Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner Online Banking Sparkasse, PC formatieren?? (https://www.trojaner-board.de/90420-trojaner-online-banking-sparkasse-pc-formatieren.html)

Trinity81 05.09.2010 13:20
Trojaner Online Banking Sparkasse, PC formatieren??
 
Hallo zusammen,

ich habe seit letzter Woche wohl ein Problem mit meinem Computer, habe mich bei der Sparkasse Online Banking angemeldet und erhielt dann ein Hinweisfenster, wo ich Tans eingeben sollte. Kam mir spanisch vor, habe bei der Bank angerufen und mir wurde gesagt, dass ich einen Trojaner habe und ich meinen PC formatieren müsse. Sobald er wieder "clean" ist, könnte ich Online Banking wieder nutzen, mein Zugang ist jetzt erstmal gesperrt.

So, nach diversen Recherchen im Internet habe ich nun herausgefunden, dass ich anscheinend nicht die einzige mit dem Problem bin, es handelt sich wohl um den Trojaner "Delfsnif.DX.81", da der hier geschilderte Fall genau meinem Fall enstpricht: http://www.trojaner-board.de/89652-b...f-dx-81-a.html

Ich habe jetzt Kaspersky und auch Antivir durchlaufen lassen, es wurde nichts gefunden auf meinem PC! Habe, wie hier empfohlen, bei beiden Programmen vorher ein Update gemacht, die sind auf dem neuesten Stand.

Meine Frage: Wie kann das sein, dass nichts gefunden wird??? Und ist denn eine komplette Formatierung dann überhaupt notwendig?

Da ich mich (leider) mit Trojanern, Viren usw. überhaupt nicht auskenne und meinen PC noch nie formatiert habe, weiß ich nicht wirklich was ich jetzt machen soll.

Kann ich denn einfach meine privaten Dateien auf CD brennen (Dokumente, Bilder usw.), oder sind die auch vom Virus "befallen"??Was mache ich mit meiner ganzen Musik (Itunes)??

Und zu guter Letzt: Ich habe keine Backup-CD von Windows Vista, habe ich eben festgestellt. Ich hätte die Möglichkeit gehabt, mir so eine CD selbst zu erstellen, allerdings habe ich das damals als ich den PC gekauft habe nicht gemacht, dann ging es vergessen und ja..jetzt sitz ich hier. Was mach ich nun?? Es gibt zwar 2 Partitionen auf meinem Rechner, eine nennt sich HP Recovery, aber da ist glaub ich nichts drauf...

Wäre super, wenn ihr mir Tipps geben könntet.

Danke schonmal und viele Grüße!
Trinity81

Chris4You 05.09.2010 15:54
Hi,
den Rechner platt zu machen ist tatsächlich die beste Alternative, keiner kann Dir sagen ob der Rechner wirklich sauber ist. Auf der HP-Partition sollte ein Backup des Systems im Initalzustand sein, d.h. direkt nach dem Kauf...

Der Nachteil ist, alles wird geplättet (Daten/Programme)...
Wie gut ist Dein Englisch? How to Boot an HP Recovery Partition | eHow.com

Solche Trojaner sind schwer zu finden und Du scheinst was sehr neues zu haben, wenn keiner was findet... Ob das alles zum Erfolg führt ist unklar... mal sehen..

So, probieren wir mal ob wir weiter kommen:

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet!

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen.


OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe
  • Vista/Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox

Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
mv61xx.sys
/md5stop
c:\windows\system32\drivers\*.sys /lockedfiles
c:\windows\system32\*.dll /lockedfiles
%systemroot%\*. /mp /s
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button
  • Klick auf OK
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte gmer und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

chris

Trinity81 06.09.2010 09:48
Hallo Chris,

danke für deine Hilfe!

Hier der Log von Combofix, Rest folgt dann gleich...

ComboFix 10-09-04.06 - Nadine 06.09.2010 10:28:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2046.1149 [GMT 2:00]
ausgeführt von:: c:\users\Nadine\Desktop\ComboFix.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\internetgamebox
c:\program files\internetgamebox\language
c:\program files\internetgamebox\ressources\AttenteOff.html
c:\program files\internetgamebox\ressources\AttenteOn.html
c:\program files\internetgamebox\ressources\configv2_en.xml
c:\program files\internetgamebox\ressources\configv2_es.xml
c:\program files\internetgamebox\ressources\configv2_fr.xml
c:\program files\internetgamebox\ressources\favoris\defaultv2.swf
c:\program files\internetgamebox\skins\skinv2.skn
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Datenschutzrichtlinien.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Deinstallieren.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Geschäftsbedingungen.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Website.url
c:\users\Nadine\AppData\Local\qaynsad.dat
c:\users\Nadine\AppData\Local\qaynsad_nav.dat
c:\users\Nadine\AppData\Local\qaynsad_navps.dat
c:\users\Nadine\AppData\Local\Temp\dpaptugc.dll
c:\windows\system32\KBL.LOG
c:\windows\system32\nvs2.inf

.
((((((((((((((((((((((( Dateien erstellt von 2010-08-06 bis 2010-09-06 ))))))))))))))))))))))))))))))
.

2010-09-06 08:40 . 2010-09-06 08:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-02 16:12 . 2010-09-02 16:12 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2010-09-02 16:12 . 2010-09-02 16:12 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2010-09-02 15:55 . 2010-09-02 15:55 404152 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\mcouas.dll
2010-09-02 15:55 . 2010-09-02 15:55 166584 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\klwtblc.dll
2010-09-02 15:55 . 2010-09-02 15:55 125624 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\shellex.dll
2010-09-02 15:55 . 2010-09-02 15:55 113336 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\sbstart.exe
2010-09-02 15:55 . 2010-09-02 15:55 129720 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\shellex.dll
2010-09-02 15:55 . 2010-09-02 15:55 113336 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\sbstart.exe
2010-09-02 15:55 . 2010-09-02 15:55 404152 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\mcouas.dll
2010-09-02 15:55 . 2010-09-02 15:55 170680 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\klwtblc.dll
2010-09-02 15:43 . 2010-09-02 15:43 288080 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-09-02 15:32 . 2010-09-02 15:55 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-09-02 15:32 . 2010-09-02 15:55 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-09-02 15:28 . 2010-09-02 15:28 -------- d-----w- c:\program files\Kaspersky Lab
2010-09-02 15:28 . 2010-09-06 08:08 -------- d-----w- c:\programdata\Kaspersky Lab
2010-09-02 15:15 . 2010-09-02 15:15 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-09-01 16:39 . 2010-09-01 16:39 -------- d-----w- C:\PerfLogs
2010-09-01 14:17 . 2010-09-01 14:17 -------- d-----w- c:\windows\Sun
2010-09-01 14:15 . 2010-07-17 03:00 423656 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 08:24 . 2007-10-24 15:37 618430 ----a-w- c:\windows\system32\perfh007.dat
2010-09-06 08:24 . 2007-10-24 15:37 122648 ----a-w- c:\windows\system32\perfc007.dat
2010-09-06 08:17 . 2010-08-06 07:34 -------- d-----w- c:\programdata\Kodak
2010-09-02 15:56 . 2010-06-28 17:47 288080 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Bases\avengine.dll
2010-09-02 15:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-09-01 16:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-09-01 16:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-01 16:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-09-01 16:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-09-01 16:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-09-01 16:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-09-01 16:39 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-09-01 16:37 . 2008-02-13 05:02 -------- d-----w- c:\programdata\NVIDIA
2010-09-01 16:18 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-09-01 16:18 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-09-01 15:41 . 2008-04-12 17:09 144870 ----a-w- c:\users\Nadine\AppData\Roaming\nvModes.dat
2010-09-01 14:17 . 2007-10-24 07:51 -------- d-----w- c:\program files\Common Files\Java
2010-09-01 14:15 . 2007-10-24 07:51 -------- d-----w- c:\program files\Java
2010-08-31 14:16 . 2010-03-11 16:39 1 ----a-w- c:\users\Nadine\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-23 18:14 . 2007-10-24 07:12 -------- d-----w- c:\program files\Microsoft Works
2010-08-23 18:13 . 2007-10-24 07:25 -------- d-----w- c:\programdata\Microsoft Help
2010-08-06 07:54 . 2010-08-06 07:54 -------- d-----w- c:\programdata\kds_kodak
2010-08-06 07:54 . 2010-08-06 07:54 -------- d-----w- c:\programdata\Eastman Kodak Company
2010-08-06 07:41 . 2010-08-06 07:37 -------- d-----w- c:\program files\Kodak
2010-07-04 12:28 . 2010-07-04 12:28 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-07-01 19:35 . 2010-07-01 19:35 228024 ----a-w- c:\windows\system32\klogon.dll
2010-07-01 19:14 . 2010-07-01 19:14 68256 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\German\setup.exe
2010-07-01 06:06 . 2010-07-01 06:06 1037648 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
2010-06-30 05:06 . 2010-06-30 05:06 271696 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
2010-06-15 10:06 . 2010-06-15 10:06 1079048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-09 15:43 . 2010-06-09 15:43 11352 ----a-w- c:\windows\system32\drivers\kl2.sys
2010-06-09 15:43 . 2010-06-09 15:43 132184 ----a-w- c:\windows\system32\drivers\kl1.sys
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Conime"="c:\windows\system32\conime.exe" [2008-01-19 69120]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-03 1626112]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-6-25 2641920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\Drivers\FTD2XX.sys [2004-10-15 29292]
R3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\SAMSUNG\SAMSUNG PC Share Manager\WiselinkPro.exe [2008-07-01 4014080]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 73528]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [2009-08-05 284016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-09-05 c:\windows\Tasks\User_Feed_Synchronization-{1AA1DE15-0EFB-4713-9B9E-31DC868024DE}.job
- c:\windows\system32\msfeedssync.exe [2009-12-06 03:41]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} - hxxp://www.cltnet.de/login/dplaunch.cab
DPF: {162247AF-26A7-44FC-A93A-69506EA244F3} - hxxps://account.maxdome.de/presentation/script/HWTest.CAB
FF - ProfilePath - c:\users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\x6kb92fq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.arcor.de/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\users\Nadine\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-NWEReboot - (no file)
HKU-Default-Run-FRITZ!protect - FwebProt.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-06 10:41
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-06 10:45:09
ComboFix-quarantined-files.txt 2010-09-06 08:45

Vor Suchlauf: 7 Verzeichnis(se), 150.159.028.224 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 150.497.300.480 Bytes frei

Trinity81 06.09.2010 10:10
OTL.txt:OTL Logfile:
Code:
OTL logfile created on: 06.09.2010 10:50:17 - Run 1
OTL by OldTimer - Version 3.2.11.0    Folder = C:\Users\Nadine\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,36 Gb Total Space | 140,20 Gb Free Space | 63,33% Space Free | Partition Type: NTFS
Drive D: | 11,52 Gb Total Space | 2,16 Gb Free Space | 18,73% Space Free | Partition Type: NTFS
Drive E: | 408,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NOTEBOOK
Current User Name: Nadine
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Nadine\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\PDFCreator\PDFCreator.exe (pdfforge  hxxp://www.pdfforge.org/)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Nadine\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Kodak AiO Network Discovery Service) -- C:\Programme\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (WiselinkPro) -- C:\Programme\SAMSUNG\SAMSUNG PC Share Manager\WiselinkPro.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (FTD2XX) -- C:\Windows\System32\drivers\FTD2XX.sys (FTDI Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-157890176-794377936-340645987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-157890176-794377936-340645987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-157890176-794377936-340645987-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-157890176-794377936-340645987-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.arcor.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.28 09:46:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.01 16:20:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.09.02 17:30:20 | 000,000,000 | ---D | M]
 
