process memory...

Number of processes/threads found: 3665
Number of processes/threads scanned: 3665
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 1m 21s


Scanning file system...

Scanning: prescan

Scanning: C:\WINDOWS\system32\drivers\*

Scanning: postscan


Running post-scan cleanup routine:
Failed to locate shared service executable: C:\WINDOWS\System32\appmgmts.dll
Removed service: AppMgmt

Number of files found: 427
Number of archives unpacked: 0
Number of files scanned: 427
Number of files not scanned: 0
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 17s

markusg 12.08.2010 20:02
ok wie läuft er im moment?

lekakapo 12.08.2010 20:13
Gut würde ich sagen. Kann eigentlich keine Probleme mehr feststellen.
Auf jeden Fall schon jetzt tausend Dank für die tolle Hilfe!!!

markusg 12.08.2010 20:24
drweb cureit:
http://www.trojaner-board.de/59299-a...eb-cureit.html
brich den schnell scan ab, konfiguriere das programm, scanne im abgesicherten modus, evtl. log hochladen, ist ziemlich groß manchmal.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:12 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131