[2009.06.08 19:03:30 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\mozilla\Extensions
[2010.09.01 13:33:28 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\x6kb92fq.default\extensions
[2009.12.28 20:42:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\x6kb92fq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.02 17:32:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.09.01 16:15:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.06.08 19:03:28 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\inspector@mozilla.org
[2010.09.02 17:32:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010.09.02 17:32:35 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009.06.08 19:03:28 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.28 09:46:11 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.28 09:46:11 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.28 09:46:11 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.28 09:46:11 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.28 09:46:11 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.06 10:41:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-157890176-794377936-340645987-1000\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-157890176-794377936-340645987-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-157890176-794377936-340645987-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-157890176-794377936-340645987-1000\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} hxxp://www.cltnet.de/login/dplaunch.cab (Corporate Language Training Interface)
O16 - DPF: {162247AF-26A7-44FC-A93A-69506EA244F3} https://account.maxdome.de/presentation/script/HWTest.CAB (HWTest.HWTestControl)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Nadine\Pictures\Sonstiges\Stars\männer\johnny_depp.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nadine\Pictures\Sonstiges\Stars\männer\johnny_depp.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2009.08.05 14:51:01 | 000,000,078 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.09.06 10:45:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.09.06 10:45:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.09.06 10:26:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.09.06 10:26:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.09.06 10:26:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.09.06 10:26:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.09.06 10:26:13 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.09.06 10:25:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.09.06 10:25:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.09.06 10:23:59 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Nadine\Desktop\mbam-setup.exe
[2010.09.06 10:21:31 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe
[2010.09.02 17:28:25 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
[2010.09.02 17:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.09.02 17:27:36 | 000,495,192 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.09.02 17:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.09.01 18:39:54 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2010.09.01 16:17:45 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.09.01 16:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.08.06 09:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\kds_kodak
[2010.08.06 09:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Eastman Kodak Company
[2010.08.06 09:54:40 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\Eastman_Kodak_Company
[2010.08.06 09:42:37 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\KODAK
[2010.08.06 09:42:28 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\Eastman Kodak Company
[2010.08.06 09:37:51 | 000,000,000 | ---D | C] -- C:\Programme\Kodak
[2010.08.06 09:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2010.08.06 09:32:51 | 000,126,976 | ---- | C] (Eastman Kodak Company) -- C:\Windows\System32\EKIJCOINST05.dll
[2010.08.06 09:31:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\kodak
[2010.08.06 09:29:39 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Temp
[2010.07.04 14:45:31 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.07.04 14:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.07.04 14:41:25 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.07.04 14:33:26 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.07.01 21:35:12 | 000,228,024 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\klogon.dll
[2010.06.25 19:56:45 | 000,000,000 | ---D | C] -- C:\Programme\ELV
[2010.06.25 19:53:19 | 000,421,376 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\FTDIUNIN.exe
[2010.06.25 19:53:19 | 000,081,920 | ---- | C] (FTDI Ltd) -- C:\Windows\System32\FTD2XX.dll
[2010.06.25 19:53:19 | 000,029,292 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\drivers\FTD2XX.sys
[2010.06.13 20:01:04 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2010.06.09 17:43:52 | 000,011,352 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kl2.sys
[2010.06.09 17:43:50 | 000,132,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kl1.sys
[2010.02.10 20:31:19 | 004,284,535 | ---- | C] (ffdshow                                                    ) -- C:\Users\Nadine\AppData\Roaming\ffdshow.exe
[2010.02.10 20:31:14 | 000,642,685 | ---- | C] (Xvid team                                                  ) -- C:\Users\Nadine\AppData\Roaming\xvid.exe
[2010.02.10 20:31:03 | 002,169,915 | ---- | C] (LIGHTNING UK!) -- C:\Users\Nadine\AppData\Roaming\Imgburn.exe
[2010.02.10 20:30:45 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Nadine\AppData\Roaming\Avisynth.exe
 
========== Files - Modified Within 90 Days ==========
 
[2010.09.06 10:50:07 | 003,670,016 | -HS- | M] () -- C:\Users\Nadine\ntuser.dat
[2010.09.06 10:46:37 | 001,449,090 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.06 10:46:37 | 000,621,940 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.06 10:46:37 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.06 10:46:37 | 000,123,658 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.06 10:46:37 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.06 10:41:10 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.09.06 10:41:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.09.06 10:24:43 | 000,293,376 | ---- | M] () -- C:\Users\Nadine\Desktop\xn784jll.exe
[2010.09.06 10:23:59 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Nadine\Desktop\mbam-setup.exe
[2010.09.06 10:21:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe
[2010.09.06 10:20:36 | 000,000,432 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.09.06 10:19:48 | 000,052,736 | ---- | M] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.06 10:19:22 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010.09.06 10:19:00 | 000,144,870 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\nvModes.001
[2010.09.06 10:17:16 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.06 10:17:16 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.06 10:17:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.06 10:17:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.06 10:17:07 | 2146,365,440 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.06 10:16:01 | 000,524,288 | -HS- | M] () -- C:\Users\Nadine\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.06 10:16:01 | 000,065,536 | -HS- | M] () -- C:\Users\Nadine\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.06 10:16:00 | 002,150,021 | -H-- | M] () -- C:\Users\Nadine\AppData\Local\IconCache.db
[2010.09.06 10:12:07 | 003,837,097 | R--- | M] () -- C:\Users\Nadine\Desktop\ComboFix.exe
[2010.09.05 14:53:29 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1AA1DE15-0EFB-4713-9B9E-31DC868024DE}.job
[2010.09.02 18:12:02 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.09.02 17:55:57 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.09.02 17:55:56 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.09.02 17:27:36 | 000,495,192 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.09.01 19:01:41 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.09.01 18:52:33 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2010.09.01 18:46:41 | 000,406,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.01 18:18:38 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2010.09.01 18:18:26 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2010.09.01 17:41:09 | 000,144,870 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\nvModes.dat
[2010.09.01 16:38:43 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010.08.06 09:41:37 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\KODAK All-in-One Home Center Software.lnk
[2010.08.02 19:43:15 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010.07.01 21:35:12 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\klogon.dll
[2010.06.14 18:27:47 | 000,010,885 | ---- | M] () -- C:\Users\Nadine\Documents\Gehalt.xlsx
[2010.06.09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kl2.sys
[2010.06.09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kl1.sys
 
========== Files Created - No Company Name ==========
 
[2010.09.06 10:26:26 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.09.06 10:26:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.09.06 10:26:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.09.06 10:26:26 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.09.06 10:26:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.09.06 10:24:42 | 000,293,376 | ---- | C] () -- C:\Users\Nadine\Desktop\xn784jll.exe
[2010.09.06 10:12:02 | 003,837,097 | R--- | C] () -- C:\Users\Nadine\Desktop\ComboFix.exe
[2010.09.02 17:32:22 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.09.02 17:32:22 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.08.06 09:41:37 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\KODAK All-in-One Home Center Software.lnk
[2010.08.06 09:29:31 | 000,183,462 | ---- | C] () -- C:\Users\Nadine\AppData\Local\installer.log
[2010.07.04 14:46:56 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.06.25 19:53:19 | 000,000,747 | ---- | C] () -- C:\Windows\System32\FTD2XXUN.ini
[2010.06.14 18:05:41 | 000,010,885 | ---- | C] () -- C:\Users\Nadine\Documents\Gehalt.xlsx
[2010.05.25 17:49:33 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\AppData\Local\FnF4.txt
[2010.02.10 20:32:17 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.02.10 20:32:13 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.02.10 20:32:13 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.08.06 00:02:12 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.08.05 23:59:04 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.08.05 23:59:04 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008.08.05 23:58:14 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.05.21 22:04:43 | 000,000,093 | ---- | C] () -- C:\Users\Nadine\AppData\Local\lptjnr.bat
[2008.05.01 18:48:11 | 000,052,736 | ---- | C] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.13 12:04:48 | 000,144,870 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\nvModes.001
[2008.04.12 19:09:27 | 000,144,870 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\nvModes.dat
[2008.04.10 20:31:06 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\AppData\Local\QSwitch.txt
[2008.04.10 20:31:06 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\AppData\Local\DSwitch.txt
[2008.04.10 20:31:06 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\AppData\Local\AtStart.txt
[2008.02.13 06:41:12 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.10 00:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2009.09.17 21:07:29 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\FRITZ!
[2008.08.03 20:01:07 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Jamba Music
[2009.04.11 22:58:42 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\NCH Swift Sound
[2010.03.11 18:39:52 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\OpenOffice.org
[2009.06.14 16:10:09 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Opera
[2008.11.16 18:38:05 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\PlayFirst
[2010.08.06 09:29:39 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Temp
[2008.11.16 14:56:56 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Thunderbird
[2008.05.09 19:08:31 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Ubisoft
[2008.04.17 21:32:34 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\WildTangent
[2010.09.06 10:16:05 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.09.05 14:53:29 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1AA1DE15-0EFB-4713-9B9E-31DC868024DE}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.10.24 09:42:46 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007.10.24 09:42:46 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007.10.24 09:42:46 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Programme\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< c:\windows\system32\drivers\*.sys /lockedfiles >
[2010.06.09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl1.sys
[2010.06.09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl2.sys
[2010.09.02 17:27:36 | 000,495,192 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klif.sys
[2010.04.22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\klim6.sys
[2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klmouflt.sys
 
< c:\windows\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010.07.01 21:35:12 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\klogon.dll
[2008.01.19 09:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.19 09:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\*. /mp /s >
 
< %PROGRAMFILES%\*. >
[2007.10.24 09:28:08 | 000,000,000 | ---D | M] -- C:\Programme\Activation Assistant for the 2007 Microsoft Office suites
[2009.04.06 21:39:57 | 000,000,000 | ---D | M] -- C:\Programme\Adobe
[2007.10.24 09:38:21 | 000,000,000 | ---D | M] -- C:\Programme\Alice
[2008.04.19 16:07:06 | 000,000,000 | ---D | M] -- C:\Programme\Alwil Software
[2008.08.23 22:01:13 | 000,000,000 | ---D | M] -- C:\Programme\Apple Software Update
[2008.02.13 06:43:11 | 000,000,000 | ---D | M] -- C:\Programme\Atheros
[2010.02.10 20:31:58 | 000,000,000 | ---D | M] -- C:\Programme\AviSynth 2.5
[2010.07.04 14:33:28 | 000,000,000 | ---D | M] -- C:\Programme\Bonjour
[2010.09.06 10:35:22 | 000,000,000 | ---D | M] -- C:\Programme\Common Files
[2008.02.13 06:42:41 | 000,000,000 | ---D | M] -- C:\Programme\CONEXANT
[2008.02.13 06:55:54 | 000,000,000 | ---D | M] -- C:\Programme\CyberLink
[2010.05.08 17:50:10 | 000,000,000 | ---D | M] -- C:\Programme\DivX
[2010.02.10 20:31:53 | 000,000,000 | ---D | M] -- C:\Programme\DVD slideshow GUI
[2008.04.10 20:20:17 | 000,000,000 | ---D | M] -- C:\Programme\Electronic Arts
[2010.06.25 19:56:45 | 000,000,000 | ---D | M] -- C:\Programme\ELV
[2008.06.25 21:41:11 | 000,000,000 | ---D | M] -- C:\Programme\Fast Image Resizer
[2010.02.10 20:32:18 | 000,000,000 | ---D | M] -- C:\Programme\ffdshow
[2009.09.17 21:04:13 | 000,000,000 | ---D | M] -- C:\Programme\FRITZ!DSL
[2008.04.10 20:06:40 | 000,000,000 | -HSD | M] -- C:\Programme\Gemeinsame Dateien
[2009.10.16 18:35:15 | 000,000,000 | ---D | M] -- C:\Programme\Google
[2009.01.14 20:58:34 | 000,000,000 | ---D | M] -- C:\Programme\Hewlett-Packard
[2009.01.14 20:59:11 | 000,000,000 | ---D | M] -- C:\Programme\Hp
[2008.12.04 23:04:43 | 000,000,000 | ---D | M] -- C:\Programme\HP Games
[2008.04.10 20:13:23 | 000,000,000 | ---D | M] -- C:\Programme\HPQ
[2008.04.13 14:16:51 | 000,000,000 | ---D | M] -- C:\Programme\iDump
[2010.02.10 20:32:12 | 000,000,000 | ---D | M] -- C:\Programme\ImgBurn
[2009.01.14 22:24:57 | 000,000,000 | -H-D | M] -- C:\Programme\InstallShield Installation Information
[2010.09.01 18:41:31 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer
[2010.07.04 14:45:31 | 000,000,000 | ---D | M] -- C:\Programme\iPod
[2010.07.04 14:46:53 | 000,000,000 | ---D | M] -- C:\Programme\iTunes
[2009.08.23 11:07:36 | 000,000,000 | ---D | M] -- C:\Programme\IZArc
[2008.08.02 23:13:11 | 000,000,000 | ---D | M] -- C:\Programme\Jamba
[2010.09.01 16:15:12 | 000,000,000 | ---D | M] -- C:\Programme\Java
[2010.09.02 17:28:25 | 000,000,000 | ---D | M] -- C:\Programme\Kaspersky Lab
[2010.08.06 09:41:37 | 000,000,000 | ---D | M] -- C:\Programme\Kodak
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games
[2010.03.02 21:08:51 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Office
[2010.06.13 20:01:05 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Silverlight
[2010.03.02 21:09:40 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Visual Studio
[2010.03.02 21:05:49 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Visual Studio 8
[2010.08.23 20:14:56 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Works
[2007.10.24 09:26:41 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft.NET
[2010.09.01 18:41:31 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker
[2010.08.28 09:46:21 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox
[2009.05.06 21:43:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Thunderbird
[2010.03.02 21:10:34 | 000,000,000 | ---D | M] -- C:\Programme\MSBuild
[2008.04.10 20:53:55 | 000,000,000 | ---D | M] -- C:\Programme\MSXML 4.0
[2009.04.11 22:58:48 | 000,000,000 | ---D | M] -- C:\Programme\NCH Software
[2009.04.11 22:58:42 | 000,000,000 | ---D | M] -- C:\Programme\NCH Swift Sound
[2008.02.13 06:40:59 | 000,000,000 | ---D | M] -- C:\Programme\NetWaiting
[2009.10.16 18:34:49 | 000,000,000 | ---D | M] -- C:\Programme\NOS
[2008.02.13 06:59:50 | 000,000,000 | ---D | M] -- C:\Programme\Online-Dienste
[2010.03.02 21:29:26 | 000,000,000 | ---D | M] -- C:\Programme\OpenOffice.org 2.4
[2010.03.11 18:34:28 | 000,000,000 | ---D | M] -- C:\Programme\OpenOffice.org 3
[2010.03.02 21:22:08 | 000,000,000 | ---D | M] -- C:\Programme\Opera
[2008.06.25 21:09:00 | 000,000,000 | ---D | M] -- C:\Programme\PDFCreator
[2008.05.01 18:47:31 | 000,000,000 | ---D | M] -- C:\Programme\PDFCreator Toolbar
[2010.07.04 14:42:16 | 000,000,000 | ---D | M] -- C:\Programme\QuickTime
[2008.05.13 21:55:01 | 000,000,000 | ---D | M] -- C:\Programme\Real
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Programme\Reference Assemblies
[2008.12.28 14:07:39 | 000,000,000 | ---D | M] -- C:\Programme\SAMSUNG
[2008.02.13 06:39:33 | 000,000,000 | ---D | M] -- C:\Programme\Synaptics
[2008.05.09 18:49:10 | 000,000,000 | ---D | M] -- C:\Programme\Ubisoft
[2006.11.02 15:01:55 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information
[2008.06.15 15:31:11 | 000,000,000 | ---D | M] -- C:\Programme\VideoLAN
[2010.09.01 18:41:31 | 000,000,000 | ---D | M] -- C:\Programme\Windows Calendar
[2010.09.01 18:41:21 | 000,000,000 | ---D | M] -- C:\Programme\Windows Collaboration
[2010.09.01 18:41:19 | 000,000,000 | ---D | M] -- C:\Programme\Windows Defender
[2010.09.01 18:41:21 | 000,000,000 | ---D | M] -- C:\Programme\Windows Journal
[2010.09.01 18:41:31 | 000,000,000 | ---D | M] -- C:\Programme\Windows Mail
[2010.09.01 18:41:31 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player
[2008.04.10 20:06:40 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT
[2010.09.01 18:41:21 | 000,000,000 | ---D | M] -- C:\Programme\Windows Photo Gallery
[2010.09.02 17:31:22 | 000,000,000 | ---D | M] -- C:\Programme\Windows Sidebar
[2008.02.13 06:43:36 | 000,000,000 | ---D | M] -- C:\Programme\WinTV
[2008.09.27 17:44:51 | 000,000,000 | ---D | M] -- C:\Programme\WinZip
[2010.02.10 20:32:13 | 000,000,000 | ---D | M] -- C:\Programme\Xvid
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-01 16:22:47
 
< Malwarebytes  >
< End of report >
--- --- ---

Trinity81 06.09.2010 10:11
Extras.txtOTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 06.09.2010 10:50:17 - Run 1
OTL by OldTimer - Version 3.2.11.0    Folder = C:\Users\Nadine\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,36 Gb Total Space | 140,20 Gb Free Space | 63,33% Space Free | Partition Type: NTFS
Drive D: | 11,52 Gb Total Space | 2,16 Gb Free Space | 18,73% Space Free | Partition Type: NTFS
Drive E: | 408,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NOTEBOOK
Current User Name: Nadine
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\PROGRA~1\MICROS~3\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\PROGRA~1\MICROS~3\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F49504-9DCE-4529-856E-9612B340658A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0976634D-6A84-4DFE-B7C2-C3A9C93184A7}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{1392AE93-43F7-4BE6-91C4-7B0B80A778F2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2C82897D-B555-40DD-99C8-3B50FAA678FC}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2F2FAFAC-4230-42A8-B17B-91A580354C34}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5087A82A-9A85-49D9-8C13-5A4098E25B7E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5C18A8C8-3A32-4925-A72A-9064B166135F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8947AD5A-0DB4-4FB3-9116-9DFAA25D5205}" = rport=2869 | protocol=6 | dir=out | app=system |
"{AF182B49-8641-4673-8947-4770434370A1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B2EEA14D-A39B-4479-80AB-C7DDFA9B2183}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C524FACD-77F0-47B9-87E5-C2739FF0CABA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{DA97CD7E-7B95-446A-8C98-007A68CE7932}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02722163-822E-45C2-98F2-37F6C1B90E45}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{0FFD5ABE-9BB4-4873-8EA3-DE25FAA90BED}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{1969A0AC-DE39-4994-9B1E-743147A62915}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{265CC147-257A-4CA9-BB6E-BD0D7AC21589}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{28913F3A-A4C3-440D-9916-1AF88B86D596}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{29D9B086-4FEB-448E-96B2-F2B4B7546032}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2D2101FC-58E7-440C-A02D-1BE8B53B6FC3}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{3BC37D3B-22E3-4808-8E9B-C877A256E5E3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{42AF2803-53CE-4772-8ACC-EA4B4D85301F}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{59659D72-52FB-4BC0-82CC-564D33F6E638}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{5B43AEE9-87ED-45BB-8B62-26CBF84E504F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{5C1BDBCD-A111-4618-90CA-9FDBEE4144C6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5CE3719E-9AC6-4D72-806B-E440576F862E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{62C11DDE-6009-4253-9EF7-AFD66F645EB5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{65076D90-E8CF-45CC-A013-A167D76022E4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6B914B9E-B80D-4979-A9E7-7714F8381C35}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{6D892B8B-4874-483D-B4A2-2294E9494213}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{74157208-C1DA-414F-84BE-D2A482969225}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{82BD6292-3753-4C8C-B85B-84D9D47E3E86}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{8A0E72DB-432C-49AC-B51B-D2376A40DE6B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A44FD256-A463-4DC2-B197-0A4F37E07922}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{B98E904D-830D-47F0-9CFB-8C40CF1B8852}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{BFEA0FA6-D993-432A-91BB-6C5D1F7759F7}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{C07F02B3-9BB7-4BB7-AE53-D20D99F7EDD3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D81DCF4F-D3B7-40C9-8186-03D27A64E629}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{DA0BB210-5BAF-4AA5-B5E1-681C1CFDCC36}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DB37F76E-80AA-4BDC-80EC-0A4F99C0BA1B}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{DCEE766C-A826-4BE4-8674-3D4379EDAAD7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E0A6357B-0258-4F2C-9989-DEFA0A5B0C61}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{E41F6BC5-EBBF-40D7-8F83-D03CCFD6E556}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{F7EE6DFF-5D30-402D-88C8-6987C211258E}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{FB56A5C1-1FDC-47A6-B0B0-6F2BB8A2EFF0}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"TCP Query User{E50F42F0-6BBE-427B-8B6B-D9D5C6DF40A6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{92CC894A-9B1B-4E89-9087-0537177722AC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = Die Sims™ Lebensgeschichten
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3D356AA9-2D0C-4373-A762-B42F1A289233}" = MSCU for Microsoft Vista
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{7F6EB1C8-7492-40F4-A006-3B4863BCF018}" = SAMSUNG PC Share Manager
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9BA6E8AF-2122-4825-9B55-98BC351E3C94}" = ESU for Microsoft Vista
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software  1.10.13.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK Home Center Software
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AviSynth" = AviSynth 2.5
"BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1" = DVD slideshow GUI 0.9.3.6
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"ELV FS20 Signalgeber_is1" = ELV FS20 Signalgeber Version 1.11
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FastImageResizer" = FastImageResizer (remove only)
"ffdshow_is1" = ffdshow [rev 3029] [2009-07-10]
"FTD2XX" = FTDI FTD2XX USB Drivers
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iDump" = iDump (Backing up your iPod)
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"lptjnr" = Favorit
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Drivers" = NVIDIA Drivers
"PDFCreator Toolbar" = PDFCreator Toolbar
"Picasa 3" = Picasa 3
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WildTangent hp Master Uninstall" = My HP Games
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-157890176-794377936-340645987-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.09.2010 05:25:25 | Computer Name = Notebook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Nadine\AppData\Local\Temp\RarSFX0\redist.dll".
Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.09.2010 07:32:59 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.09.2010 07:32:59 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15725
 
Error - 04.09.2010 07:32:59 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15725
 
Error - 04.09.2010 08:58:30 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.09.2010 08:58:30 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5147518
 
Error - 04.09.2010 08:58:30 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5147518
 
Error - 05.09.2010 09:31:12 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 05.09.2010 09:31:13 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 472308
 
Error - 05.09.2010 09:31:13 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 472308
 
[ OSession Events ]
Error - 09.07.2010 13:39:34 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 172044
 seconds with 360 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 06.09.2010 04:06:59 | Computer Name = Notebook | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.3 für die Netzwerkkarte mit der Netzwerkadresse
 001F3A44CAA5 wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 06.09.2010 04:07:07 | Computer Name = Notebook | Source = ipnathlp | ID = 30005
Description = Ein DHCP-Server mit der IP-Adresse 192.168.0.1 wurde von der DHCP-Zuweisung
 im selben Netzwerk gefunden, wie die Schnittstelle mit der IP-Adresse 192.168.0.3.
 Die Zuweisung wurde auf der Schnittstelle automatisch deaktiviert, um DHCP-Clientkonflikte
 zu vermeiden.
 
Error - 06.09.2010 04:17:15 | Computer Name = Notebook | Source = HTTP | ID = 15016
Description =
 
Error - 06.09.2010 04:18:00 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description =
 
Error - 06.09.2010 04:20:32 | Computer Name = Notebook | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 06.09.2010 04:20:33 | Computer Name = Notebook | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 06.09.2010 04:20:49 | Computer Name = Notebook | Source = ipnathlp | ID = 30005
Description = Ein DHCP-Server mit der IP-Adresse 192.168.0.1 wurde von der DHCP-Zuweisung
 im selben Netzwerk gefunden, wie die Schnittstelle mit der IP-Adresse 192.168.0.3.
 Die Zuweisung wurde auf der Schnittstelle automatisch deaktiviert, um DHCP-Clientkonflikte
 zu vermeiden.
 
Error - 06.09.2010 04:27:43 | Computer Name = Notebook | Source = Service Control Manager | ID = 7034
Description =
 
Error - 06.09.2010 04:28:00 | Computer Name = Notebook | Source = Service Control Manager | ID = 7030
Description =
 
Error - 06.09.2010 04:41:03 | Computer Name = Notebook | Source = Service Control Manager | ID = 7030
Description =
 
 
< End of report >
--- --- ---

Trinity81 06.09.2010 12:01
So weiter gehts mit dem Malwarebytes Logfile:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4554

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18828

06.09.2010 13:00:04
mbam-log-2010-09-06 (13-00-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 338020
Laufzeit: 1 Stunde(n), 38 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\IGB (Rogue.Residue) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Trinity81 06.09.2010 13:15
So, und abschließend noch das Log von GMER.

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit quick scan 2010-09-06 14:13:54
Windows 6.0.6001 Service Pack 1
Running: xn784jll.exe; Driver: C:\Users\Nadine\AppData\Local\Temp\kxloqpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


Hoffe, ich hab alles richtig gemacht und man kann was damit anfangen..Falls noch was fehlt, einfach Bescheid sagen...

Wie gehts jetzt weiter?

Gruß
Trinity

Chris4You 06.09.2010 13:31
Hi,

bist Du in ein Netzwerk eingebunden, da ist wichtig? Hängst Du an einem Router mit mehreren Rechnern?
Es gibt da einen zweiten DHCP-Server...
Zitat:
Error - 06.09.2010 04:20:49 | Computer Name = Notebook | Source = ipnathlp | ID = 30005
Description = Ein DHCP-Server mit der IP-Adresse 192.168.0.1 wurde von der DHCP-Zuweisung im selben Netzwerk gefunden, wie die Schnittstelle mit der IP-Adresse 192.168.0.3. Die Zuweisung wurde auf der Schnittstelle automatisch deaktiviert, um DHCP-Clientkonflikte zu vermeiden.
Das sieht u. U. nach einer Umleitung aus....

TCPView
Anzeige der vom Rechner aufgebauten Internetverbindungen mit Status, Zieladresse etc.
Lege ein Verzeichnis an, entpacke die Dateien in das Verzeichnis und starte dann die tcpview.exe. Copyright und Co abnicken.
Das Log kann unter "File", "Save as.." abgespeichert werden, in den Editor laden abkopieren und hier posten.
Download: TCPView for Windows
Anleitung: Sysinternals ? die besten Utilities (3): TCPView IT-techBlog: Home of MobileTech

Was macht das Gmer-Log? Falls der Rechner immer abrauscht, probiere es im abgesicherten Modus (F8 beim Booten)...

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
Code:

:OTL
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKU\S-1-5-21-157890176-794377936-340645987-1000\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - AutoRun File - [2009.08.05 14:51:01 | 000,000,078 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]

:reg
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:0x00

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:0x00

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:0x00

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:0x00

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:0x00
:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL



Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
C:\Users\Nadine\Desktop\xn784jll.exe
Die folgenden sollten eigentlich sauber sein
C:\windows\system32\themeui.dll
C:\Windows\system32\unregmp2.exe
C:\Windows\system32\ie4uinit.exe
C:\Windows\System32\iedkcs32.dll
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Prevx:
Das Tool neigt zu Fehlalarmen und kann in der freien Version auch nichts löschen, ist aber sonst recht gut... (und läuft auch 64Bit-Plattformen)
Prevx 3.0 for Home and Family
Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters...

chris

Trinity81 06.09.2010 13:51
TcPView:

[System Process] 0 TCP notebook.mshome.net 49483 notebook.mshome.net icslap TIME_WAIT
[System Process] 0 TCP notebook.mshome.net 49484 notebook.mshome.net icslap TIME_WAIT
[System Process] 0 TCP Notebook nfsd-status localhost:49485 49485 TIME_WAIT 1 328 1 773
alg.exe 2584 TCP notebook.mshome.net 49169 Notebook 0 LISTENING
AppleMobileDeviceService.exe 1752 TCP Notebook 27015 Notebook 0 LISTENING
AppleMobileDeviceService.exe 1752 TCP Notebook 27015 localhost 49163 ESTABLISHED
avp.exe 3272 TCP Notebook nfsd-status Notebook 0 LISTENING
avp.exe 3272 UDP Notebook 51888 * *
avp.exe 3272 TCPV6 notebook nfsd-status notebook 0 LISTENING
avp.exe 3272 TCP Notebook nfsd-status localhost:49481 49481 ESTABLISHED 2 487 3 1.478
avp.exe 3272 TCP Notebook nfsd-status localhost:49477 49477 ESTABLISHED 3 3.220 3 2.145
avp.exe 3272 TCP notebook.mshome.net 49478 fx-in-f100.1e100.net http ESTABLISHED 3 2.418 3 984
avp.exe 3272 TCP notebook.mshome.net 49480 fx-in-f100.1e100.net http ESTABLISHED 2 1.246 2 656
avp.exe 3272 TCP Notebook nfsd-status localhost:49479 49479 ESTABLISHED 10 20.381 9 6.704
avp.exe 3272 TCP notebook.mshome.net 49482 www.assoc-amazon.de http ESTABLISHED 1 327 1 159
DivXUpdate.exe 3516 UDP Notebook 49179 * *
ekdiscovery.exe 1944 TCP Notebook 9322 Notebook 0 LISTENING
ekdiscovery.exe 1944 TCP Notebook 49157 localhost 5354 ESTABLISHED
ekdiscovery.exe 1944 TCP Notebook 49158 localhost 5354 ESTABLISHED
ekdiscovery.exe 1944 TCP Notebook 49159 localhost 5354 ESTABLISHED
ekdiscovery.exe 1944 TCP Notebook 49162 localhost 5354 ESTABLISHED
iexplore.exe 5692 UDP Notebook 55823 * *
iexplore.exe 3684 UDP Notebook 55824 * * 1 1 1 1
iexplore.exe 6016 UDP Notebook 59852 * * 117 117 117 117
iexplore.exe 6016 TCP Notebook 49477 localhost nfsd-status ESTABLISHED 4 2.918 3 984
iexplore.exe 6016 TCP Notebook 49479 localhost nfsd-status ESTABLISHED 3 1.746 2 656
iexplore.exe 6016 TCP Notebook 49481 localhost nfsd-status ESTABLISHED 1 327 1 159
IGDCTRL.EXE 1816 TCP Notebook 49156 Notebook 0 LISTENING
IGDCTRL.EXE 1816 UDP notebook.mshome.net ssdp * *
IGDCTRL.EXE 1816 UDP notebook.mshome.net 57156 * *
iTunesHelper.exe 3544 TCP Notebook 49163 localhost 27015 ESTABLISHED
lsass.exe 668 TCP Notebook 49160 Notebook 0 LISTENING
lsass.exe 668 TCPV6 notebook 49160 notebook 0 LISTENING
mDNSResponder.exe 1780 TCP Notebook 5354 Notebook 0 LISTENING
mDNSResponder.exe 1780 TCP Notebook 5354 localhost 49157 ESTABLISHED
mDNSResponder.exe 1780 TCP Notebook 5354 localhost 49158 ESTABLISHED
mDNSResponder.exe 1780 TCP Notebook 5354 localhost 49159 ESTABLISHED
mDNSResponder.exe 1780 TCP Notebook 5354 localhost 49162 ESTABLISHED
mDNSResponder.exe 1780 UDP notebook.mshome.net 5353 * * 1 70 2 140
mDNSResponder.exe 1780 UDP Notebook 49152 * *
mDNSResponder.exe 1780 UDPV6 [0:0:0:0:0:0:0:1] 5353 * *
mDNSResponder.exe 1780 UDPV6 notebook 49153 * *
services.exe 656 TCP Notebook 49161 Notebook 0 LISTENING
services.exe 656 TCPV6 notebook 49161 notebook 0 LISTENING
svchost.exe 932 TCP Notebook epmap Notebook 0 LISTENING
svchost.exe 1028 TCP Notebook 49153 Notebook 0 LISTENING
svchost.exe 1068 TCP Notebook 49154 Notebook 0 LISTENING
svchost.exe 344 TCP Notebook 49155 Notebook 0 LISTENING
svchost.exe 1068 UDP Notebook domain * *
svchost.exe 1236 UDP Notebook ntp * *
svchost.exe 1068 UDP Notebook isakmp * *
svchost.exe 1236 UDP Notebook ssdp * *
svchost.exe 1236 UDP notebook.mshome.net ssdp * *
svchost.exe 1236 UDP Notebook 3702 * *
svchost.exe 1236 UDP Notebook 3702 * *
svchost.exe 1068 UDP Notebook ipsec-msft * *
svchost.exe 1336 UDP Notebook llmnr * *
svchost.exe 1236 UDP Notebook 49154 * *
svchost.exe 1068 UDP Notebook 49162 * *
svchost.exe 1068 UDP Notebook 49163 * *
svchost.exe 1068 UDP Notebook 49180 * *
svchost.exe 1236 UDP notebook.mshome.net 61562 * *
svchost.exe 1236 UDP Notebook 61563 * *
svchost.exe 1068 UDP Notebook 63828 * *
svchost.exe 1068 UDP Notebook 63830 * *
svchost.exe 932 TCPV6 notebook epmap notebook 0 LISTENING
svchost.exe 1028 TCPV6 notebook 49153 notebook 0 LISTENING
svchost.exe 1068 TCPV6 notebook 49154 notebook 0 LISTENING
svchost.exe 344 TCPV6 notebook 49155 notebook 0 LISTENING
svchost.exe 1068 UDPV6 [fe80:0:0:0:44a8:8984:d64b:d937] 53 * *
svchost.exe 1236 UDPV6 notebook 123 * *
svchost.exe 1068 UDPV6 notebook 500 * *
svchost.exe 1068 UDPV6 notebook 547 * *
svchost.exe 1236 UDPV6 [0:0:0:0:0:0:0:1] 1900 * *
svchost.exe 1236 UDPV6 [fe80:0:0:0:0:100:7f:fffe] 1900 * *
svchost.exe 1236 UDPV6 [fe80:0:0:0:44a8:8984:d64b:d937] 1900 * *
svchost.exe 1236 UDPV6 [fe80:0:0:0:90a0:1326:f036:18f0] 1900 * *
svchost.exe 1236 UDPV6 notebook 3702 * *
svchost.exe 1236 UDPV6 notebook 3702 * *
svchost.exe 1336 UDPV6 notebook 5355 * *
svchost.exe 1236 UDPV6 notebook 49155 * *
svchost.exe 1236 UDPV6 [fe80:0:0:0:44a8:8984:d64b:d937] 61558 * *
svchost.exe 1236 UDPV6 [fe80:0:0:0:90a0:1326:f036:18f0] 61559 * *
svchost.exe 1236 UDPV6 [0:0:0:0:0:0:0:1] 61560 * *
svchost.exe 1236 UDPV6 [fe80:0:0:0:0:100:7f:fffe] 61561 * *
svchost.exe 1068 UDPV6 notebook 63829 * *
svchost.exe 1068 UDPV6 notebook 63831 * *
System 4 TCP notebook.mshome.net netbios-ssn Notebook 0 LISTENING
System 4 TCP Notebook microsoft-ds Notebook 0 LISTENING
System 4 TCP Notebook icslap Notebook 0 LISTENING
System 4 TCP Notebook 5357 Notebook 0 LISTENING
System 4 UDP notebook.mshome.net netbios-ns * * 30 1.500
System 4 UDP notebook.mshome.net netbios-dgm * * 1 209 1 209
System 4 TCPV6 notebook microsoft-ds notebook 0 LISTENING
System 4 TCPV6 notebook icslap notebook 0 LISTENING
System 4 TCPV6 notebook 5357 notebook 0 LISTENING
wininit.exe 612 TCP Notebook 49152 Notebook 0 LISTENING
wininit.exe 612 TCPV6 notebook 49152 notebook 0 LISTENING


GMER hatte ich oben gepostet, oder war das nicht das richtige?

Wir nutzen hier zuhause einen Router, haben ein Notebook und einen normalen PC die darüber ins Internet gehen...ist das ein Problem?

Rest kommt gleich...

Gruß
Trinity

Trinity81 06.09.2010 14:01
OTL Fix Ergebnisse:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_USERS\S-1-5-21-157890176-794377936-340645987-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\\"DisableMonitoring"|dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus\\"DisableMonitoring"|dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus\\"DisableMonitoring"|dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall\\"DisableMonitoring"|dword:0x00 /E : value set successfully!
Unable to set value : HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\\"AntiVirusOverride"|dword:0x00 /E!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nadine
->Temp folder emptied: 968847 bytes
->Temporary Internet Files folder emptied: 3651505 bytes
->Java cache emptied: 34606550 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 629424 bytes
->Flash cache emptied: 213589 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 140763 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 38,00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09062010_145317

Files\Folders moved on Reboot...
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
C:\Users\Nadine\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Windows\temp\klsFC94.tmp not found!

Registry entries deleted on Reboot...

Chris4You 06.09.2010 14:13
Hi,

Gmer hatte ich nicht gesehen, unserer Postings haben sich überschnitten.
Dann brauchst Du online nichts zu prüfen, die suspekte Exe gehört zu GMER.

Lass mal Prevx laufen und poste das Ergebniss (Screenshot)...

Dann bitte mal sicherstellen, dass der zweite Rechner aus ist und noch mal auf die Bankseite gehen und schauen ob die TAN-Aufforderungen noch mal kommt... Will rausfinden ob das Teil auf dem Notebook oder auf dem stat. Rechner steckt....

chris

Trinity81 06.09.2010 14:20
Virustotal:

File name: xn784jll.exe
Submission date: 2010-09-06 13:05:03 (UTC)
Current status: queued (#3) queued (#3) analysing finished


Result: 1/ 43 (2.3%)


Antivirus Version Last Update Result
AhnLab-V3 2010.09.05.00 2010.09.04 -
AntiVir 8.2.4.50 2010.09.06 -
Antiy-AVL 2.0.3.7 2010.09.03 -
Authentium 5.2.0.5 2010.09.06 -
Avast 4.8.1351.0 2010.09.06 -
Avast5 5.0.594.0 2010.09.06 -
AVG 9.0.0.851 2010.09.06 -
BitDefender 7.2 2010.09.06 -
CAT-QuickHeal 11.00 2010.09.06 -
ClamAV 0.96.2.0-git 2010.09.06 -
Comodo 5988 2010.09.06 -
DrWeb 5.0.2.03300 2010.09.06 -
Emsisoft 5.0.0.37 2010.09.06 -
eSafe 7.0.17.0 2010.09.05 Win32.TrojanHorse
eTrust-Vet 36.1.7838 2010.09.06 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.06 -
Fortinet 4.1.143.0 2010.09.05 -
GData 21 2010.09.06 -
Ikarus T3.1.1.88.0 2010.09.06 -
Jiangmin 13.0.900 2010.09.06 -
K7AntiVirus 9.63.2442 2010.09.04 -
Kaspersky 7.0.0.125 2010.09.06 -
McAfee 5.400.0.1158 2010.09.06 -
McAfee-GW-Edition 2010.1B 2010.09.06 -
Microsoft 1.6103 2010.09.06 -
NOD32 5427 2010.09.06 -
Norman 6.05.11 2010.09.06 -
nProtect 2010-09-06.01 2010.09.06 -
Panda 10.0.2.7 2010.09.05 -
PCTools 7.0.3.5 2010.09.06 -
Prevx 3.0 2010.09.06 -
Rising 22.64.00.04 2010.09.06 -
Sophos 4.57.0 2010.09.06 -
Sunbelt 6838 2010.09.06 -
SUPERAntiSpyware 4.40.0.1006 2010.09.06 -
Symantec 20101.1.1.7 2010.09.06 -
TheHacker 6.5.2.1.364 2010.09.05 -
TrendMicro 9.120.0.1004 2010.09.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.06 -
VBA32 3.12.14.0 2010.09.06 -
ViRobot 2010.9.6.4028 2010.09.06 -
VirusBuster 12.64.18.1 2010.09.05 -
Additional informationShow all
MD5 : f80f6e09e7f4bafe478ca0da6137e1e2
SHA1 : 719082766cf4f60c8bdaa2b2c9f6967ecbcf8722
SHA256: 682fd0d13d7caf4b17a1eb9bafa0a3c3598139bb3623d3f5fba3bfbd0a6d424a
ssdeep: 6144:Uwbg2xeuJgWM/S1tm/xCIoQPJVZCzw5bEPb3cV9iYpTkyTFHS2:Uw82IZWM61tUXRd9IPb
3cVZkyp/
File size : 293376 bytes
First seen: 2009-12-15 11:56:33
Last seen : 2010-09-06 13:05:03
TrID:
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: 1, 0, 15, 15281
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers (F-Prot): UPX
packers (Kaspersky): UPX, PE_Patch
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0xB3F40
timedatestamp....: 0x4B2763F0 (Tue Dec 15 10:24:48 2009)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
UPX0, 0x1000, 0x6D000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
UPX1, 0x6E000, 0x47000, 0x46200, 7.93, 7b777c30b7f75e5eb654691bb1616dcb
.rsrc, 0xB5000, 0x2000, 0x1400, 3.38, 710fb4291f153e98a3a03f3473b8bfd6

[[ 1 import(s) ]]
KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess

_____________

File name: themeui.dll
Submission date: 2010-09-06 13:11:42 (UTC)
Current status: queued (#1) queued analysing finished


Result: 0/ 43 (0.0%)

Antivirus Version Last Update Result
AhnLab-V3 2010.09.05.00 2010.09.04 -
AntiVir 8.2.4.50 2010.09.06 -
Antiy-AVL 2.0.3.7 2010.09.03 -
Authentium 5.2.0.5 2010.09.06 -
Avast 4.8.1351.0 2010.09.06 -
Avast5 5.0.594.0 2010.09.06 -
AVG 9.0.0.851 2010.09.06 -
BitDefender 7.2 2010.09.06 -
CAT-QuickHeal 11.00 2010.09.06 -
ClamAV 0.96.2.0-git 2010.09.06 -
Comodo 5988 2010.09.06 -
DrWeb 5.0.2.03300 2010.09.06 -
Emsisoft 5.0.0.37 2010.09.06 -
eSafe 7.0.17.0 2010.09.05 -
eTrust-Vet 36.1.7838 2010.09.06 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.06 -
Fortinet 4.1.143.0 2010.09.05 -
GData 21 2010.09.06 -
Ikarus T3.1.1.88.0 2010.09.06 -
Jiangmin 13.0.900 2010.09.06 -
K7AntiVirus 9.63.2442 2010.09.04 -
Kaspersky 7.0.0.125 2010.09.06 -
McAfee 5.400.0.1158 2010.09.06 -
McAfee-GW-Edition 2010.1B 2010.09.06 -
Microsoft 1.6103 2010.09.06 -
NOD32 5427 2010.09.06 -
Norman 6.05.11 2010.09.06 -
nProtect 2010-09-06.01 2010.09.06 -
Panda 10.0.2.7 2010.09.05 -
PCTools 7.0.3.5 2010.09.06 -
Prevx 3.0 2010.09.06 -
Rising 22.64.00.04 2010.09.06 -
Sophos 4.57.0 2010.09.06 -
Sunbelt 6838 2010.09.06 -
SUPERAntiSpyware 4.40.0.1006 2010.09.06 -
Symantec 20101.1.1.7 2010.09.06 -
TheHacker 6.5.2.1.364 2010.09.05 -
TrendMicro 9.120.0.1004 2010.09.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.06 -
VBA32 3.12.14.0 2010.09.06 -
ViRobot 2010.9.6.4028 2010.09.06 -
VirusBuster 12.64.18.1 2010.09.05 -
Additional informationShow all
MD5 : 56ba1bd7176dbbfbd037275819da4ae3
SHA1 : 52e9e72c572f8afffde96d95c25e01fde2004f44
SHA256: c0a797f7edb37203494becaf13df27334ae566d12390c64a260a05c2654e92ab
ssdeep: 12288:JtNoeeXIWaaiUM7g+k0OhPBkKTTn72x7E:RoeeXch73kpCKHn7
File size : 615424 bytes
First seen: 2009-08-06 01:26:55
Last seen : 2010-09-06 13:11:42
TrID:
DirectShow filter (58.4%)
Win64 Executable Generic (24.8%)
Win32 Executable MS Visual C++ (generic) (10.9%)
Win32 Executable Generic (2.4%)
Win32 Dynamic Link Library (generic) (2.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Theme API
original name: ThemeUI.DLL
internal name: THEMEUI
file version.: 6.0.6001.18000 (longhorn_rtm.080118-1840)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x172F
timedatestamp....: 0x4791A786 (Sat Jan 19 07:32:22 2008)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x3794C, 0x37A00, 6.38, fb759cc6ae8227ccc78d3511acc5dbbd
.data, 0x39000, 0x1641C, 0x1400, 2.11, a729987aed0319e1f1d093dddcbc2807
.rsrc, 0x50000, 0x5A198, 0x5A200, 5.62, 142e91769e1ff25748a06aad379b2522
.reloc, 0xAB000, 0x2E4C, 0x3000, 6.72, 9802166a05730c3e44e242e7ae821c9c

[[ 10 import(s) ]]
msvcrt.dll: malloc, _vsnwprintf, memset, _wtoi, _except_handler4_common, _adjust_fdiv, _amsg_exit, _initterm, free, _ftol2_sse, _XcptFilter, memmove, wcstombs, _itow_s, towupper, _wcsnicmp, memcpy
ntdll.dll: WinSqmAddToStream
KERNEL32.dll: GetWindowsDirectoryW, FormatMessageW, GetPrivateProfileIntW, CopyFileW, ExpandEnvironmentStringsW, HeapAlloc, GetSystemDirectoryW, HeapFree, ProcessIdToSessionId, GetCurrentProcessId, InterlockedExchange, GetCurrentThreadId, WritePrivateProfileStringW, WriteFile, LocalFileTimeToFileTime, SystemTimeToFileTime, GetLocalTime, GetProcAddress, InterlockedCompareExchange, LoadLibraryA, Sleep, QueryPerformanceCounter, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, FindFirstFileW, FindNextFileW, FindClose, CreateThread, GetModuleFileNameW, LoadLibraryW, FreeLibraryAndExitThread, LoadLibraryExW, FreeLibrary, GetLongPathNameW, FreeResource, WriteProfileStringW, lstrcmpW, GetPrivateProfileStringW, GetSystemDefaultLCID, GetUserDefaultLCID, GetSystemDefaultUILanguage, GetLocaleInfoW, CreateFileW, ReadFile, SetFilePointer, MultiByteToWideChar, CreateProcessW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DisableThreadLibraryCalls, DeleteCriticalSection, DeleteFileW, GlobalMemoryStatus, GetProductInfo, GlobalAlloc, CreateEventW, GetCurrentProcess, DuplicateHandle, WaitForSingleObject, IsDebuggerPresent, SetEvent, CloseHandle, LocalAlloc, GetLastError, GetUserDefaultUILanguage, GetTickCount, LocalFree, lstrcmpiW, InterlockedDecrement, InterlockedIncrement, lstrlenW, MulDiv, UnmapViewOfFile, GetFileSize, MapViewOfFile, CreateFileMappingW, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, GetModuleHandleW, DelayLoadFailureHook, GetProcessHeap
ADVAPI32.dll: CryptHashData, RegSetValueExW, CryptVerifySignatureW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegCopyTreeW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegEnumKeyW, RegQueryInfoKeyW, RegSetValueW, RegEnumValueW, CryptImportKey, CryptDestroyKey, CryptDestroyHash, CryptReleaseContext, CryptAcquireContextW, CryptCreateHash, RegCloseKey
GDI32.dll: IntersectClipRect, SetStretchBltMode, StretchBlt, SelectClipRgn, GetLayout, GdiTransparentBlt, GetDIBColorTable, CreateBitmap, SaveDC, GetTextColor, SetBkColor, RestoreDC, CreateCompatibleBitmap, SetLayout, TranslateCharsetInfo, TextOutW, CreateHalftonePalette, CreateDIBSection, CreateCompatibleDC, BitBlt, SetBkMode, SetTextColor, DeleteDC, CreateSolidBrush, GetObjectW, GetTextMetricsW, EnumFontFamiliesExW, GetTextExtentPoint32W, GetDeviceCaps, GetPaletteEntries, CreatePalette, DeleteObject, CreateFontIndirectW, SetPaletteEntries, GetStockObject, GetNearestColor, SelectPalette, RealizePalette, SelectObject, PatBlt, GetTextExtentPointW, SetTextAlign, GetNearestPaletteIndex, CreatePatternBrush, SetMagicColors, ExtFloodFill, GetPixel, PathToRegion, StrokePath, CreatePen, EndPath, ExtTextOutW, EnumFontFamiliesW, BeginPath
USER32.dll: CharUpperBuffW, CharLowerW, IsCharUpperW, CharNextW, DrawIconEx, EnumChildWindows, LoadIconW, UnionRect, AlignRects, SetCursorPos, GetCursorPos, SetWindowRgn, GetAsyncKeyState, GetMessagePos, GetDlgItemInt, GetDoubleClickTime, IntersectRect, GetKeyState, BringWindowToTop, SetMenuDefaultItem, IsWindowEnabled, CheckMenuItem, TrackPopupMenu, GetSubMenu, IsRectEmpty, SystemParametersInfoA, PostThreadMessageW, EnumDisplaySettingsExW, GetMessageTime, SendMessageTimeoutW, EndTask, CallWindowProcW, RedrawWindow, GetFocus, MessageBoxW, SendNotifyMessageW, LoadBitmapW, IsWindow, SetRect, DrawIcon, SetSysColorsTemp, DrawCaptionTempW, DrawFrameControl, GetDesktopWindow, DrawMenuBarTemp, DestroyIcon, DestroyMenu, LoadMenuW, EnableMenuItem, PtInRect, WaitForInputIdle, GetClassInfoW, RegisterClassW, GetDlgCtrlID, GetCapture, SetRectEmpty, ChangeDisplaySettingsW, EnumDisplayDevicesW, ChangeDisplaySettingsExW, RegisterClipboardFormatW, SetWindowTextW, RegisterClassExW, BeginPaint, EndPaint, PostQuitMessage, GetMessageW, LoadImageW, SetForegroundWindow, SetTimer, KillTimer, ValidateRect, FillRect, MonitorFromPoint, OffsetRect, DrawTextW, UnregisterClassW, SetFocus, ShowCursor, ReleaseCapture, SetCapture, ShowWindow, GetWindowRect, GetDlgItemTextW, MoveWindow, DrawTextExW, SetWindowPos, AdjustWindowRect, MonitorFromRect, GetMonitorInfoW, ChildWindowFromPoint, IsWindowVisible, DrawEdge, LoadCursorW, SystemParametersInfoW, MapWindowPoints, DestroyWindow, GetSysColor, SetSysColors, MsgWaitForMultipleObjects, PeekMessageW, TranslateMessage, DispatchMessageW, GetParent, PostMessageW, GetWindowLongW, DefWindowProcW, EndDialog, IsDlgButtonChecked, GetWindowTextW, GetClientRect, LoadStringW, GetWindow, SetDlgItemTextW, SetDlgItemInt, InvalidateRect, UpdateWindow, SendDlgItemMessageW, CheckDlgButton, EnableWindow, GetDC, ReleaseDC, InflateRect, GetSystemMetrics, GetSysColorBrush, FrameRect, SetWindowLongW, GetDlgItem, SendMessageW, CreateWindowExW, DialogBoxParamW, SetCursor
Secur32.dll: GetUserNameExW
SHLWAPI.dll: -, -, PathUnExpandEnvStringsW, -, StrCmpNIW, -, -, -, -, -, -, PathRemoveExtensionW, PathIsRelativeW, -, -, PathIsFileSpecW, PathRemoveBlanksW, -, SHRegGetPathW, PathFindExtensionW, PathRemoveFileSpecW, -, -, StrDupW, StrCmpNW, StrChrW, PathQuoteSpacesW, -, -, SHRegSetUSValueW, SHRegSetPathW, -, -, PathParseIconLocationW, SHStrDupW, SHGetValueW, SHDeleteValueW, StrToIntExW, StrStrW, SHSetValueW, PathFindFileNameW, -, -, StrRChrW, StrStrIW, -, -, PathFileExistsW, -, -, -, -, -, SHDeleteKeyW, -, PathCommonPrefixW, -, -, StrCmpIW, StrCmpW, -, -, PathAppendW, -, -, -, StrToIntW, -
SHELL32.dll: SHFileOperationW, SHGetFolderPathW, -, -, ShellExecuteExW, -, -, -, ExtractIconExW, -, ExtractIconW, -, -, -, ShellExecuteW, SHGetSpecialFolderPathW, SHGetFolderPathEx, SHCreateDirectoryExW
slc.dll: SLGetWindowsInformationDWORD

[[ 3 export(s) ]]
DllCanUnloadNow, DllGetClassObject, DllInstall

_______________________

File name: unregmp2.exe
Submission date: 2010-09-06 13:14:48 (UTC)
Current status: queued (#2) queued (#2) analysing finished


Result: 0/ 43 (0.0%)


Antivirus Version Last Update Result
AhnLab-V3 2010.09.05.00 2010.09.04 -
AntiVir 8.2.4.50 2010.09.06 -
Antiy-AVL 2.0.3.7 2010.09.03 -
Authentium 5.2.0.5 2010.09.06 -
Avast 4.8.1351.0 2010.09.06 -
Avast5 5.0.594.0 2010.09.06 -
AVG 9.0.0.851 2010.09.06 -
BitDefender 7.2 2010.09.06 -
CAT-QuickHeal 11.00 2010.09.06 -
ClamAV 0.96.2.0-git 2010.09.06 -
Comodo 5988 2010.09.06 -
DrWeb 5.0.2.03300 2010.09.06 -
Emsisoft 5.0.0.37 2010.09.06 -
eSafe 7.0.17.0 2010.09.05 -
eTrust-Vet 36.1.7838 2010.09.06 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.06 -
Fortinet 4.1.143.0 2010.09.05 -
GData 21 2010.09.06 -
Ikarus T3.1.1.88.0 2010.09.06 -
Jiangmin 13.0.900 2010.09.06 -
K7AntiVirus 9.63.2442 2010.09.04 -
Kaspersky 7.0.0.125 2010.09.06 -
McAfee 5.400.0.1158 2010.09.06 -
McAfee-GW-Edition 2010.1B 2010.09.06 -
Microsoft 1.6103 2010.09.06 -
NOD32 5427 2010.09.06 -
Norman 6.05.11 2010.09.06 -
nProtect 2010-09-06.01 2010.09.06 -
Panda 10.0.2.7 2010.09.05 -
PCTools 7.0.3.5 2010.09.06 -
Prevx 3.0 2010.09.06 -
Rising 22.64.00.04 2010.09.06 -
Sophos 4.57.0 2010.09.06 -
Sunbelt 6838 2010.09.06 -
SUPERAntiSpyware 4.40.0.1006 2010.09.06 -
Symantec 20101.1.1.7 2010.09.06 -
TheHacker 6.5.2.1.364 2010.09.05 -
TrendMicro 9.120.0.1004 2010.09.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.06 -
VBA32 3.12.14.0 2010.09.06 -
ViRobot 2010.9.6.4028 2010.09.06 -
VirusBuster 12.64.18.1 2010.09.05 -
Additional informationShow all
MD5 : 5723ccbd541e553b6ca337a296da979f
SHA1 : ce08fd0ee3d573b2fcee96c867f2bd4c793130db
SHA256: 33e24b0d43a14e6de4db1095ad17e4722effb24068b71067fb3b196096f2b000
ssdeep: 6144:B8DcKRGmei+phmPLrQuYdCVGAjMaGJlh:W3+pcus4a8lh
File size : 310784 bytes
First seen: 2009-03-03 14:31:21
Last seen : 2010-09-06 13:14:48
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Microsoft Windows Media Player Setup Utility
original name: unregmp2.exe
internal name: unregmp2.exe
file version.: 11.0.6001.7000 (longhorn_rtm.080118-1840)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x32F88
timedatestamp....: 0x47919359 (Sat Jan 19 06:06:17 2008)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x456EA, 0x45800, 5.34, bbe85da7894442b97f05dc3205e7ab38
.data, 0x47000, 0x3208, 0x1200, 3.29, aa38c71ac6584c17fd5ecbe8451154ff
.rsrc, 0x4B000, 0xBE0, 0xC00, 4.32, 633ab00ee3341334b98a9731649f51d9
.reloc, 0x4C000, 0x42E6, 0x4400, 6.08, 8243de2b47474d58f6649e88734beab0

[[ 10 import(s) ]]
ADVAPI32.dll: RegDeleteKeyW, RegCloseKey, RegDeleteValueW, RegEnumValueW, RegSetValueExW, RegCreateKeyExW, SetNamedSecurityInfoW, GetSecurityDescriptorControl, GetSecurityDescriptorDacl, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegQueryValueExW, RegOpenKeyExW, RegEnumKeyExW, CloseServiceHandle, ControlService, QueryServiceStatus, ChangeServiceConfigW, QueryServiceConfigW, OpenServiceW, OpenSCManagerW, RegEnumKeyW, RegQueryValueExA, RegOpenKeyExA, RegQueryInfoKeyW
KERNEL32.dll: GetSystemTimeAsFileTime, SetFileAttributesW, CreateHardLinkW, FindClose, FindFirstFileW, ExpandEnvironmentStringsW, GetTickCount, WriteFile, SizeofResource, CreateFileW, LoadResource, FindResourceW, Wow64RevertWow64FsRedirection, Wow64DisableWow64FsRedirection, RegisterApplicationRestart, HeapSetInformation, Sleep, GetShortPathNameW, lstrcmpW, FindFirstFileExW, FindNextFileW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetSystemWindowsDirectoryW, lstrlenW, CloseHandle, FileTimeToSystemTime, CreateFileA, GetFileSize, GetTempPathA, SetFilePointer, GetLocalTime, GetLongPathNameW, WritePrivateProfileStringW, GetPrivateProfileStringW, GetProfileStringW, WriteProfileStringW, GetTempPathW, GetModuleFileNameW, GetWindowsDirectoryA, CreateDirectoryA, LoadLibraryExW, CopyFileW, GetSystemDefaultLangID, GetFileTime, GetTimeZoneInformation, GetVersionExA, GetVersionExW, GetFileAttributesA, LoadLibraryW, GetProcAddress, FreeLibrary, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetCurrentProcessId, LocalFree, SetLastError, DeleteFileW, LCIDToLocaleName, GetUserDefaultLCID, RaiseException, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, InterlockedCompareExchange, InterlockedExchange, GetFileAttributesW, GetWindowsDirectoryW, GetSystemDirectoryW, MoveFileW, GetLastError, MoveFileExW, RemoveDirectoryW, CreateDirectoryW
USER32.dll: LoadStringW, CharNextA
msvcrt.dll: _unlock, _controlfp, _except_handler4_common, _terminate@@YAXXZ, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _onexit, exit, _ismbblead, _XcptFilter, _exit, __dllonexit, __getmainargs, free, _wtol, mbstowcs, ___U@YAPAXI@Z, ___V@YAXPAX@Z, memset, wcschr, _wcslwr, wcsstr, wcsrchr, _wcsicmp, _wcsnicmp, _vsnwprintf, _acmdln, _cexit, _lock, _vsnprintf, swscanf, _wtoi, _itow, malloc, memcpy, _wcsupr, iswalnum, iswalpha
ole32.dll: OleInitialize, OleUninitialize, CoInitialize, CoCreateInstance, CoUninitialize, CoCreateGuid, StringFromGUID2
OLEAUT32.dll: -, -, -, -, -
VERSION.dll: GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
SHELL32.dll: SHGetMalloc, SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHGetFolderPathW, SHSetLocalizedName, ShellExecuteW, SHChangeNotify, SHCreateItemFromParsingName, SHGetSpecialFolderPathW, SHGetPathFromIDListA
SHLWAPI.dll: PathAppendW, PathIsDirectoryW, PathRemoveBlanksW, PathAddBackslashW, PathRemoveFileSpecW, PathAddBackslashA
WMDRMSDK.DLL: WMDRMCreateProvider

________________________

File name: ie4uinit.exe
Submission date: 2010-09-06 13:17:28 (UTC)
Current status: queued (#11) queued analysing finished


Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2010.09.05.00 2010.09.04 -
AntiVir 8.2.4.50 2010.09.06 -
Antiy-AVL 2.0.3.7 2010.09.03 -
Authentium 5.2.0.5 2010.09.06 -
Avast 4.8.1351.0 2010.09.06 -
Avast5 5.0.594.0 2010.09.06 -
AVG 9.0.0.851 2010.09.05 -
BitDefender 7.2 2010.09.06 -
CAT-QuickHeal 11.00 2010.09.06 -
ClamAV 0.96.2.0-git 2010.09.06 -
Comodo 5986 2010.09.06 -
DrWeb 5.0.2.03300 2010.09.06 -
Emsisoft 5.0.0.37 2010.09.06 -
eSafe 7.0.17.0 2010.09.05 -
eTrust-Vet 36.1.7838 2010.09.06 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.06 -
Fortinet 4.1.143.0 2010.09.05 -
GData 21 2010.09.06 -
Ikarus T3.1.1.88.0 2010.09.06 -
Jiangmin 13.0.900 2010.09.06 -
K7AntiVirus 9.63.2442 2010.09.04 -
Kaspersky 7.0.0.125 2010.09.06 -
McAfee 5.400.0.1158 2010.09.06 -
McAfee-GW-Edition 2010.1B 2010.09.06 -
Microsoft 1.6103 2010.09.06 -
NOD32 5425 2010.09.05 -
Norman 6.05.11 2010.09.05 -
nProtect 2010-09-06.01 2010.09.06 -
Panda 10.0.2.7 2010.09.05 -
PCTools 7.0.3.5 2010.09.06 -
Prevx 3.0 2010.09.06 -
Rising 22.64.00.04 2010.09.06 -
Sophos 4.57.0 2010.09.06 -
Sunbelt 6837 2010.09.06 -
SUPERAntiSpyware 4.40.0.1006 2010.09.06 -
Symantec 20101.1.1.7 2010.09.06 -
TheHacker 6.5.2.1.364 2010.09.05 -
TrendMicro 9.120.0.1004 2010.09.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.06 -
VBA32 3.12.14.0 2010.09.03 -
ViRobot 2010.8.31.4017 2010.09.06 -
VirusBuster 12.64.18.1 2010.09.05 -
Additional informationShow all
MD5 : 5ff72eb4ecc3a9885c982fbe8d742101
SHA1 : e55a6af23c74ef2a89d0d9a101b753f9b600ad94
SHA256: 8c7cd260d1479bbcac67710e4a7a900a397126f2e19328ee48f7cc018536f2da
ssdeep: 3072:VQJhIW0oyuPuNK5zc0Ik/UdA03XREsD3knUf2A1v0voPcTlVn8i/4HiyenFmE0k3:mDInj
NK5zcO/U2yRD0M2YcAc/gHw
File size : 173056 bytes
First seen: 2009-10-13 19:38:33
Last seen : 2010-09-06 13:17:28
TrID:
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Windows_ Internet Explorer
description..: IE Per-User Initialization Utility
original name: IE4UINIT.EXE
internal name: IE4UINIT
file version.: 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x2332E
timedatestamp....: 0x4A96009C (Thu Aug 27 03:42:20 2009)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x25506, 0x25600, 7.33, 165990d687bb83f0f9cf8a6219858e15
.data, 0x27000, 0x70C, 0x400, 6.23, 015ba5ea2708b65f0d1c5c0b371d8c52
.rsrc, 0x28000, 0x830, 0xA00, 3.82, dfe95c8a6b3a5539eed0e30b27089a11
.reloc, 0x29000, 0x3ABC, 0x3C00, 5.88, 3d4f91f2a015b41851d504cf23f16785

[[ 12 import(s) ]]
ADVAPI32.dll: RegCloseKey, RegSetValueExW, RegQueryValueExW, RegCreateKeyExW, RegEnumValueW, RegOpenKeyExW, RegSetValueW, RegDeleteKeyW
KERNEL32.dll: GetProcAddress, LoadLibraryW, lstrlenW, GetLastError, GetEnvironmentVariableW, GetVersion, GetModuleHandleW, SetErrorMode, SetFileAttributesW, GetFileAttributesW, DeleteFileW, FindClose, FindNextFileW, FindFirstFileW, SetCurrentDirectoryW, GetCurrentDirectoryW, lstrcmpW, FindFirstFileExW, GetShortPathNameW, GetSystemDefaultUILanguage, CreateDirectoryW, LocalFree, LocalAlloc, CloseHandle, CreateFileW, GetTickCount, Sleep, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetPrivateProfileStringW, GetNativeSystemInfo, SetLastError, LoadResource, FindResourceExW, FreeLibrary, GetSystemDirectoryW, GetVersionExW, GetModuleFileNameW, LoadLibraryExW, MapViewOfFile, CreateFileMappingW, GetLocaleInfoW, GetModuleHandleA, UnmapViewOfFile, GetUserDefaultUILanguage, FindResourceW, SearchPathW, SetUnhandledExceptionFilter, RtlUnwind, GetStartupInfoW, InterlockedCompareExchange, InterlockedExchange
USER32.dll: MessageBoxW, LoadStringW, PostMessageW, GetMenuItemInfoW, GetMenuItemCount, DestroyMenu, CreatePopupMenu, SendInput, GetCursorPos, SystemParametersInfoW, PostQuitMessage, SetWinEventHook, KillTimer, DispatchMessageW, GetMessageW, SetTimer, UnhookWinEvent, BlockInput
msvcrt.dll: memcpy, _vsnwprintf, memset, __3@YAXPAX@Z, __2@YAPAXI@Z, _time64, _controlfp, _terminate@@YAXXZ, __set_app_type, __p__fmode, __p__commode, wcsncmp, _wcsicmp, _wcsnicmp, bsearch, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _wcmdln, exit, _XcptFilter, _exit, _cexit, __wgetmainargs
SHELL32.dll: -, SHChangeNotify, SHGetSpecialFolderLocation, -, SHGetDesktopFolder, -, SHGetSpecialFolderPathW, SHBindToParent, SHParseDisplayName, SHSetLocalizedName, -
ole32.dll: OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance, CoUninitialize, CoInitializeEx
ADVPACK.dll: RunSetupCommandW, ExecuteCabW, RegRestoreAllW
VERSION.dll: GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
SHLWAPI.dll: SHRegGetValueW, StrCmpIW, SHDeleteKeyW, -, PathAddExtensionW, PathRemoveBlanksW, SHDeleteValueW, SHSetValueW, PathAppendW, PathRemoveFileSpecW, SHCopyKeyW, StrCmpNIW, PathFileExistsW, PathCombineW, PathAddBackslashW, -, -, StrStrIW, SHRegSetUSValueW, SHGetValueW, PathRemoveExtensionW
iertutil.dll: -, -, -, -
OLEACC.dll: AccessibleObjectFromEvent
OLEAUT32.dll: -, -

______________________

File name: iedkcs32.dll
Submission date: 2010-09-06 13:19:45 (UTC)
Current status: queued queued analysing finished


Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2010.09.05.00 2010.09.04 -
AntiVir 8.2.4.50 2010.09.06 -
Antiy-AVL 2.0.3.7 2010.09.03 -
Authentium 5.2.0.5 2010.09.06 -
Avast 4.8.1351.0 2010.09.06 -
Avast5 5.0.594.0 2010.09.06 -
AVG 9.0.0.851 2010.09.06 -
BitDefender 7.2 2010.09.06 -
CAT-QuickHeal 11.00 2010.09.06 -
ClamAV 0.96.2.0-git 2010.09.06 -
Comodo 5988 2010.09.06 -
DrWeb 5.0.2.03300 2010.09.06 -
Emsisoft 5.0.0.37 2010.09.06 -
eSafe 7.0.17.0 2010.09.05 -
eTrust-Vet 36.1.7838 2010.09.06 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.06 -
Fortinet 4.1.143.0 2010.09.05 -
GData 21 2010.09.06 -
Ikarus T3.1.1.88.0 2010.09.06 -
Jiangmin 13.0.900 2010.09.06 -
K7AntiVirus 9.63.2442 2010.09.04 -
Kaspersky 7.0.0.125 2010.09.06 -
McAfee 5.400.0.1158 2010.09.06 -
McAfee-GW-Edition 2010.1B 2010.09.06 -
Microsoft 1.6103 2010.09.06 -
NOD32 5427 2010.09.06 -
Norman 6.05.11 2010.09.06 -
nProtect 2010-09-06.01 2010.09.06 -
Panda 10.0.2.7 2010.09.06 -
PCTools 7.0.3.5 2010.09.06 -
Prevx 3.0 2010.09.06 -
Rising 22.64.00.04 2010.09.06 -
Sophos 4.57.0 2010.09.06 -
Sunbelt 6838 2010.09.06 -
SUPERAntiSpyware 4.40.0.1006 2010.09.06 -
Symantec 20101.1.1.7 2010.09.06 -
TheHacker 6.5.2.1.364 2010.09.05 -
TrendMicro 9.120.0.1004 2010.09.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.06 -
VBA32 3.12.14.0 2010.09.06 -
ViRobot 2010.9.6.4028 2010.09.06 -
VirusBuster 12.64.18.1 2010.09.05 -
Additional informationShow all
MD5 : 04740b2674001376e359ac24a8469ca5
SHA1 : 697a71185abc6cd7f09a73b0bc227613960ce5e8
SHA256: c2156f1f79c3e12857ac7f2ef16705ff0be0839084791965b5438e9f99930d56
ssdeep: 6144:rxWAL4Kuwxvpg8jVB3Z5qGTIEEPygSTMj88apBmi/pnOv:rxf4wVPZILgxlV
File size : 387584 bytes
First seen: 2009-10-16 20:27:44
Last seen : 2010-09-06 13:19:45
TrID:
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Windows_ Internet Explorer
description..: IEAK branding
original name: iedkcs32.dll
internal name: iedkcs32.dll
file version.: 18.00.6001.18828 (longhorn_ie8_gdr.090826-1700)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x160E
timedatestamp....: 0x4A961715 (Thu Aug 27 05:18:13 2009)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x5483D, 0x54A00, 6.12, e3329734c1997ae5ab4acb00a8612c58
.data, 0x56000, 0x5CF8, 0x5600, 0.65, 4c8040f2bbcecc6dd4c00e9ed5edf945
.rsrc, 0x5C000, 0x510, 0x600, 2.97, 22aa3e7bfac3fdee4aa28a8d22d6a091
.reloc, 0x5D000, 0x3EA8, 0x4000, 6.74, b9b0fa10df42f3f29e3dacde0b553735

[[ 14 import(s) ]]
msvcrt.dll: _wcsicmp, bsearch, wcsncmp, _vsnwprintf, ferror, __badioinfo, __pioinfo, _fileno, _lseeki64, _vsnprintf, _wtoi, memset, _write, iswalpha, ___U@YAPAXI@Z, ___V@YAXPAX@Z, _snprintf, _iob, isleadbyte, __mb_cur_max, mbtowc, __1type_info@@UAE@XZ, memmove, _onexit, _lock, __dllonexit, _unlock, _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, _errno, _isatty, _itoa, toupper, malloc, free, _CxxThrowException, __3@YAXPAX@Z, __2@YAPAXI@Z, memcpy, _wcsnicmp, wcschr
ATL.DLL: -
iertutil.dll: -, ImpersonateUser, RevertImpersonate, -, -, -, -, -
urlmon.dll: -
KERNEL32.dll: MoveFileW, EnumUILanguagesW, DecodePointer, GetPrivateProfileStringA, GetPrivateProfileSectionW, OutputDebugStringW, OpenEventW, GetModuleHandleW, SearchPathW, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, UnmapViewOfFile, GetLocaleInfoW, CreateFileMappingW, GetPrivateProfileIntW, HeapFree, GetModuleFileNameW, GetVersionExW, GetProcessHeap, MultiByteToWideChar, WideCharToMultiByte, CompareStringA, FreeLibrary, LocalFree, GetProcAddress, GetLastError, LoadLibraryW, GetTickCount, lstrlenW, SetFileAttributesW, CreateDirectoryW, CloseHandle, ResumeThread, lstrlenA, TerminateProcess, SetFilePointer, CreateFileW, CopyFileW, DeleteFileW, GetWindowsDirectoryW, WritePrivateProfileStringW, GetExitCodeThread, CreateThread, GetFileAttributesW, WaitForSingleObject, MoveFileExW, CompareStringW, GlobalFree, GetPrivateProfileStringW, GetSystemInfo, LocalAlloc, RemoveDirectoryW, GetFileSize, LocalReAlloc, lstrcmpiA, ReadFile, GetVersion, GetSystemDirectoryW, FlushFileBuffers, WriteFile, GetCurrentProcess, GetCurrentProcessId, GetVersionExA, HeapAlloc, IsDBCSLeadByte, GetLocalTime, InterlockedDecrement, SetLastError, FileTimeToSystemTime, ExpandEnvironmentStringsW, FindClose, FindNextFileW, GetFileAttributesExW, FindFirstFileW, lstrcmpW, InterlockedCompareExchange, LoadLibraryA, InterlockedExchange, Sleep, OutputDebugStringA, RtlUnwind, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, UnhandledExceptionFilter, SetUnhandledExceptionFilter, MapViewOfFile, FindResourceExW, LoadLibraryExW, FindResourceW, SizeofResource, LoadResource, LockResource, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, DelayLoadFailureHook, DisableThreadLibraryCalls, GetComputerNameW
USER32.dll: GetSystemMetrics, CharLowerW, LoadCursorW, SetCursor, DialogBoxParamW, DestroyIcon, SetTimer, GetMessageW, KillTimer, EndDialog, GetTopWindow, GetClassNameA, PostMessageW, SendDlgItemMessageW, LoadImageW, LoadStringW, PeekMessageW, DispatchMessageW, TranslateMessage, MsgWaitForMultipleObjects, GetDesktopWindow, CharNextW, SendMessageTimeoutW, GetWindow
ADVAPI32.dll: RegCloseKey, RegOpenKeyExW, GetLengthSid, CopySid, RegOpenKeyExA, RegQueryValueExA, FreeSid, AllocateAndInitializeSid, RegEnumKeyW, ConvertStringSidToSidW, RegEnumValueW, RegCreateKeyExW, InitializeSecurityDescriptor, SetSecurityDescriptorOwner, SetFileSecurityW, OpenSCManagerW, EnumServicesStatusExW, CloseServiceHandle, OpenProcessToken, GetTokenInformation, LookupPrivilegeValueW, LookupPrivilegeNameW, AdjustTokenPrivileges, RegSaveKeyW, RegQueryInfoKeyW, RegEnumKeyExW, ImpersonateLoggedOnUser, RevertToSelf, CreateProcessAsUserW, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, DuplicateTokenEx
SHLWAPI.dll: -, StrToIntExW, SHDeleteKeyW, PathFileExistsW, PathAppendW, PathRenameExtensionW, PathIsFileSpecW, SHDeleteValueW, ChrCmpIA, StrCmpW, SHGetValueW, SHSetValueW, StrCmpNW, StrChrW, StrCmpIW, PathRemoveFileSpecW, PathIsPrefixW, StrCmpNIW, PathFindFileNameW, SHRegGetValueW, PathCombineW, PathFindExtensionW, SHDeleteEmptyKeyW, StrRChrW, PathAddExtensionW, StrTrimW, StrRetToStrW, StrDupW, SHQueryValueExW, StrSpnW, PathRemoveExtensionW, PathIsDirectoryW, PathRemoveBackslashW, PathIsURLW, PathRemoveBlanksW, PathUnquoteSpacesW, StrChrIW, StrStrW, -, -, -, -, -, -, -, PathIsUNCServerW, PathIsRootW, PathSkipRootW, PathFindNextComponentW, PathGetCharTypeW, PathAddBackslashW, PathGetDriveNumberW, StrToIntW, -, StrStrIW
ole32.dll: CreateBindCtx, StringFromGUID2, CoTaskMemAlloc, CoCreateInstance, CoUninitialize, CoInitializeEx, CoTaskMemFree, CoCreateGuid, CoTaskMemRealloc
OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -
SHELL32.dll: SHGetFolderPathAndSubDirW, SHChangeNotify, SHGetDesktopFolder, ShellExecuteExW, SHSetLocalizedName
SETUPAPI.dll: SetupGetBinaryField, SetupOpenInfFileW, SetupGetLineTextW, SetupCloseInfFile, SetupGetIntField, SetupFindNextLine, SetupGetStringFieldW, SetupFindFirstLineW
COMCTL32.dll: -, -, -, -, -
MLANG.dll: -, -

[[ 21 export(s) ]]
BrandCleanInstallStubs, BrandExternal, BrandICW, BrandICW2, BrandIE4, BrandIEActiveSetup, BrandInternetExplorer, BrandIntra, BrandMe, CallInternetInitializeAutoProxyDll, Clear, CloseRASConnections, DllRegisterServer, DllUnregisterServer, GenerateGroupPolicy, InternetInitializeAutoProxyDll, ProcessGroupPolicy, ProcessGroupPolicyEx, ProcessGroupPolicyForActivities, ProcessGroupPolicyForActivitiesEx, ProcessGroupPolicyForZoneMap

Trinity81 06.09.2010 14:42
Liste der Anhänge anzeigen (Anzahl: 1)
Sorry, hab zu spät gelesen dass ich die Online Prüfung nicht mehr hätte machen müssen...

Aber die erste Datei wurde ja als Trojaner identifiert über Virustotal, oder seh ich das falsch?

Hier noch der Screenshot von Prevx:

Anhang 8687


Hab mich eben bei der Bank eingeloggt und es ist nichts passiert...Keine Abfrage von Tans o.ä. Allerdings war mein Zugang auch gesperrt und ich hab nun auf das Chiptan-Verfahren umgestellt, weiß nicht ob es damit zusammenhängt?

Gruß
Trinity

Chris4You 06.09.2010 15:00
Hi,

machen wir die Gegenprobe und probieren es mit laufendem Stand-PC nochmal.

Prüfe online auch die "idump.exe" die von Prevx gefunden wurde und poste das Ergebnis.

So, dann werden wir uns mal die Datei die CF erwischt hat (dpaptugc.dll) noch mal näher ansehen. Das CF-Backup findest Du in C:\Qoobox, packe alles in ein Passwort geschütztes Zip zusammen (Passwort: infected) und dann bitte hochladen.

Packprogramm (falls Du keines hast): IZArc - Download pass bitte bei der Installation auf, man versucht (wie immer) eine Toolbar unterzujubeln... kannste aber abwählen...

Hochladen hier (Fileuplod):
File-Upload.net - Ihr kostenloser File Hoster!, hochladen und den Link (mit Löschlink) als "PrivateMail" an mich...

chris

Trinity81 06.09.2010 16:02
So, idump.exe hab ich geprüft:

File name: iDump.exe
Submission date: 2010-09-06 14:51:58 (UTC)
Current status: queued queued analysing finished


Result: 7/ 43 (16.3%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2010.09.05.00 2010.09.04 -
AntiVir 8.2.4.50 2010.09.06 -
Antiy-AVL 2.0.3.7 2010.09.03 -
Authentium 5.2.0.5 2010.09.06 -
Avast 4.8.1351.0 2010.09.06 -
Avast5 5.0.594.0 2010.09.06 -
AVG 9.0.0.851 2010.09.06 Generic17.JYL
BitDefender 7.2 2010.09.06 -
CAT-QuickHeal 11.00 2010.09.06 (Suspicious) - DNAScan
ClamAV 0.96.2.0-git 2010.09.06 PUA.Packed.PECompact-1
Comodo 5988 2010.09.06 -
DrWeb 5.0.2.03300 2010.09.06 -
Emsisoft 5.0.0.37 2010.09.06 -
eSafe 7.0.17.0 2010.09.05 Suspicious File
eTrust-Vet 36.1.7838 2010.09.06 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.06 -
Fortinet 4.1.143.0 2010.09.05 -
GData 21 2010.09.06 -
Ikarus T3.1.1.88.0 2010.09.06 -
Jiangmin 13.0.900 2010.09.06 Backdoor/VB.fif
K7AntiVirus 9.63.2442 2010.09.04 -
Kaspersky 7.0.0.125 2010.09.06 -
McAfee 5.400.0.1158 2010.09.06 -
McAfee-GW-Edition 2010.1B 2010.09.06 Heuristic.LooksLike.Win32.Suspicious.C!83
Microsoft 1.6103 2010.09.06 -
NOD32 5427 2010.09.06 -
Norman 6.05.11 2010.09.06 -
nProtect 2010-09-06.01 2010.09.06 -
Panda 10.0.2.7 2010.09.06 -
PCTools 7.0.3.5 2010.09.06 -
Prevx 3.0 2010.09.06 Medium Risk Malware
Rising 22.64.00.04 2010.09.06 -
Sophos 4.57.0 2010.09.06 -
Sunbelt 6838 2010.09.06 -
SUPERAntiSpyware 4.40.0.1006 2010.09.06 -
Symantec 20101.1.1.7 2010.09.06 -
TheHacker 6.5.2.1.364 2010.09.05 -
TrendMicro 9.120.0.1004 2010.09.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.06 -
VBA32 3.12.14.0 2010.09.06 -
ViRobot 2010.9.6.4028 2010.09.06 -
VirusBuster 12.64.19.0 2010.09.06 -
Additional informationShow all
MD5 : 077a5e1879b86c5ccc86ecf37d442e60
SHA1 : 2e1d159217f8dbfdd53ca1a2fed2525c4a19b118
SHA256: 47691f828c29375e9a214607be226f6380faed71744dcd4f71670d1548c1b224
ssdeep: 3072:aVGJuRtFSM2p1wQ3gcs+4sZoy9pLCxdGgVmUaKuQ1XoPxQ2nmdtsPuyVZk4Mtpi9:aAeZO
19xcsZoy9oGgLbxeBktsGyvCto
File size : 225280 bytes
First seen: 2008-02-18 09:43:52
Last seen : 2010-09-06 14:51:58
TrID:
Win32 EXE PECompact compressed (v2.x) (52.1%)
Win32 EXE PECompact compressed (generic) (36.7%)
Win32 Executable Generic (7.5%)
Generic Win/DOS Executable (1.7%)
DOS Executable Generic (1.7%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: iDump
description..: n/a
original name: iDump.exe
internal name: iDump
file version.: 1.00.0027
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD: PECompact 2.xx --> BitSum Technologies
packers (F-Prot): PecBundle, PECompact
packers (Kaspersky): PE_Patch.PECompact, PecBundle, PECompact
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x42DC
timedatestamp....: 0x47770362 (Sun Dec 30 02:33:06 2007)
machinetype......: 0x14c (I386)

[[ 2 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xB5000, 0x35400, 7.91, 37ae7d963dc3af9c3f6354507f806d26
.rsrc, 0xB6000, 0x2000, 0x1A00, 5.40, 923379cf9ae5d21cdaf9b93c442024ca

[[ 1 import(s) ]]
kernel32.dll: LoadLibraryA, GetProcAddress, VirtualAlloc, VirtualFree


Die Datei schick ich dir gleich per Mail.

Auch wenn der normale PC an ist, passiert beim Online Banking nichts. Und auch wenn ich den normalen PC zum Einloggen nehme, geht es ohne Probleme.

Danke schonmal für deine Unterstützung und Hilfe!

Gruß Trinity81


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:15 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131